Cyber Security: An Offensive Mindset [Week 2

Page Title

Cyber Security: An Offensive Mindset [Week 2 - Reflection

Reflection

During this week I was thoroughly inspired by the very experienced and knowledgeable stakeholders that we had the liberty to meet. So much so it was tough to narrow the exposure down to only one problem statement, but below is a quote which resinated with me most as it gives context to what the internet has evolved into. "The internet was initially built on openess, access, availability and implicit trust. As it was previously an acaedmic network, but now it is a commerical one with organisations at the forefront of cyber threats." - Robert Mitchell

This evolution of the internet has left organisations stranded utilising it for its enormous and endless potential, but with this potential it carries a variety of forms of risk. This risk can be technical, commercial, regulatory, operational and even reputational. After further research I have uncovered that by the year 2021 cybercrime will cost organisations 6 trillion dollars, a truly staggering figure which puts the risk into perspective. I found it extremely interesting the course that the internet has taken and how it has deviated from such a open and trustworthy network into a network poised by risk and potential threats that can cost organisations tremendous reputation and money.

A cyber threat for an organisation today could be as simple as an oblivious employee clicking a link or attachment in a phishing or spear phishing email, which then gives an intruder a gateway into the internal network. As Robert Mitchell discussed this method of targeting organisations hasn't been invented it has been reinvented from virus' like "Melissa" the first attachment virus and "ILOVEYOU" an embedded script virus that relied on social engineering to get users to "click on the link". It may sound crazy but Roberts has truly motivated me and made me even more eager to cement my place in the InfoSec industry to innovate the way users and organisations are safeguarded from such prevalent threats.

Design thinking did not have a huge presence this week, in our group we did create our presentation and ticked most of the expected boxes. However, we completely skipped design thinking no rehearsal of our presentation of a group meant lack of "prototyping" or "testing" to see if our work would meet the 4 minute maximum time frame. But we ended up not completing in the right time frame and the presentation was quite rushed or disjointed in some aspects. Although, the one positive was using notion to keep track of how our presentation was going as a group, making sure that we ticked off different components of the project as they were done. But overall I believe that I didn't meet this SLO this week and I will work on it progressing into next week. Carrying over from the previous week I have put a focus on developing my technical skill once again, gradually to eventually be able to overcome an active Hack the Box. So this week I truely put myself outside of my comfort zone working on not only Bandit from OverTheWire, but I completed a large amount of PicoCTF exercises and pushed myself to have a go at the reconnaissance resource provided by TryHackMe. This allowed me to expand what I learnt researching about "theHarvester" tool this week during class which is an open-source reconnaissance tool, but instead forced me to learn more about "Nmap" and how to use it to find information on a specific target. I think having started using these learning resources as well as researching and testing reconnaissance tools has made me more confident. This is because prior to this week, I always doubted myself and was overwhelmed with how much I need to learn not thinking I'd ever be able to do it. But I'm learning that its all about progress and baby steps, because I didn't think on Monday I would have learnt or been so constructive this week it's really exciting.

Technical Progress Record

5 levels beaten on Bandit: OverTheWire
600 points earnt on PicoCTF
5 exercises completed on UltraTech Machine: TryHackMe
Learnt theHarvester and Nmap tools
Utilised CyberChef and Bless (CTF tools)

Collaboration was a significant part of this weeks sprint, working in a team of three to research and present findings on a reconnaissance tool of our choice. When collaborating or working in a team environment I find myself taking the lead, which is what I did for this task. With my experience of working in a group I knew that communication is key so I suggested that we use Microsoft Teams as we've all had recent experience using it. I found that communication was our strong point during this task, however I did find myself doing a large portion of extra work for our presentation. Which in hind sight may have hindered our presentation as we had too much content that we weren't able to communicate in a short four minute presentation. If we had collaborated in a successful manner we wouldn't have gone over the four minute time frame, because we should have made time to practice our presentation prior not wing it. This is definitely a learning curve for me, even though everyone puts in their piece of work it may not be cohesive and it will be clear to those watching the presentation that it was unrehearsed or disjointed. On a positive not we did also utilise Notion to keep track of our tasks what was not started, next up, in progress and of course completed this kept is in sync and because we were all busy we were able to see what we had worked on without having to actually ask each other. Because we did use notion this may have been why we lacked communication in our Microsoft Teams chat because we all were constantly updating the notion task board.

My review and performance evaluation for this week was both very positive and substantially negative at the same time. I found myself really motivated and really interested in the work from Monday to Thursday even staying back and putting in a lot of extra hours. But life did get in the way and I also was poor with my time management over the weekend lacking any extra work for the end of the week. The positive that I need to take from it though is that I did really get a lot of work done at the beginning of the week and my time management was on point. For next week though I need to again implement good time management principles, but this time pace myself treat the week like a marathon not a sprint because last Thursday I just did WAY too much in one go leaving me playing catch up being unproductive for the rest of the week.