One piece of advice I give to people looking to transition from computer science homework assignments to meaningful proficiency in cybersecurity is to seek out Hackathons and Capture-the-Flag competitions. Sometimes the amount of information on these events can seem overwhelming and it can be difficult for someone starting out to know which events are worthwhile and how to best make use of opportunities. After attending a number of these competitions myself, I wanted to share some of the advice I wish someone had given me.
Read More...
If you’re about to go to your first CTF or have been to a handful, chances are you are looking for ways to improve your game and win some prizes. CTFs are generally very tough and with hundreds of people competing for a small handful of prizes you can expect to lose far more than you win. Unlike hackathons, where a little charm and confidence goes a long way, CTFs are often a straight test of technical knowledge and endurance.
Read More...
Static == Secure Right? If you’ve read my recent post extolling the virtues of static site generators for secure web development you might think that deploying a static site makes you more or less invulnerable to cyber adversaries. Although it’s true that going static dramatically reduces your vulnerability profile, it doesn’t quite eliminate it. This post considers five possible attack vectors against websites built with static generators (e.g. Jekyl, Hugo, etc.
Read More...
Juggling Priorities It should come as no surprise that, when building this site, my first concern was security. This arose partially from the fact that I live and breathe cybersecurity and believe (not without cause) that the whole internet is out to get me. However, it’s also true that sites focused on cyber issues tend to present attractive targets to hackers attempting to prove their skills and gain some renown with people who might actually appreciate their accomplishments.
Read More...