I’m sure we all seen the recent statistical figures talking about an increase in ransomware attacks ranging between 2 to 3 times in 2016 when compared to previous year. While these numbers are already depressing enough, recent events between WannaCry/WannCrypt and ExPetr/Petya/NotPetya have made the situation worse. We seen increase variations of the EternalBlue vulnerability/exploit previously patched in MS17-010. These new ransomware attacks are building on already known vulnerabilities that people are still struggling to patch or properly address as a serious threat.
From what I can see, more companies are being impacted than I would feel comfortable with when gauging the security ecosystem. This leads me to believe that companies are not taking these threats seriously, it’s as if they feel that such occurrence is so far away from their organization that it’s not going to be impact them. It also feels as if people did not understand the “mild” differences between WannaCry/WannaCrypt and ExPetr/Petya/NotPetya, where as I truly felt worried when I saw how NotPetya utilized common administrator tools such as PSExce and WMIC to move laterally. In my eyes I saw more occurrences and variations of such attacks that could be created by more people or groups with i’ll intentions and I’m glad I’m not the only one feeling concerned as more awareness needs to be brought to this issue.
It’s been a while since I last made a post and it’s been mostly due to my own lack of commitment to blogging during my spare time. However, I can gladly say things are look better for me thanks to finally having finished my Master’s degree. In the past, I had previously talked about my experiences going to Boston University and discussed my first two classes in some detail. Now I can confidently say that the journey is not easy, the amount of late nights and weekends lost to classwork have been exhausting for me, my wife and the few remaining friends have been a challenge. Some of the biggest challenges were:
- Trying to balance work and school without one negatively impacting another.
- Trying to find spare time to do things like yard work, house cleaning or maintenance.
- Trying to balance some social life.
- Trying to make sure my wife and family was not being ignored during the most difficult classes.
- Trying to stay motivated during certain periods of times after holidays or summer break.
- Most importantly, Not giving up!
The list pretty much sums up most of my challenges I experienced while attempting to complete my degree online in Boston University as a full time working professional. I also wanted to list out some of the classes I took with a brief description of my experience, in hopes of helping someone considering the online Masters of Science in Computer Information Systems degree from BU.
- CS669 Database Design and Implementation for Business (Fall 1 of 15)– First class was a big challenge with workload, content and expectations from the professor. It set the expectations that this degree was not going to be an easy walk, so the average week I would spend about 35-40 hours on classwork. However, it was focused on learning the proper design principals instead of just throwing SQL code around while still managing to get a B+ on the class.
- CS782 Information Systems Analysis and Design (Fall 2 of 15)– A challenging but enjoying class with weekly research assignments that pushed me to improve my research writing skills significantly. This class was very useful in my career thanks to the lessons learned during my research papers and analysis of systems. I lost a lot of weekends and some late nights with about 35 hours a week on classwork to get an A- on the class.
- CS546 Quantitative Methods for Information Systems (Spring 1 of 16) – This was an extremely difficult class for me as I had always struggled in math classes since high school. The professor attempted to make things easier by recording himself on a class while attempting to work out the problems. The workload was not as high as previous classes, but complexity of functions, differentiation and statistics in the final caught me completely off-guard letting me scrape by with a C+.
- CS625 Business Data Communication and Networks (Spring 2 of 16)– This was a much better class for a somewhat technical background person like myself, where I was able to relax a bit and could feel more at ease. Basic business design and network design concepts allowed me to have some freedom, but also caused me to relax a bit too much with only a B+ for a grade.
- CS520 Information Structures (Summer 1 of 16)– A Java programming based class, that most programmers could pass without much effort. It wasn’t overly difficult, but scaled accordingly each week getting more challenging. I spent an average of 25 hours working on classwork on the last few weeks, allowing me to pass with a B.
- Summer 2 – 16 (8 Weeks off for vacation)
- CS682 Information Systems Analysis and Designs (Fall 1 of 16) – A breath of fresh air for me as it dealt with a lot of design principles, which could be very applicable to someone in IT leadership. Some difficult assignments that caused me a few late nights that conflicted with my work schedule during conference season. I definitely enjoyed the class and was able to utilize some of my previously gained skills from CS782 to put into some papers. I manage to pass with an A-.
- CS684 IT Security Policies and Procedures (Fall 2 of 16) – A somewhat boring class in name, but useful class for someone in IT leadership. Learned a few tricks that I could utilize at work to better understand policies, laws, regulations pertaining certain segments. The coursework took me an average of 20 hours a week, but a lot of non-IT students appeared to struggle with this class. I managed to pass with a B+.
- CS695 Enterprise Information Security (Spring 1 of 17) – A class that I was looking forward to taking as it covered a broad number of topics pertaining to enterprises and security best practices based from the CISSP book from ISC2. This class helped me get started with my CISSP studies, but also reinforced my understanding of enterprise security as a whole. I managed to pass the class a B.
- CS693 Digital Forensics (Spring 2 of 17) – A very disappointing class, which was mixed between Computer Science students and Criminal Justice students. The class focused much more on the criminal side than I had expected and was so slow to get going since 90% of the students had issues getting their virtual labs running. The labs felt like extensive busy work as I did not gain any knowledge from them. I would often spend 30 hours on classwork, but I did not give it my all and lost focus half way through the class, yet managed to pass with a B+.
- CS694 Mobile Forensics (Summer 1 of 17) – Definitely a step forward when compared with the previous class, it was aimed at Computer Information Systems students with much more challenging topics. The drawbacks on the class was the topics felt dated along with the labs, maybe Android 6 was the latest OS discussed but on iOS we just talked about iPhone 4 primarily. I managed to spend an average of 18 hours a week in classwork and passed with a B+.
As you can see, the list of classes covered a lot of security topics due to my concentration but various areas within an enterprise are still covered. The overall experience was extremely positive and I am very proud to have completed the degree in BU among all of the other universities I considered. Furthermore, no matter what university anyone graduates, be proud and respect the degree you hold as it represents all of the hard work you spent on it.
I have been meaning to post something about recent experiences and changes in perception I had about entrepreneurs trying to start their own business. Not that I have started a company myself, but a close acquaintance of mine has recently jumped on the entrepreneurship journey. His story is filled with challenges after challenges that continue to get bigger with the thought of hopefully establishing a stable business that could one day grow into a very successful business. After listening to him, I could see the business goals and think about how close they seem, but also see how an invisible wall of questions and challenges continues to get in the way. It almost makes me wonder if it is even worth it, but I know the answer deep inside because I myself am somewhat envious of his efforts. He is still on his way to success and has expanded his circles of business partners to reach out to as many possible markets in hopes of acquiring clients.
It’s been a while since I made a post due to school and work, but I definitely wanted to finish the last part revolving around the benefits of building a home lab. Previously in Part 1, I talked about the history and hardware requirements to make a home lab. In Part 2, I talked about the design/functionality of a home lab, and now I will be talking about some of the overall benefits with running your own home lab. This post will be a bit wordy and contain a larger number of images to represent some of the technologies I have setup in my home lab environment.
Over the past few months I have been pretty absent on my blog, most of this is caused by the fact I decided to start working on a masters degree. I put a lot of thought into what university I would attend and put together a list composed of top universities in the country that provide acceptable online degree programs for working professionals. My final pick was Boston University with their Masters of Science in Computer Information Systems focused in Security.
A personal goal of mine has been to try to educate myself as much as possible in all common enterprise technologies. I also believe that I am not alone when I say “building a home lab is what many IT professionals do to improve their skills and get some needed practice with common enterprise technologies”. In the past I have gone through several lab designs, but with the way technology is changing I found myself trying to virtualize as much as possible. Continue reading
I recently had some time to reflect on a recent discussion with an old acquaintance, about when to start searching for a new job. The discussion went back and forth talking about the perks of staying in a job for a lengthy period of time versus job hoping every year or two. Towards the end of our discussion we both agreed on a few fundamental items.