What could be better than hacking on the holidays, legally! Not much if you're an aspiring cyber security junkie. SANS's Holiday Hack Challenge is a newer tradition in the hacker circles where we get to learn, play, and practice our trade in a safe, legal, and entertaining way. SANS is known for quality cyber security training, academic work, certifications (GIAC, etc.), and much more. Led by an instructor of penetration testing and hacker extraordinaire Ed Skoudis and a team of dedicated writers, administrators, and skilled technicians, they create a holiday themed story line, websites, twitter accounts, custom games, and systems all for our learning entertainment. They also give out prizes to categories of participants, so get in there!
A few years ago working in a Security Operations role, a good friend of mine, Jevan, asked me if I was doing the Holiday Hack Challenge. I had no idea what it was but I watched him play it during his free time, and I was intrigued and intimidated. Fear, kept me from participating in 2015/2016, in what has become a truly enjoyable sport of hacking and Linux administration in 2017. This year I took the plunged, registered, logged in, and began practicing. Despite my rusty penetration testing skills (after sloughing through thousands of pages of cyber security policy, performing incident response and log management, and reviewing code for bugs over the last few years) I've made pretty decent progress in this years challenge. Fortunately, there is plenty of help as these are not supposed to be impossible, they're learning experiences. The creators and other fellow participants won't outright give you the solution (frowny face on that), but they are more than willing to nudge, bump, and prod you toward a blog, website, or other resource where you can learn how to solve a particular challenge. I would not recommend you dive into this if you have beginner level system administration or Linux skills, although with enough reading and practice you also can still learn something new. Lucky for me, there are dozens of hints (in the game, game chat, Twitter, Instagram, and on SANS blogs from the team who created the challenge). So whether you're kinda new to the cyber security realm, or you're trying to polish your skills, or you just want to teach new people by sharing your process in a blog (after the challenge ends, of course), then come join this years SANS's Holiday Hack Challenge! Again you can find the challenge here: https://holidayhackchallenge.com/2017/ and happy hacking! Also, thank you to the SANS team and SANS for their dedication and resources they provide to the hacking community to improve our security posture. Keep up the good work!
0 Comments
Contrary to popular belief, Grandma is pretty savvy when it comes to cybersecurity; afterall, she has had to put up with Grandpa's antics her whole life. There are a few headlines stating Baby Boomers are more savvy than millennials in this area, but I'm not sure that has anything to do with cybersecurity. In reality, cybersecurity mirrors personal security, and personal safety. Does Grandma typically share her personal information? No, she's probably learned that lesson somewhere over the years. Does she jump on every "too good to be true" bargain (Nigerian Prince scams) she finds in an email? Nope, she's learned that lesson too. So what makes Grandma a perfect case study for cybersecurity?
Well, we love Grandma, and she doesn't get a lot of credit in this area, but Grandmas are special ladies and they can teach us a lot. They glue the family together, and communicate well (I'm generalizing here), and they willingly share life lessons in a compassionate way. Yet all these "new fangled" complex words in the computer world don't match up 1:1 so we can easily apply the lessons to cyber-land. Here are six "lessons" from Grandma, translated into cybersecurity terminology to help us understand WTH (What The Heck) it means today.
|
AuthorI am a Doctoral Scholar at Colorado Technical University and a graduate of the Cyber Security Operations and Leadership program from the University of San Diego. I work in cybersecurity, and have accumulated twenty years in the IT industry. There are few IT roles I have not performed, which gives me great insights into making sense of all the IT confusion. Archives
February 2022
Categories
All
|