Profile picture
Amanda Berlin @InfoSystir
, 11 tweets, 3 min read Read on Twitter
#infosecstaples = Time for a new hashtag to help out our #infosec students. Asked some remedial questions that anyone going into a tech field should know and was surprised they hadn't been taught these things in school.
I know my own college degree didn't prepare me at all for the work that I would be doing after I graduated, but I thought maybe it had gotten a little bit better at this point. I guess not. They seem to be failing the participants still.
One of the main reasons @synackpse & I wrote the Defensive Security Handbook was to put staple information all down into one place as well as we could, but it doesn't even come close to covering everything someone may need to know, that's what universities should be trying to do.
I still remember my first tech interview, and how embarrassed I was to not know a single one of the answers of the questions being asked. The one that sticks out in my mind still to this day was "Explain what happens when you sit down at a computer and go to a website"
I absolutely love this question. Mostly because it has such a depth of possibility. Are they going to start the answer with the physical interaction of the keyboard with the operating system? Will they describe how the browser works? How DNS works? Anything about Webservers?
During interviews I've seen anything from the basics, to extremely technical "where should I start and how long do you take" answers.
There are already so many articles and so much help on advice of how to get into our field, but I'm not sure how many of them have the technical additions to them. Maybe a hashtag would help, it could always snowball into a course or two as well.
I'm interested to see what staples that you think may help any type of technical student coming into the workforce. If you want to use #infosecstaples or maybe have a better idea. Let's ask the questions and see if they need help with the answers.
The better anyone new is prepared the faster they'll start to become accustomed and kicking ass for us day to day.
So here we go.... 1. Explain how DNS works. 2. What is an RFC1918 address? 3. What is a VPN and how does it work? 4. What does a 169.254.x.x address tell you? 5. What is the difference between hashing and encryption? #infosecstaples
What are these ports for?
21, 22, 23, 53, 80, 443, 8080, 3389, 6667-7000

What is the difference between FTPS and SFTP? #infosecstaples
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Amanda Berlin
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Related hashtags

#infosecstaples #infosec

More from @InfoSystir see all

Profile picture
Here are 50 FREE things you can do to improve the security of most environments:
Access control lists are your friend (deny all first)
AD delegation of rights
App Whitelisting
Best practice GPO (NIST GPO templates)
Block browsing from servers. Not all machines need internet access
Block Dns zone transfers
Change ilo settings/passwords
Close open mail relays
Diff. local admin passwords (LAPS)
Disable LLMNR/NetBios
Disable ports that are unused, & setup port security
Disable telnet & other insecure protocols or alert on use
DMZ behind separate firewall
DNS servers should not be openly recursive
Don't forget your printers (saved creds aren't good)
Egress Filtering (should be just as strict as Ingress)
EMET (when OSes prior to 10 are present)
Read 7 tweets

Related threads

Profile picture
On July 22nd Wikileaks released 22000 DNC emails that had been previously hacked by Russian GRU agents. On Oct 7th Wikileaks dumped hacked John Podesta emails soon after the seemingly damaging Access Hollywood tape came out where Donald Trump talked about sexual misconduct @ollie
3million tweets from the Russian Internet Research Agency were recently archived & made available by the site @fivethirtyeight. We wanted to look at particular hashtags related to Green Party Candidate Jill Stein and #DemExit
fivethirtyeight.com/features/why-w… @ollie #infosec #osint #opsec
In the second wk of July 2016 #DemExit became a social media campaign & political movement in response to Bernie Sanders formally endorsing rival Hillary Clinton 4 president. Bernie Sanders supporters in particular were encouraged to leave the Democratic Party in protest #infosec
Read 14 tweets
Profile picture
A thread on being a so-called “Security expert”.

I cringe at how much sincere, well-meaning, yet ultimately WRONG #infosec advice I gave out while working as the founder/VP Eng of a major security vendor.

When I left at IPO, I knew I needed a broader perspective. (1/N)
It’s too easy for someone in #infosec to call themselves an “expert” or (god forbid) a “thought leader”. Very few of us so-called experts have a rigorous background in security. My background is software. Most of us just jumped in early and learned as we went.
#SecurityExperts
#infosec is so broad, it covers so many technical and non-technical disciplines, that most of us who were experts in ONE area (like vulnerability mgmt in my case) have very deep expertise in that ONE area, but we’re amateurs in most other areas. #SecurityExperts
Read 25 tweets
Profile picture
#infosec moment:

1/ Met a gentleman this morning outside our agency building today. Enjoyed some small talk; turns out he just got picked up for a dream infosec job. His first actually. Had joined the USAF in aircraft maintenance, pushed himself to learn IT after hours.
2/ You could tell within the first 30 seconds how passionate he is about this field, and how his intelligence and drive would take him far. By 60 seconds, you could also see his self-doubt & tendencies towards Impostor Syndrome.
3/ Ended up spending nearly 30 minutes just mentoring. He had seen me around in cyber (new here myself), and heard my honestly undeserved nickname “MegaMind”. Turns out it wasn’t entirely a chance encounter.
Read 8 tweets
Profile picture
Jinkooooooook~ tHrEaD let's try this bishhh
1) Choose:
(The allowed times for the votes won't be ten mins every time, probs, just as an fyi)
Read 222 tweets
Profile picture
I got to explain #GayPanic and #UselessLesbian to my pysch today 😂

These are terms I just learned (over the last few months myself) that described succinctly, what the heck is going on with my brain.

To unpack these terms, I'm going to start you with Sappho.
-
-
“Sweet mother, I cannot weave –
slender Aphrodite has overcome me
with longing for a girl.” –Sappho

To everyone, we've almost all been in this feeling. (i cannot speak for Ace)
Someone we see or meet, and their presence just #dazzles us into #malfunction (however brief)

-
- it's a pretty common #human #feeling. (again, cannot speak for Ace, and that's ok, y'all are lovely :) )

now here's where #GayPanic sets in... we feel the feels...omg. wow.
and our brains go into... IS THIS DANGER????

I'm sorry to say, our panic does start there.
-
Read 17 tweets
Profile picture
-3-

can't go today
-4-

met jimin
-5-

hobi knows
Read 32 tweets

Trending hashtags

#Gitmo #FacebookLawsuits #girlsintech #DarkOverLord #research #Information #relationships #BreakTheMSM #stablecoin #havingacrush #ThanQ #AllisonMack #battle #FF #war #NWO #CalmBeforeTheStorm #videos #TrumpTampa #911Truth #fighters #SecurityExperts #TrustThePlan #IntelDrop #college

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!