Going to the dark side. Those were my first thoughts about taking an information security role one year ago. One year later, the situation seems much brighter than I expected. This role has taught me more about how our business operates, how we set priorities, and how to respond to a setback. I’ve been fortunate enough to meet some extremely intelligent people along the way. Some of them frighten me with their descriptions of past experiences or their adversaries.
I stumbled upon a helpful guide to securing an apache server via Reddit’s /r/netsec subreddit. Without further ado, here’s a link to the guide: Apache web server hardening & security guide The guide covers the simplest changes, like reducing ServerTokens output and eliminating indexes, all the way up through configuring mod_security and using the SpiderLabs GitHub repository to add additional rules. If you’d like a more in-depth post about installing mod_security, I’d recommend this one from Tecmint.
Want to work for a company that finds new approaches to traditional IT problems? Do you want to work with a team that provides Fanatical Support through keeping customer data safe? Our Global Security Services team is looking for experienced security analysts who can take network analysis and malware defense to the next level. The responsibilities of the role include: Monitor global NIDS, Firewall, and log correlation tools for potential threats Initiate escalation procedure to counteract potential threats/vulnerabilities Provide Incident remediation and prevention documentation Document and conform to processes related to security monitoring Provide performance metrics as necessary Provide customer service that exceeds our customers expectations Experience with tools such as Wireshark, Hex Rays, IDA Pro or Hex workshop.
I spent two days last week in a class called “Accounting and Finance for Non-Financial Managers” at UT Austin’s Texas Executive Education program. The assigned reading (a book of the same name as the class) was informative but I still felt like it was too advanced for me right off the bat. My main goal for the class was to learn how my role can have a financial impact as well as an information security impact.