“I am coaching and helping organizations to improve their security posture and cyber resilience.”
Why did plague doctors wear those strange beaked masks? In the 17th century, people believed these outfits could purify poisonous air. They were wrong. “[…] physicians believed that the plague spread through poisoned air that could create an imbalance in a person’s humors, or bodily fluids. Sweet and pungent perfumes were thought to be able […]
Read More SECURITY HYGIENE DONE CORRECTLYWhen a building is to be constructed, the strength of the components used for the construction is calculated before the actual and practical building phase takes place. The material used, for example, for the fundament, beams, floors, walls etcetera of the building is not something that is thrown in without contemplation or calculation. The same […]
Read More THREAT MODELING MADE SIMPLE“To know your enemy, you must become your enemy.”. Sunz Tzu, The Art of War If you want to learn and get a deeper knowledge of how attacks are conducted from a more technical point of view from an adversarial perspective, I recommend you learn ethical hacking. There is definitely an added value for security […]
Read More WHO SHOULD LEARN ETHICAL HACKING?Threats are those things that we can not control. What I mean by this is that threats, when it comes to security, are mainly driven (when there is a human behind the actions) by motivation and skills/capabilities. To give an analogy on Threats, in traffic example, when you drive a car there are different kinds […]
Read More WHAT IS THREAT MODELING?“CISM, CISA, CRISC. Which one, of these three, is the best ISACA certification?“ I have been asked this one a couple of times since I worked my way through these certifications. And I have also been asked: I would rather switch the question around a bit and look at the subject from a couple of […]
Read More CISM, CISA & CRISC – WHICH CERTIFICATION TO TAKE?In this article, the focus will be on the Monitoring & Reporting phase in the Risk Assessment process. I will go through the phase, Monitoring & Reporting, and the elements within it. If you are new to Risk Management, I recommend you read the article What is Risk Management. If you are interested in the […]
Read More THE RISK MONITORING & REPORTING PHASE EXPLAINEDI know there are different definitions and descriptions out there of what compliance is. This article is not about cutting words or saying my definition is right or others are wrong. The goal of this article is to address the subject, Compliance, from a cloud security governance perspective. Why it is a thing and how […]
Read More CLOUD SECURITY GOVERNANCE – REGULATIONS, COMPLIANCE & SECURITYIn this article, the focus will be on the Risk Treatment & Response phase which is the third phase in the Risk Assessment process. I will go through the phase, Risk Treatment & Response, and the elements within it. If you are new to Risk Management, I recommend you read the article What is Risk […]
Read More THE RISK TREATMENT & RESPONSE PHASE EXPLAINED“If you only knew the power of the Dark Side!” Darth Vader, Star Wars: Episode V – The Empire Strikes Back <MUSIC> duh duh duh DUN DA DUN, DUN DA DUN </MUSIC> What is Ethical hacking, i.e. OffSec, or Offensive Security? It is the power of the Dark Side. The power of understanding and applying […]
Read More THE POWER OF THE DARK SIDE! ETHICAL HACKINGTERMINAL TERMINAL ┌──(kali㉿kali)-[~] nmap -sC -sV -T4 W.X.Y.Z Starting Nmap at XXX-YY-ZZ Nmap scan report (Z.Y.X.W) Host is up, Not shown: 995 filtered ports Reason: 995 no-responses PORT STATE SERVICE22/tcp open ssh 53/tcp open domain80/tcp open http443/tcp open httpsMAC Address: ##:##:##:##:##:## (Nmap done: 1 IP address scanned) ┌──(kali㉿kali)-[~] gobuster dir -u W.X.Y.Z -w /home/kali/small.txt ==================================== […]
Read More GAMING FOR SECURITY ENTHUSIASTS
Henrik Parkkinen 