Print Page   |   Contact Us   |   Report Abuse   |   Sign In   |   Register
WSC Blog
Blog Home All Blogs
The Women's Society of Cyberjutsu Blog. Come here for interesting facts about the WSC, security and other news and tidbits.

 

Search all posts for:   

 

Top tags: amazon  amazon charity  analysis  b-sides conference  career  charity  competition  CTF  cyber  cyberjutsu  cyberlympics  SOC  training microsoft free  value 

Shmoocon Ticket

Posted By tennisha V. martin, Friday, January 13, 2017
I've got a ticket to shmoocon (starts today and goes through this weekend) but i had surgery on my back and can no longer go. $100 amazon gift card gets you a barcode.

This post has not been tagged.

Share |
PermalinkComments (0)
 

My First Cyber Competition

Posted By Mari Galloway, Thursday, November 10, 2016

My First Cyber Competition

For whatever reason, cyber competitions have been on my mind. So, I thought that I should share my experience as well as provide a few resources to those on the fence about participating in these cyber competitions.

Cyber competitions are a great way to gain valuable hands-on experience in various areas of cybersecurity such as pentesting and digital forensics. There are various types of competition in a few different varieties: Challenge-based, where you answer questions/challenges to gain points; Attack-Defend, where you must defend your 'castle' while trying to attack others; and Wargames which are online CTF competitions.

My first competition was back in 2013 with Cyberjutsu Women at the Global Cyberlympics, a competition hosted world-wide by EC-Council. This competition is an online team-based competition consisting of 3 qualifying rounds (Forensics, Penetration Testing, and Computer Network Defense (CND)) and a final round (Capture the Flag) usually hosted at the annual HackHalted conference.

Going into this competition, I had no freaking clue what to expect or even how to begin. The team consisted of 6 women lead by Lisa Jiggetts, the founder, CEO, and head Cyber Ninja for Women's Society of Cyberjutsu. We went into a conference room and immediately started the first round. We weren't organized and none of us knew what was going on but we trekked through it, together.

See with this competition, you can only have one person logged into the scoring server which meant that this person either had to perform all the tasks for each round or we had to figure out a way to collaborate quickly and efficiently to get the points. Even though we started off scrambling, by the end of round 1 we had found our groove and started racking up the points. Mind you, Lisa was the SME of the group and she had to provide a lot of insight.

I was scared because I didn't want to fail but was relieved to know that we were a team. We advanced to the next round. By the end, we all walked out of the room a little bit smarter and with ideas to help with round 2.

Fast forward a few weeks, we made it past round 2 but not without a few bumps in the road. I think round 2 was harder than the 1st one and for good reason. EC-Council wanted to make sure that people knew what they were doing. We spent that Saturday afternoon moving through challenges and troubleshooting and praying we get enough points to advance to the finals. When we recieved news that we made it to the final competition, we were beyond ecstatic. We were the only all women team (All cyberjutsu competition teams are all women) to advance to the final competition. Unfortunately, I was unable to attend the Final event due to work, but I learned a lot about myself and my love for this field. We all love a little challenge here and there. And, the prizes are definitely a motivator to participate in these types of games.

For me the Global Cyberlympics was the start of something great. Participating in and winning competitions gives you confidence in your skills and boosts your ego a little bit. Although, I haven't won a competition, I have participated in a few of them each year (both on a team and individually). They are a lot of fun. You learn a lot of things by doing them. If you are interested in participating in these games but don't know where to start, don't fret. There are numerous resources available to help you get your feet wet and prep for success. Some of my favorite individual games include SANS Netwars (paid), OverTheWire (free, online), and Enigma Group (free, online). These games force you to research topics and try new things, some of which can be used in the real-world depending on the job that you do. Some of these competitions are even at various conferences and are free to participate in.

So, get to it and start refining your skills!

For more information or to participate in team based competitions, join the WSC Competition Group at www.womenscyberjutsu.org

Additional links with good information:

ctftime.org - lists competitions going on around the world and you can join teams

Capture the Flag Competitions - Basic info on CTF's as well as different ones for each type

Tags:  competition  CTF  cyber  cyberjutsu  cyberlympics 

Share |
PermalinkComments (0)
 

Know Your Value

Posted By Tammy Torbert, Saturday, December 26, 2015

The holidays give me a chance to catch up on reading.  I happened across a book "Knowing Your Value: Women, Money and Getting Your Worth", by Mika Brzezinski.  It's one of these easy reads, a business book told mostly as interviews with successful women in a variety of industries.  There are also interviews with successful men that talk about the difference between men and women in industry.  

 I wish I had this book when I first started my career.  It discusses the way that women shoot themselves in the foot and don't get what they want.  The book won't tell you how to negotiate a better salary, but it might show you the things you are doing that cause our own failures. 

  

Happy holidays!

Tags:  career  value 

Share |
PermalinkComments (0)
 

Shopping Amazon & Supporting a Good Cause

Posted By Tammy Torbert, Wednesday, August 26, 2015

Do you shop amazon?  I do all the time, and about six months ago amazon asked do you want to support a good cause.  I thought why not?  So, from that moment forward I started shopping amazon.com, through smile.amazon.com.  This gave me a way to donate to my favorite charity at no cost to me.  With smile.amazon.com, the Amazon team donates a percentage of your total purchase to the charity you've designated.  What could be easier?

I just found out that WSC is one of many good causes that you can donate to by shopping through smile.amazon.com.  If you shop Amazon, I hope you'll consider shopping through their smile.amazon.com portal and donate to the charity of your choice. 

For more information about the smile.amazon.com program, visit the about page at https://smile.amazon.com/about.

Tags:  amazon  amazon charity  charity 

Share |
PermalinkComments (0)
 

Why Didn't We Catch It?

Posted By Tammy Torbert, Saturday, August 22, 2015

If you've spent any time working in a Security Operations Center (SOC) whether as an analyst, engineer, or incident responder, there is nothing worse than getting asked by your manager "Why Didn't We Catch It?"  The "It" is some incident or badness that occurred in the environment you are supposed to be monitoring or protecting.

Imagine a situation where a denial of service event occurred, but this was detected by the customer realizing that there site was responding as expected.  For security teams, having the customer tell you there is an incident typically means the SOC missed something they should have seen.  I was brought in to take a look at the Security Information and Event Management (SIEM) tool and see what was available leading up to the event.  Ultimately, I didn't find much to indicate a denial of service, that doesn't mean there was nothing there, it just means I didn't see anything obvious.  Next up, I start working with the networking and security engineers.  I need to understand how traffic flowed, what devices would have inspected the traffic, and what could possibly tell me something happened.  This is where understanding networking and how routers, switches, firewalls and IDS tools work.  I realized that there were a few devices that had security controls on them, whether it was the intrusion detection sensor, the router, or the firewall.  I then had to work with the team to decipher the configurations, make sure that traffic was moving to security tools that could have caught the attack, make sure that the right policies were in place to detect the attack, and make sure that logging levels were appropriate.

Ultimately, if you plan to work on the defensive/detection side of security, it's vital to have a broad knowledge set.  My knowledge of networking and a variety of security tools give me instant credibility in the room.  The best security people for defense/detect are those that understand how things work, but also how things should work together.  You don't have to be able to configure the router, but understanding how it will handle traffic will be helpful.  Defense/detect roles are challenging because the wide breadth of knowledge you'll need, but it's also a great starting point to security specializations, like reverse engineering, forensics, or security engineering. 

Tags:  analysis  SOC 

Share |
PermalinkComments (0)
 

B-Sides DC

Posted By Tammy Torbert, Sunday, August 16, 2015

Anyone get tickets for B-Sides DC yesterday?  I forgot that tickets went on-sale at midnight, and alas missed the first round.  I'm getting ready for round 2 on September 1.  

If you haven't been to B-Sides, it's a fun local event that is relatively inexpensive.  I hope to see you there. (Link for B-Sides DC).  It's a great way to get CPE credits for your CISSP, and also a great time to network and socialize with security geeks.

Tags:  b-sides conference 

Share |
PermalinkComments (2)
 

Free Training from Microsoft

Posted By Tammy Torbert, Saturday, August 15, 2015

I spent some time this morning browsing the Internet with no particular goal in mind.  I used to be a subscriber of Microsoft Technet which offered me a way to get access to their software.  It's been years since I subscribed, and found that Microsoft has since decommissioned this offering.  :(  

However, I found that Microsoft has created a free training site, the Microsoft Virtual Academy (http://www.microsoftvirtualacademy.com/).  I was really surprised to see how much material they had available all for free.  Also, it wasn't just Microsoft specific stuff, but also general topics around networking, security and programming.  

If you need training, this is definitely an offering that I would check out, especially given it's free price.  

Tags:  training microsoft free 

Share |
PermalinkComments (0)
 
Community Search
Sign In

Sign In securely

Haven't registered yet?

News & Press
Calendar