Derrick Coston, Cyber Security Professional

I think that we are now starting to see begin to take this serious.  The problem is real and hopefully we will finally begin looking at Cybersecurity differently.  I am reposting Paul German’s article found in Security Magazine. h This Article was written in 2018 and things appear to be getting worse vice better.  I think the time is now to begin thinking about the approaches to CyberSecurity. source https://derrick-coston.com/2019/04/01/derrick-coston-cisa-cissp-giac-5/

I have always had my issues with Sales Teams.  CNBC reports that Cyber Security Vendors are driving the hacking new cycle.  Its a shame  because those of us who are consultants and trying to ensure that organizations and people stay aware of the Cyber threat landscape, we have some exploiting it.  This article is interesting because as I try to find important information to share with those in my sphere of influence.  My only concern with this article is that it states that “breaches that actually cause damage are relatively rare. As a result, vendors often try to make a big deal out of minor breaches that don’t expose important company or customer information.”  I disagree with this because they fail to address the actual breaches that were made public.  Privacy Rights.org showed that in 2018, there were 828 documented breaches totaling over  1,371,001,709 confidential data records that were breached or exposed.  This number is higher bec...

Rami Sass, CEO, WhiteSource has found that for the past two years have seen an explosion in the number of software vulnerabilities being published, jumping from 6,447 in 2016 to 14,714 in 2017. Seeing as 2018 beat out the previous year with 16,521 CVEs reported, we should prepare ourselves for plenty of patching ahead in 2019.  Despite this, he notes that we need to remember that even as a rise in CVEs can be eternally frustrating and means more remediation work, it is still far more preferable to deal with these vulnerabilities early before they are exploited by attackers.See his article here . source https://derrick-coston.com/2019/03/19/derrick-coston-cisa-cissp-giac-3/

Here is the Cyber Security Week in review  provided by HelpNETSecurity . source https://derrick-coston.com/2019/03/18/derrick-coston-cisa-cissp-giac-2/

We all still need to stay diligent for the new ways Hackers try to gain access to confidential information. This is why we need annual security awareness Training.   CIS Security has updated the latest list of scams that are able to gain access to our confidential data. source https://derrick-coston.com/2019/03/17/derrick-coton-cisa-cissp-giac/

Facebook Messenger vulnerability exposed your private texts ~ E Hacking News: http://www.ehackingnews.com/2019/03/facebook-messenger-vulnerability.html source https://derrick-coston.com/2019/03/10/derrick-coston-cissp-cisa-giac-3/

This is a common result for every organization that has a data breach.  The Equifax Breach   is just one of many that have the similar root cause.  What is interesting is that  many organizations do not use the findings of the Equifax Breach to enhance their own Risk Management and Cyber Security Controls.  SC media reports today  data breaches up 400%  and the Identify Theft and Research has just published their  January 2019 Data Breach List  which is more disturbing because many organizations do not even know the extent of how much PII or PHI data was compromised.  We seem to be going backwards and not forwards and it appears that the problem will get worse before it gets better.    At the RSA 2019 conference, Jason Escaravage, from Booz Allen Hamilton, summed up one of the issues nicely… “ compliance isn’t enough . You need to be aware of the threats that are likely to… that your organization is likely to encounter or ...

Hackers are targeting Instagram Accounts   source https://derrick-coston.com/2019/03/08/derrick-coston-cisa-cissp-giac/

I had the opportunity to preview and demo the  uCertify COMTIA Cybersecurity Analyst Course . For many of you that are considering becoming a CISSP or CISA, I strongly recommend this course as well as take a plethora of good notes. This course is written in a way that makes it easy to transition from being an A+ and/or Network + Engineer into Cybersecurity. The course will also help in gaining a better understanding the roles and responsibilities of a Cyber Security Analyst. This course is easy to follow and has a plethora of examples, practice questions and exercises. This course will help students pass CompTIA’s Cybersecurity Analyst Certification Exam as well as ensure that the following CompTIA Cybersecurity analyst skills are obtained: Perform data analysis and interpret the results to identify vulnerabilities, threats and risks to an organization. Configure and use threat-detection tools. Secure and protect applications and systems within an organization. Being a CISSP...

Madiant M-Trends Report source https://derrick-coston.com/2019/03/05/derrick-coston-cyber-security-consultant-i-am-looking-forward-to-seeing-all-of-the-new-products-and-services-at-this-years-rsa-conference-looking-forward-to-speak-with-madiant-they-released-i/

I AM LOOKING FORWARD TO SEEING ALL OF THE NEW PRODUCTS AND SERVICES AT THIS YEAR’S RSA CONFERENCE. MANDIANT JUST RELEASED ITS 2019 MANDIANT M-TRENDS REPORT WHICH HAS SOME EXCITING INFORMATION REGARDING APT37, APT38, APT39 AND APT40. THE REPORT CAN BE FOUND HERE: HTTPS://WWW.FIREEYE.COM/CURRENT-THREATS/ANNUAL-THREAT-REPORT/MTRENDS.HTML. source https://derrick-coston.com/2019/03/05/derrick-coston-cyber-security-consultant/