Newsletter #17 - July 9, 2024

Author

Aseem Shrey
July 09, 2024

Hello Everyone πŸ‘‹ 

So recently there was a Security Conference that I attended in Seattle just this June.

Attending the Cloud Native Security Conference North America 2024 was an incredible experience. I had the opportunity to engage with fellow security professionals in the Cloud Native space and exchange valuable insights. Meeting the tag-security group was particularly enriching.

And here, I’d like to share my brief and incredible experience with you all.

πŸ§‘β€πŸ­ Jobs & Internships

  1. Join Akamai's InfoSec team, reporting to the Security Engineering Director. Detect threats using SIEM and SOAR (Splunk). Requires 2-4 years' experience, BE/Btech, CEH, CCNA, SANS, Linux shell scripting, Python, Java, JavaScript proficiency. Global flexible work options available.

  2. TikTok's USDS team ensuring U.S. user data security is looking for an Application Security Penetration Tester, requires 5+ years' experience, IT degree, Linux proficiency, scripting skills, and security testing expertise.

  3. Amazon Development Center U.S., Inc. seeks a Penetration Testing Engineer for the AWS Generative AI security team. Responsibilities include securing AI and AWS services, mentoring engineers, and developing automation tools. Requires 3+ years' experience in security testing, AI/ML systems auditing, and scripting proficiency in Python or similar languages.

  4. CrowdStrike seeks a Reverse Engineer to analyze in-the-wild exploits, enhance threat intelligence, and develop automation tools. Requires 3+ years in reverse engineering, Python scripting, and malware analysis.

  5. GitHub seeks a Security Engineer to join their Red Team, conducting offensive operations and enhancing security measures. Ideal candidates have expertise in attack simulation, tooling development (Python, Go, Ruby, or Javascript), and cloud technologies (AWS, Azure). Join a remote-first team driving cybersecurity innovation globally.

πŸ” Last Week in Cyber Security

Join our Discord to get more news in the Security Domain. πŸ›‘οΈ

Google Offers $250,000 Bounty for KVM Zero-Day Vulnerabilities
Google has increased its maximum reward to $250,000 for discovering critical zero-day vulnerabilities in the Kernel-based Virtual Machine (KVM) hypervisor, used widely in cloud computing. This move aims to incentivize security researchers to uncover and report potentially devastating exploits before they can be maliciously exploited.

Global Police Operation Shuts Down 600 Illegal Dark Web Markets
Law enforcement agencies worldwide have collaborated in a major operation to dismantle over 600 illicit dark web marketplaces. This coordinated effort resulted in the takedown of platforms trading in drugs, stolen data, and other illegal goods.

Hacker Arrested for Airline Passenger Data Theft via Evil Twin Wi-Fi

A hacker has been apprehended for deploying an "evil twin" Wi-Fi network at airports to steal sensitive data from airline passengers. The malicious network intercepted travelers' information, including login credentials and personal data, highlighting vulnerabilities in public Wi-Fi security. Authorities acted swiftly to apprehend the perpetrator, emphasizing the ongoing risks posed by cybercriminals exploiting public networks for illicit activities

Aseem @ Cloud Native Security Conference North America June β€˜24

Conference Hall

πŸ‘‰οΈ Key Takeaways

From this year's conference, I found the emphasis on Zero trust, serverless, and shift left strategies particularly exciting. However, the increasing sophistication of supply chain attacks, especially targeting the Open Source Software community, is a growing concern.

πŸ‘‰οΈ Building and Gamifying the Security Culture

My presentation on Building and Gamifying the Security Culture at Your Organisation focused on integrating gaming elements to enhance security awareness and practices. Unlike traditional training methods, gamification fosters a proactive and engaging approach among employees, transforming security from a chore to a shared responsibility.

πŸ‘‰οΈ Effectiveness of Gamification

Gamification has proven highly effective in improving security practices. For instance, issues like hard coding of secrets and insecure sharing practices were significantly reduced once employees became actively involved in identifying and mitigating security risks.

πŸ‘‰οΈ Challenges and Lessons

Implementing gamified security experiences initially faced adoption challenges. Overcoming these involved promoting participation and recognizing early adopters, which eventually led to widespread engagement and cultural change within the organization.

πŸ‘‰οΈ Future Trends

Looking ahead, I see gamification playing an increasingly pivotal role in security training, encouraging a shift towards more proactive and engaged security practices across industries.

πŸ‘‰οΈ Personal Growth and Advice

Engaging in conferences and pioneering gamified security approaches has greatly contributed to my professional growth. My advice to fellow security professionals is to embrace gamification as a transformative tool for enhancing security awareness and practices.

πŸ‘‰οΈ Key Message

❝

Ultimately, security isn't just about tools and automationβ€”it requires a cultural shift towards proactive vigilance and engagement from all team members.

Aseem Shrey

πŸ˜‚ Cyber LOL-ogy: Hacking Humor for Secure Smiles πŸ˜‚ 

As we conclude, My insights from the Cloud Native Security Conference 2024 emphasize the pivotal role of gamification in cybersecurity. From cutting-edge trends to fostering a proactive security culture, the experience underscores the importance of innovation and collective vigilance in safeguarding our digital future. Stay informed, stay secure, and keep pushing boundaries.

See you next issue!

Reply

or to participate.