We started with understanding the difference between information and intelligence. Basically, intelligence is information that has been collected, evaluated and analysed. It needs to be relevant, timely and accessible.
Intelligence can be Operational, Strategic or Tactical.
- Strategic intelligence is useful for longer term planning.
- Operational intelligence is helpful for day to day decisions.
- Tactical intelligence is most useful when immediate action is needed.
We then went on to Principles of Intelligence; The Intelligence Cycle; Intelligence Funnels and Certainty & Probability Models. This was followed with a mixture of labs on RangeForce and Immersive labs.
The day continued with Cyber Threat Intelligence. We looked at Threats vs Vulnerabilities. The threat being what you are trying to stop happening. The vulnerability being the weakness that the threat actors are looking to exploit. After this we moved onto the Threat Landscape. This involved trying to understand the threat actor. What forms they might take: from Script Kiddies and Hacktivists to Insiders (malicious and accidental) onto Criminal gangs and APTs.
Then we looked at various Threat Vectors, so the methods that they might use. This could be direct access from insiders or compromised systems; email or social media (usually in the form of phishing attacks); Wi-Fi (rogue access points); removable media (who doesn’t love a rubber ducky) or even through the cloud or from third party risks.
After this we looked at Sources of Threat Intelligence. I think that the diagram that was used in the lecture sums it up nicely.
Whilst this was only an introduction to Threat Intelligence it was definitely food for thought. The OSINT side of Threat Intelligence was brought into focus when we had our weekly Mentor call on Friday. Ste Watts was this weeks invited guest. Amongst the many things he discussed, one that stood out for me was the Trace Labs Search Party. This is basically an OSINT CTF competition with a purpose. It is used to try and help find missing persons. I am now going through DFIR DIVAs account on her 1st attempt and how she has progressed since then. This also has details of lots of useful resources and training (both free and paid).
The middle of the week we thought was an introduction to the Security Operations Centre. They might want to change the structure of this, as starting off with Regex labs is enough to put most people off of wanting to be a SOC analyst! This then continued with a look at YARA. An overview of the tool and labs on Rule Management, Generation and Writing.
Day 2 of SOC was a look at some of the tools used. We started looking at Security Information and Event Management (SIEM). The discussion started with the different information sources that can be fed into the SIEM. This would obviously depend on the individual location but could include Firewalls; Intrusion Detection/Prevention Systems; Anti-Virus; Endpoint Detection and Response systems; Data Loss/Leak Prevention systems and even applications.
We then had a selection of Splunk labs on RangeForce that took us from the Basics through Input Configuration, setting up Alerts and performing Lookups. Obviously there are many different SIEM tools available but it was interesting to see one in action.
We then concluded with a look at Security Orchestration Automation and Response (SOAR). This is when automated playbooks are added into the mix. We had a couple of labs that gave us a very brief look at Phantom which is a SOAR offering from Splunk.
The week ended with a look at Malware and Reverse Engineering. We started with a discussion on what malware is: code that performs malicious actions. This continued with the different types. Some of the more common ones include: Virus, Worm, Trojan, Adware, Rootkit and Ransomware. The discussion continued with a look at Malware Analysis. This was split down to four methods. Static analysis, where you are not executing the malware. Dynamic or Behavioural analysis where you are executing the malware and monitoring its behaviour. Code analysis where you are actually looking at the malware code (so another form of static analysis). Finally, Memory Analysis where the memory (buffers, RAM etc.) is analysed for forensic traces.
The lecture continued with a look at how to recover from malware and the various steps that should be taken. We then moved onto Malware Analysis labs. These introduced us to Ghidra and the extremely useful Virus Total site. I had used Virus Total before but had never seen Ghidra. It is another tool that I am sure would get easier with practice.
In the afternoon we had a look at Reverse Engineering with the help of Ghidra. I will need to go back over these at some point to help my understanding of the process.
As mentioned earlier, our week ended with our mentor call with Amy Stokes-Waters and Ste Watts. We had quite a few extra faces join the call, so that they could also get to listen to what Ste had to say and take part in the discussion. It was interesting to hear from Ste about how he got into the industry and his career progression. It was also great how he offered his help in either giving us information or pointing us in the direction of someone else who could assist us in our studies and getting into the industry. I have to say that everyone that we have been introduced to in these calls have all been really helpful.
As for the Unlucky for Some title. Well, I won’t be getting the job that I was interviewed for last week. It was useful interview practice and I learnt from the whole experience. I am hoping for feedback on my performance as well, so that will be another plus.Top of page
There are so many different ways that people have decided to try and learn about Cyber Security. The path that I have taken, along with 80 or so others spread out between the full time and part time courses, has been a new route offered by Capslock. This is a very intense course, that is basically a years post grad course condensed into 16 weeks, with 4 other certification exams included as well.
This is our timetable for the full time course:
More details can be found on the Capslock website.
The certifications that we are also studying for are CompTIAs Security+, The Cloud Security Alliance Certificate of Cloud Security Knowledge, the British Computer Society Foundation Certificate in Information Management Principles and an ISO27001 Foundation Certificate for good measure.
As you can see, the topics covered encompass nearly every area that might be needed by anyone entering the Cyber Security profession. In addition to this the vast majority (probably all) are also doing additional study and extra labs in areas that interest them. These include both ImmersiveLabs and RangeForce which have a great selection covering many different areas.
We are at the point now where many are looking for employment. Hopefully to start soon after the course ends. As of writing this, just over 10% of those on the combined full and part time courses have already accepted job offers.
Our study during the course is mainly done in small teams of 4 or 5 people. As this is all online, it demonstrates that we are all more than capable of adapting to today's remote workplace.From my own point of view, based in North Suffolk, I am looking for either a fully or partly remote position. The extra study and labs that I have been doing are mainly to do with cloud, so AWS and Azure related. I have also been learning Python and PowerShell as these are both interesting to me and will be useful in many of the roles that I would like to do.
What was my intention in writing this? I would like to give a brief flavour of what I and the other Capslock students have been doing in the past few months. So if you do receive an application from one if us, you will realise that we could very well be a great fit for your organisation. We might not be experienced, but we have a well rounded knowledge of many different areas of Cyber Security as they relate to your whole business. We are all keen to learn and hopefully you will consider giving us a chance to show just what we can bring to help your business, not only now but also in the future.Top of page
My main reason for signing up for this specific course was that I thought it was my best option to enable me to get a job in Cyber Security. I am at the halfway point and I am happy to say that I feel I have made the right choice.
The course is easily the most intensive study that I have ever done. We are studying a very broad range of subjects that will enable us to enter the workplace with a decent level of knowledge, at least for someone new to the Cyber Security industry. It will also hopefully give us the certifications needed to assist with job applications. The course includes exams for: • Comptia Security+ • Cloud Security Alliance – Certificate of Cloud Security Knowledge (CCSK) • ISO 27001 Foundation Certificate • British Computer Society – Certificate in Information Security Principles (CISMP)
If we pass the course then there is also Capslock’s own Certified Cyber Security Practitioner (Ce-CSP). The certificate may be new (as we are the 1st batch of full time students to go through the course), but it is accredited by the Chartered Institute of Information Security and the tutors have vast experience from not only teaching Cyber Security, but actually working in the Industry as well.
We started off week 1 with introductions and being split into teams of 4 or 5 students. The teams all have students with various complementary skills. We are in the same team throughout the course. Our team name is Trojan Horses, hopefully explaining the logo!
This is the first area of the course that helps to simulate a real workplace environment. This theme continues throughout as we work on real life problems for a fictional company. The scenario is that we are Security Consultants for a large company that has multiple divisions including Defence Services, Managed Services, Systems Engineering and Integration and also a Software division. All the teams are set the same exercises and problems which are related to the topic we are studying. It is always enlightening to see the many different ways that other teams solve the same problems.
Team based learning is a big part of the course. This can also be seen in the mini tests that we do where we first go through the questions individually and submit our answers. We then go back through as a team. This enables us all to agree or disagree, and argue the case if we think that our answer is correct. Occasionally, the argument can be too persuasive and we get the answer wrong as a team, but usually it results in the correct answer.
The subjects we studied in our first week included Business & Security, MI & Metrics as well as Ethics. The second week introduced Culture and also Social Engineering. These were all used as a good introduction to Understanding Business. If you don’t understand the business that you are working in then how can you do your job properly.
The third week saw us move into Security by Design. This is obviously a very big area, the timetable has us in this area for 9 of the 16 weeks. So far (in the order of studying them) we have looked at Risk; Network Fundamentals; Operating Systems; Application Security; Governance; Security Architecture; Cloud Infrastructure and we have just started looking at Applied Cryptography.
I come from what is considered a technical background. I was a mainframe programmer for 15 years, though I left that 10 years ago. The majority of the areas that we have studied have been from a high level or a business point of view. Whilst a deeper technical understanding will be necessary for some roles, there are many roles in the industry that do not require this. This point has already been proven when you consider the first two people to accept job offers did not come from previous technical roles.
I had been looking forward to Cryptography, but surprised myself by not enjoying it so far. I have, in the distant past, been involved with the Chip and Pin process and also the migration of a major UK banks credit card portfolio to Chip and Pin. At the time I enjoyed learning about HSMs and how the overall process worked. I had a decent understanding back then, but now I am afraid that I just had a sore head. This might be partly due to too much studying, as like most I have been doing extra studying after the daily Capslock session ends. I have deliberately not done any studying this weekend, so hopefully will be refreshed for the second half of the course.
A few weeks ago we were introduced to our teams mentor, Amy Stokes-Waters from Cognisys. She has already helped our team so much. We have a weekly meeting and she invites someone from within the industry to talk with us. So far we have had the benefit of the vast experience of Rob Newby, Donald Edwards and Steven Trippier. The list of invited guests for the remaining weeks of our course is equally impressive.
Of all the areas that we have looked at so far I have found Cloud Infrastructure to be the most interesting. I was not even put off with the labs issues for both the AWS and Azure labs. We had an issue with the number of students that could login at the one time, and then an Access Denied problem part way through the AWS lab. The Azure lab had problems with the instructions, as Microsoft had recently updated Azure so not all the instructions were correct. It did make me realise that misconfiguration is very easy and with a manual process difficult to keep track of. It was also, to a certain degree, an example of real life problems that will be encountered.
I have also received a small scholarship that is to be used for an EDX course. I have decided that I will use this for a Scripting with Python course. There is a proctored exam at the end of the course, so yet another exam to look forward to. Python will not only help me in various Cyber Security roles, it is also another of the many things that I want to learn.
Looking at the timetable of remaining areas that we will be studying in the next 8 weeks there are a few that I am looking forward to. Forensic fundamentals will hopefully be interesting. Identity & Access Management will be useful. I have no experience of using Active Directory, so I am already taking steps to find out more about this. I will be going through some of the training that Microsoft offers and our teams super enthusiastic mentor, Amy Stokes-Waters, has put me in contact with a few people who can help me with this.
There is still a lot of hard work ahead, but I am convinced that not only have I made the correct choice in being here, but that I will be able to get a suitable job in the near future.