Episode 7

full
Published on:

25th Mar 2024

4 Lessons I Learned from My First Capture the Flag (CTF) Event!

Learning the Ropes: My First CTF Experience

In the Titan of Tech podcast episode, host John shares insights from his first participation in a Capture the Flag (CTF) event in March 2024, covering its nature as a cybersecurity game, the challenges encountered, and four key lessons learned. The CTF event featured jeopardy-style puzzles across various domains like digital forensics and cryptography, emphasizing the importance of hands-on skills, teamwork, and familiarity with tools like Kali Linux and Unix commands. John reflects on his unpreparedness, the technical obstacles faced in using unfamiliar equipment and systems, and the ultimate value of the experience in understanding cybersecurity complexities, especially for IT leadership and those in non-technical roles within the field.

https://podcast.titanof.tech/

https://linkedin.com/in/johnbarker78


00:00 Welcome to the Titan of Tech Podcast: My First CTF Experience

00:21 What is Capture the Flag (CTF)? An Introductory Guide

01:04 The Thrill of the Game: My CTF Event Recap

02:20 The Benefits of Participating in CTF Events

03:21 The Essential Tools for CTF Success

03:47 Four Key Lessons from My CTF Journey

09:47 Who Should Try Capture the Flag? Insights for IT Leaders and Enthusiasts

13:08 Closing Thoughts and Encouragement

Transcript
Speaker:

Hey, what's up, everyone?

Speaker:

John here.

Speaker:

Today on the Titan of Tech podcast, I want to review four lessons that

Speaker:

I learned when I participated in my first Capture the Flag CTF event

Speaker:

just about a week ago, March 2024.

Speaker:

And the first thing off the bat is don't be me.

Speaker:

Definitely don't be me.

Speaker:

So for those of you that clicked on this and you're like, what is a CTF?

Speaker:

What is a capture the flag?

Speaker:

Let me explain capture the flag.

Speaker:

It's a security vulnerabilities game.

Speaker:

That's conducted in a test environment, you are instructed to

Speaker:

find a hidden piece of information that they refer to as a flag.

Speaker:

Maybe it's a specific file.

Speaker:

And there are typically two types of capture the flags when it's called

Speaker:

the jeopardy style where you're just given a series of challenges and the

Speaker:

other is attack and defense where you've got your teams where you

Speaker:

each have your own specific network and you're trying to protect your

Speaker:

network at the same time you're trying to attack another team's network.

Speaker:

Now, in my particular case, we were in jeopardy style.

Speaker:

It was a three hour capture the flag event and there was a total of 16 different

Speaker:

puzzles that they were that we were given that we needed to solve and we and

Speaker:

there was no way nobody solved all 16.

Speaker:

That was part of the part of the drill.

Speaker:

It was just I think they said it was normally made for a six hour

Speaker:

game, but we did it in three.

Speaker:

Now, as far as the types of puzzles, you have digital forensics, which

Speaker:

is the one that I was able to solve as the as time was about to expire.

Speaker:

There's some reverse engineering.

Speaker:

There's cryptography.

Speaker:

You know, files are encrypted.

Speaker:

There's some Web security trying to break into a website.

Speaker:

And in the case of the one that I saw that the last legitimately there was 10

Speaker:

seconds left before the game expired was a digital photograph of a cat by a pool.

Speaker:

And it was, and the instructions were to find out exactly the location

Speaker:

and name of the building that this photo was supposedly taken in.

Speaker:

And I was able to use some tools that were out there, extract the metadata

Speaker:

that had the latitude and longitude.

Speaker:

slap that into a mapping program and bring up the exact location that

Speaker:

the picture was supposedly taken to.

Speaker:

Now some of the benefits of doing these capture the flag games and

Speaker:

environments are it's, it's risk free.

Speaker:

You're not doing this in production.

Speaker:

In our case, there's a company called Cyber Ranges.

Speaker:

They, that's actually what they specialize in.

Speaker:

Larger companies may have their own Cyber Ranges to keep their skill

Speaker:

sets up of their, of their employees.

Speaker:

And there's other, these third party ones that are out there.

Speaker:

That will run events that are similar to these, so it's completely

Speaker:

virtual risk free environment.

Speaker:

You're not in somebody else's production environment.

Speaker:

You get the hands on skills necessary that that with the with the software

Speaker:

and the tools that you would use in a production environment.

Speaker:

In real time.

Speaker:

This is not theoretical.

Speaker:

This is not book knowledge.

Speaker:

This is real hands on experience.

Speaker:

And you also get to learn teamwork, which comes into one of our, my lessons

Speaker:

learned when producing one of these, as everybody has strengths and weaknesses

Speaker:

when it comes to anything that you do.

Speaker:

And most of these are conducted with teams.

Speaker:

I do believe that there may be some capture the flag.

Speaker:

Events that are solo, but in our case, there was teams of two to four.

Speaker:

And I think most of us had four, our team had three and the tools that

Speaker:

you're typically using with these and the ones that we use were Kali Linux.

Speaker:

We attempted to use wire shark that kind of.

Speaker:

Failed at connecting to the virtual environment with one of our teammates,

Speaker:

as well as just got to understand your Unix prompts, which I'll get into a

Speaker:

little bit of some of the issues that I walked into having never done this

Speaker:

before and having not really used Unix in a, in a really long time.

Speaker:

So what are the four lessons that I learned after going through this?

Speaker:

Gotta practice your Unix commands.

Speaker:

It had been years since I had used Unix environments.

Speaker:

I don't do a ton of hands on keyboard stuff.

Speaker:

I've got a few things like Raspberry Pis.

Speaker:

That I use internally for my own network.

Speaker:

So I, I occasionally get into those, but this is definitely not a regular

Speaker:

basis, you know, maybe once a quarter that I've messed with my own stuff,

Speaker:

performing an update type of thing.

Speaker:

And this specifically, you would need to learn Kali Linux,

Speaker:

which is some of the, the.

Speaker:

The, the, I'm going to use the term cracking tools, but the tools necessary

Speaker:

to help with cybersecurity engineering and vulnerability assessments to go

Speaker:

into there, I had kind of made the assumption that we were going to

Speaker:

be given some sort of cheat sheet.

Speaker:

The, the, the scenarios for, or this capture the flag event was kind

Speaker:

of advertised as beginner level.

Speaker:

Anybody that had any IT experience, please come join us.

Speaker:

It was a free event.

Speaker:

I knew the people that were running it.

Speaker:

was also on my team.

Speaker:

He had not.

Speaker:

He had not done one in years either.

Speaker:

So there was a team of us at least two.

Speaker:

And so I had watched one of these events back in the end of 2023.

Speaker:

And I had swiped a book called breaches and attack simulation for dummies.

Speaker:

I had not flipped through it at all.

Speaker:

I had never went through it.

Speaker:

It had been sitting there for a couple months.

Speaker:

The day before the capture the flag event, I decided I'm gonna sit outside.

Speaker:

It's nice.

Speaker:

I'm gonna read this thing.

Speaker:

I'm gonna At least kind of get myself primed up for what I'm going to

Speaker:

experience for the capture the flag event.

Speaker:

Well, when I started flipping through this, this was more of a managerial

Speaker:

for dummies book, which those concepts I already know already trained and

Speaker:

certified in, in all of those things.

Speaker:

And this was not a refresher or a primer on Unix commands, Kali Linux,

Speaker:

any of the tools or any other tool necessary to be able to participate

Speaker:

in a capture the flag event.

Speaker:

So that didn't help.

Speaker:

So I kind of breezed through that, skimmed it, didn't help.

Speaker:

The next thing after we, so we get into the, the room we were, we could

Speaker:

bring our own laptops, which I had brought mine and I actually do have

Speaker:

some of the tools installed, even though I don't use it for whatever

Speaker:

reason, but I forgot my power cord.

Speaker:

So that didn't work well.

Speaker:

And I had to use one to provided.

Speaker:

Computers that they had, which were essentially fresh Windows 11 install

Speaker:

computers, nothing else was installed, was installed on the machine.

Speaker:

So none Wireshark wasn't installed on the machine.

Speaker:

None of the Kali Linux stuff was installed on the machine to be able

Speaker:

to, we could connect using those computers into the virtual environment.

Speaker:

So that became a little bit of a problem.

Speaker:

An issue with connecting one of our teammates.

Speaker:

We actually had a third teammate walk in the door miles.

Speaker:

I'm gonna tag him into the post.

Speaker:

I appreciate him showing up.

Speaker:

It was great to work with and actually had participated in one of

Speaker:

these recently, but it was having difficulty with the provided equipment

Speaker:

using wire shark to connect into.

Speaker:

So having equipment already installed with the software already known to be

Speaker:

working within that particular cyber range, I think would have helped out a

Speaker:

little bit and not with me not knowing how to use the commands, but for

Speaker:

others that knew what they were doing.

Speaker:

I think that would have smoothed over a couple things.

Speaker:

Also walking into this, I didn't really understand having never

Speaker:

seen it before, how the clues and the scenarios work together.

Speaker:

So you would be given a puzzle and there'd be maybe a one word or a couple

Speaker:

word clue on the direction that you were supposed to take the challenge.

Speaker:

And this was one of those things that I thought, again, we were going

Speaker:

to get some sort of cheat sheet as this was initially believed to be

Speaker:

an entry level capture the flag.

Speaker:

There really wasn't anything given as far as that it was like,

Speaker:

Hey, here's the environment.

Speaker:

Click it, log in.

Speaker:

There's the 16 puzzles.

Speaker:

You can bounce around them.

Speaker:

You can pick whatever you want.

Speaker:

There you go.

Speaker:

And each of the puzzles are weighted a score.

Speaker:

I think it was 10 points, 15 points, 20, and I think up to 25.

Speaker:

Of course, the, the harder the, the puzzle, the more points you

Speaker:

got for being able to solve that.

Speaker:

The one I solved was a 10.

Speaker:

But I got it.

Speaker:

That's the way I look at it.

Speaker:

So I think and also during this process, I, I, instead of seeing that this was

Speaker:

really entry level, I saw that the scenarios were marked as intermediate.

Speaker:

So that kind of a term I had been using was monkey on the keyboard,

Speaker:

where I was just sitting there just kind of hacking away at this.

Speaker:

Where I would have Kali Linux commands up and trying to break through.

Speaker:

I'd actually found something for one of the scenarios that used an old Perl

Speaker:

script for anybody that is familiar with that to be able to backtrack.

Speaker:

And I made it all the way to the end.

Speaker:

It just wouldn't execute the way it was supposed to, supposed to have executed.

Speaker:

I was able to get that installed and work through.

Speaker:

So it was definitely a understanding, just not being able to execute.

Speaker:

And the last thing for sure is that I think teamwork makes the difference.

Speaker:

The team that won the event in the end of last year that I have

Speaker:

observed, They showed back up again, and they crushed everybody.

Speaker:

They finished first they had quadrupled our score, and I think they doubled

Speaker:

the score of the team in second place.

Speaker:

This is a college team that travels around, and this is what they do.

Speaker:

I think they know exactly, everybody has their role defined, everybody

Speaker:

has the tools they're supposed to be used, everybody knows the strengths

Speaker:

and weaknesses of the others.

Speaker:

Which allows them to function as a unit as no different that you would run the

Speaker:

department that you run, the business that you run have predefined roles.

Speaker:

They probably had great communication.

Speaker:

There were a few tables away from us, so it wasn't like I could eavesdrop on them.

Speaker:

Matter of fact, we were at the end, so I didn't have anybody to eavesdrop off

Speaker:

of as we were going through this As we were going through the exercises, because

Speaker:

that probably would have helped but it, you know, the teamwork definitely made

Speaker:

a difference with what they with what they were doing, and they ran away with

Speaker:

it on top of just having the required skill sets to be successful for this.

Speaker:

So now that I've went through the process of of participating in a collapse, capture

Speaker:

the flag, who do I think should try one?

Speaker:

If you are an I.

Speaker:

T.

Speaker:

leadership of any sort.

Speaker:

And I'm talking about CIO, CTO, definitely a CISO of course.

Speaker:

I think this is something that you should go participate in, just

Speaker:

to understand the complexity of what goes into these skill sets.

Speaker:

Particularly for those that, like myself, who kind of been away from

Speaker:

the keyboard for a while, and maybe this was never even part of your job.

Speaker:

That if you, Go and participate in one of these.

Speaker:

It's a game.

Speaker:

It's for fun that you'll be able to communicate that complexity back in

Speaker:

a in a more sound way when it comes to determining budgets, determining

Speaker:

other resources that may need to be protected, particularly if you're

Speaker:

someone that works in a large environment that has a very big threat landscape.

Speaker:

You've got lots of employees, lots of equipment.

Speaker:

Maybe you actually produce code.

Speaker:

You store a lot of customer files.

Speaker:

You have a lot of sensitive information that I think just going through this

Speaker:

experience shows that complexity to you for never experienced for those

Speaker:

that have never experienced it.

Speaker:

And I am definitely not one that says for you to be an effective leader.

Speaker:

That you need to go and understand at every granular level, every person's

Speaker:

job underneath you, absolutely not.

Speaker:

It doesn't work that way.

Speaker:

You go and hire those skillsets, but if you're in a situation where you

Speaker:

just can't grasp the reality of what a role brings and what the value brings

Speaker:

to the table, that spending a couple hours in their, in their shoes, what

Speaker:

you're not going to become the expert.

Speaker:

I won't be definitely have no intention of becoming the expert at some of these

Speaker:

things, I would do it again, it helps reframe your mind for those things that

Speaker:

you don't quite understand if you're in say, if you're working in cyber security,

Speaker:

but you're non technical, let's say you're an auditor or you're just you

Speaker:

know, in the governance and risk piece.

Speaker:

This is something I think you should be exposed to as well.

Speaker:

Again, it goes back to.

Speaker:

Understand the complexity, be able to communicate that complexity when you

Speaker:

start evaluating those environments and seeing where maybe somebody is not

Speaker:

checking all the boxes they need to be if they need to, if they need to

Speaker:

comply with a certain framework within their industry that , you can kind

Speaker:

of elaborate on how the complexities of these types of skill sets and

Speaker:

understanding security vulnerabilities.

Speaker:

And of course, If you are a hands on keyboard, absolutely love threat

Speaker:

hunting and things of this nature.

Speaker:

This is, to me, this is a must do, . It keeps your skills sharp.

Speaker:

It allows you to be exposed to other people in a safe environment

Speaker:

that may have new tactics that you haven't thought about.

Speaker:

If you get locked in stovepiped within a large organization, this will probably

Speaker:

let you get exposed to new areas of work that you've not seen before, as well

Speaker:

as counting to your own work portfolio.

Speaker:

This is one of those things that I think counts to building up your skill sets.

Speaker:

You can work on things maybe you're weak on with other people that

Speaker:

have those as, as their strengths.

Speaker:

You can also do that in reverse.

Speaker:

The things that your strengths, you can give that to others.

Speaker:

I mean, this is a.

Speaker:

You know, to me, it's a unity thing.

Speaker:

It goes back to that teamwork environment, and you can sit there, figure out

Speaker:

how best the teams work together.

Speaker:

So definitely again, I think I was texting, I was texting my wife

Speaker:

and a buddy of mine who another buddy of mine who wanted to

Speaker:

participate and like, how's it going?

Speaker:

And I said, and I just kept using a term and said, I think

Speaker:

I'm monkey hitting the keyboard.

Speaker:

I had not prepped.

Speaker:

Do not walk into one of these prepped if you are in I.

Speaker:

T.

Speaker:

Leadership or you're in a non technical cyber security role and you would

Speaker:

like to participate in one of these.

Speaker:

Absolutely do it.

Speaker:

But at least spend a little bit of time going over basic Unix

Speaker:

commands going over Kali Linux.

Speaker:

Maybe you're looking at Wireshark and just getting a good frame of reference with

Speaker:

How someone that works at a rudimentary level and make sure you're interested

Speaker:

entering, , one of the capture the flag events that is based for beginners.

Speaker:

I don't think I would have had nearly as much fun if we were in the, the

Speaker:

attack defend environment with the teams going against each other,

Speaker:

because it's not what I've done.

Speaker:

It's not what I do.

Speaker:

Talk about getting creamed, but I did solve a puzzle.

Speaker:

So until the next one, talk to you later.

Next Episode All Episodes Previous Episode

Listen for free

Show artwork for Titan of. Tech

About the Podcast

Titan of. Tech
Tech Trends, Triumphs, and Trials: The Human Side of Tech
"Titan of Tech" is more than just a podcast; it's a journey through the evolving landscape of technology. Each episode is a window into the future, offering insights and perspectives that you won't find anywhere else. This is the place where curiosity meets innovation, and listeners become well-versed in the language of tomorrow’s technology.

Why Tune Into "Titan of Tech"?

Diverse Perspectives: We bring you voices from all corners of the tech world – from seasoned CEOs of leading tech companies to the unsung heroes and rising stars in the industry. Get a 360-degree view of the technological panorama.

Beyond the Buzzwords: We delve deeper than the trendy tech jargon. Understand what Cybersecurity, Quantum Computing, or Artificial Intelligence really mean for the world and for you.

Global Tech Scene: Technology knows no borders. We explore international tech developments, giving you a global perspective on innovation and its impact.
Accessible Content: Whether you're a tech guru or a novice, our content is tailored to be accessible and engaging. We break down complex concepts into understandable and relatable discussions.

Future Focused: From predictions about the next big tech breakthrough to exploring how technology will shape our society in the future, "Titan of Tech" keeps you ahead of the curve.

In "Titan of Tech," every episode is a blend of passion, knowledge, and a vision for the future. We're not just reporting on technology; we're part of the conversation that shapes it. Our engaging narratives and in-depth analyses make us the perfect companion for your daily commute, workout, or leisure time.

Discover the stories behind the innovations that are transforming our world. Join our community of curious minds and tech enthusiasts. Subscribe to "Titan of Tech" and be a part of the conversation that's shaping our digital destiny. Connect with us online at https://podcast.titanof.tech and follow the future, today!

Follow at:
https://linkedin.com/in/johnbarker78
https://x.com/johnbarker78
https://instagram.com/johnbarker78
https://titanof.tech (Virtual CIO Advisory Services)

About your host

Profile picture for John Barker

John Barker

John Barker, MBA, CISSP, PMP, has worked as a Virtual CIO for the past 7 years. He has supported many executives in a wide range of industries. John's mission is to improve operational technology, identify technology value drivers, and improve cybersecurity defenses. John has led numerous cybersecurity evaluations. Using standard frameworks such as HIPAA and NIST cyber standards. John has been a regular featured columnist in Northern Virginia news outlets. He has over 35 technology columns published in the region.

John started his technology career working on Unisys mainframes in a manufacturing setting. This evolved into the lead network engineer for American Military University. The first online-exclusive accredited university in the United States. He has led a global multi-million-dollar Department of Defense technology program. That supports over 500,000 users. John advises high-net-worth families (300M+) on all technology and cybersecurity matters.

John is active in his community. John served four years in Culpeper County Broadband Planning Commission. The purpose was to expand high-speed internet access in the rural community. He has served on the Board of Directors for chambers of commerce. Served as the chairperson of marketing, and membership committees. John has been a regular at mock interviews and career days for local elementary and high schools. John has led technology entrepreneurial sessions for high school-age students. He instructs them on the steps to create a mock technology product and create a business plan. They "pitch" their ideas to other business leaders in the community.

In 2023, John served on the Technology Advisory Committee for Stafford County Public Schools. He assisted in writing the first A.I. policy voted on and approved by a School Board in the State of Virginia.

John currently works with two different cybersecurity organizations. John is a member of ISC2. He wrote new and reviewed questions for the current version of the Certified Information Systems Security Professional (CISSP) exam. This is the gold-standard information security certification. John is part of the Cyber Security Forum Initiative (CSFI.US) Cyber reporting team. The team aligns national security threat scenarios to common and uncommon cyber frameworks. The team also has access to information that cannot be disclosed.

Press List – Author
Mind-blowing AI Tools are here to stay
Date: March 4, 2023
Link: https://fredericksburg.com/opinion/comment-mind-blowing-ai-tools-are-here-to-stay/article_b603e478-b7c4-11ed-a7b0-838023b605f9.html
Category: artificial intelligence

Artificial Intelligence (AI) has seen an unprecedented leap into the public consciousness, especially with the advent of tools like ChatGPT, showcasing the potential for machines to mimic human conversation with remarkable fluency. AI's history, dating back to 1956, is built on the premise that human intelligence can be emulated by machines, leading to developments in reasoning, learning, and perception.
This technology has quietly underpinned everyday tools, from recommendation algorithms on YouTube to autonomous driving, without widespread public awareness of its mechanisms. The discussion around AI now also encompasses ethical considerations, such as the potential for plagiarism in AI-generated content and the embedding of biases within algorithms. Despite these challenges, the integration of AI into daily life and work is inevitable, urging a collective effort to harness its potential responsibly and ethically. The narrative is clear: AI is no longer a futuristic concept but a present reality, transforming how we interact with technology, understand creativity, and approach the ethical dimensions of digital innovation.

Cybersecurity is a people problem
Date: Oct 15, 2023
Link: https://fredericksburg.com/opinion/column/comment-cybersecurity-is-a-people-problem/article_042531f0-6924-11ee-8b91-fffa2f546f8c.html
Category: Cybersecurity
Cybersecurity incidents often stem from human error rather than technological flaws. For example, a major breach at MGM Resorts was enabled by social engineering, exploiting inadequate employee verification processes. Similarly, the Equifax breach resulted from unpatched servers, highlighting a lack of attention to basic security practices. Other incidents, like a casino hack via an internet-connected thermometer, illustrate the risks of integrating insecure IoT devices into critical networks. These examples underscore the importance of robust security protocols, regular updates, and education to mitigate human-related vulnerabilities. Awareness and proactive measures can significantly reduce the risk of cyber attacks.

Think Twice before using TikTok
Date: May 28, 2023
Link: https://fredericksburg.com/opinion/comment-think-twice-before-using-tiktok/article_55e76904-f3fe-11ed-b8a0-4fc03a885c17.html
Category: Cybersecurity
TikTok faces increasing scrutiny for its data privacy practices, with concerns over potential data sharing with the Chinese government due to its parent company ByteDance's ties. The platform's massive user engagement has drawn legislative attention, resulting in app bans and hearings aimed at mitigating security risks. Users are encouraged to critically evaluate their TikTok usage, considering the privacy and psychological implications of their engagement with the app.

‘Brute Force’ cellphone attack secures conviction
Date: April 22, 2023
Link: https://fredericksburg.com/opinion/columns/comment-brute-force-cellphone-attack-secures-conviction/article_0d2b4d80-ddff-11ed-8cd7-3b730ec21d54.html
Category: cybersecurity, law enforcement
At the heart of Alex Murdaugh's trial for family murder charges was a crucial cell phone video that challenged his innocence. The U.S. Secret Service's expertise in unlocking the phone revealed evidence critical to the case, showcasing the power and potential privacy concerns of digital forensic technology. This situation underscores the importance of robust personal cybersecurity measures, such as multi-factor authentication and secure passwords, to protect against unauthorized access to sensitive information.

Technology education evolving in Fredericksburg Region
Date: July 1, 2023
Link: https://fredericksburg.com/opinion/column/comment-technology-education-evolving-in-fredericksburg-region/article_248daac4-16b0-11ee-b3af-1ffb021e4fb5.html
Category: technology education

The document discusses the evolution of technology education in the region, highlighting the shift from traditional vocational programs to modern Career and Technical Education (CTE) offerings. It showcases local initiatives to engage youth in technology through summer camps and hands-on learning experiences. Programs range from building drones and gaming PCs to video game development and entrepreneurship in technology. These efforts are aimed at equipping students with industry-level certifications, real-world experience, and fostering a passion for technology from a young age, challenging them to think critically and innovatively.

Cybersecurity and the Internet of Things
Date: November 30, 2020
Link: https://www.youtube.com/watch?v=9UgaxG574TI&t=227s
Category: cybersecurity, IoT
John Barker leads a panel through a discussion of the cybersecurity risks in everyday household items that now connect to the internet.
Creating a Culture of Security
Date: Jan 23, 2020
Link: https://www.insidenova.com/culpeper/data-dump-creating-a-culture-of-security/article_6fd2bbb8-3de8-11ea-991b-9f8d164e71d4.html
Category: cybersecurity

Creating a culture of security is essential in combating the increasing threat of cyberattacks, which affect organizations of all sizes. Implementing foundational cybersecurity measures like firewalls, strong passwords, and patch management is crucial. Leadership must prioritize and practice these measures to influence the organization's culture positively. Regular training adapts to evolving cyber threats, emphasizing social engineering awareness. A non-punitive environment encourages reporting mistakes, fostering trust and improvement. External audits validate cybersecurity practices, ensuring adherence to standards. Despite existing regulations in some sectors, many companies lack comprehensive cybersecurity measures. Upcoming regulations, like the Cybersecurity Maturity Model Certification, will enforce stricter compliance and auditing, potentially extending to wider markets influenced by cybersecurity insurance trends.

Ignorance is not an excuse anymore!
Date: November 21, 2019
Link: https://www.insidenova.com/culpeper/data-dump-ignorance-is-not-an-excuse-anymore/article_a5309ae6-0c92-11ea-a3cf-e716081495ce.html
Category: cybersecurity


In recent travels and networking, a concerning trend of improperly secured websites has been observed, highlighting a persistent issue with security certificates. Many businesses, from startups to established companies, neglect basic web security, often resulting in vulnerable websites. The misconception that security breaches are unlikely and the lack of knowledge about the importance of SSL certificates contribute to this problem. It's emphasized that securing a website is a fundamental task that should not be overlooked, as it verifies the site's authenticity and secures data transmission. The article suggests actively ensuring web designers or hosting providers implement SSL certificates and explores options for securing websites, including free services. Ignorance of web security is no longer acceptable, underscoring the necessity for all, including those without technical backgrounds, to prioritize online security.

Is Your Cloud Data Safe from Prying Eyes?
Date: July 5, 2018
Link: https://www.insidenova.com/culpeper/archive/data-dump-is-your-cloud-data-safe-from-prying-eyes/article_c728ffc4-f902-5674-89be-9b178ad12ee1.html
Category: cloudy, security, privacy
The narrative explores the evolution and concerns surrounding cloud data security, focusing on encryption practices and the tension between user privacy and government access requests. It emphasizes the importance of encryption for data in transit and at rest, highlighting user control over encryption keys as critical for privacy. Major tech companies' struggle with government demands for data access is discussed, underscoring the ongoing battle for data privacy. The piece suggests that while cloud storage offers enhanced security and convenience compared to local storage, users should be aware of the potential for their data to be accessed by service providers or under legal compulsion.
Project Management Institute (PMI) Network Without Cringing (Really!) (Featured Guest)
Date: August 7, 2017
Link: https://www.pmi.org/learning/careers/network-without-cringing-really
Category: business, networking