The cybersecurity landscape of today is both dynamic and complex. A new attack may occur at anytime, and new threat actors are constantly devising new ways to target businesses and consumers. Businesses need access to cybersecurity leaders who can identify risks and implement solutions accordingly to stay competitive in this ever-changing cyber ecosystem. Over the past several years, the role of a cybersecurity leader has also evolved. To achieve organizational goals, today's strategists must understand the nuances of the digital world and be able to work with various stakeholders across different departments. Here are some factors that may indicate whether a candidate will be successful as a modern CISO in today's security environment:

Has a clear understanding of end-to-end security

As a leader of an organization's cybersecurity team, the best candidates should understand how the various end-to-end security components interact. In addition, they should have experience working with the security team to identify gaps and requirements in each of these areas. Moreover, these candidates should be able to demonstrate a deep understanding of the threat landscape, including how the various threats interact with the company's assets and infrastructure. Finally, candidates with a strong knowledge of threat modelling and penetration testing will be able to assist the team in preventing security issues and ensuring compliance with regulatory requirements.

Deep understanding of threat landscape and current trends

To succeed as a CISO, a person must quickly understand a business' threat landscape and then use this knowledge to make informed decisions. If, for example, a company experiences a breach affecting an employee's record, the candidate should have a comprehensive understanding of how the latest threat landscape and trends could affect the organization. An effective candidate will be able to predict how this scenario might affect the organization, including how it might negatively affect the company's reputation or increase its risk exposure.

Demonstrates digital fluency across operations, technology and culture

A cybersecurity leader must communicate clearly with both internal and external stakeholders. Candidates who can communicate effectively in writing and through visual content (e.g., whiteboards, presentations, etc.) are more likely to succeed than candidates who rely exclusively on written communication. In addition, it is essential to assess how candidates communicate with their teammates. Leading a cybersecurity team may be challenging if candidates need help collaborating with different departments and individuals.

Demonstrates exceptional leadership qualities

The cybersecurity leader of the future must be capable of building strong relationships and fostering strong team cohesion. A candidate must be capable of identifying which stakeholders play a critical role in achieving organizational goals and demonstrate excellent leadership and communication skills to work with them effectively. Modern CISOs should be able to identify and address interpersonal issues (e.g., conflict, miscommunication) within the organization.

Wrapping up

Cybersecurity leaders must understand the various components of security from end to end, including operations, technology, and culture. Additionally, they must be able to see the big picture and utilize their expertise to make informed decisions. In addition, they should be able to communicate effectively with internal and external stakeholders and foster strong team cohesion. A successful candidate should possess a number of these qualities. The cybersecurity landscape of today is both dynamic and complex. There is always the possibility that a new attack will emerge at any time, and threat actors are continually developing new methods of targeting businesses and consumers. Business leaders must have access to cybersecurity leaders who can identify risks and implement appropriate solutions in this ever-changing cyber ecosystem. In recent years, the role of a cybersecurity leader has also evolved. The strategist of today must understand the nuances of the digital world and collaborate with various stakeholders across different departments to achieve the organization's goals.

What is salting and hashing a password?

January 24, 2023GeneralEdward Kiledjian

The LastPass hacking saga has led to non-technical users reading articles using terms such as salting and hashing, which may seem alien to them. A few people contacted me asking what they do, and I wanted to write a short post describing them.

Salting is the process of adding random data, referred to as "a salt," to a password before it is hashed. This technique helps protect against dictionary attacks, in which an attacker attempts to crack a hashed password using a pre-computed list of common passwords. A unique salt is added to each password so that the hashed value will be different even if the same password is used multiple times.

The process of hashing involves taking an input (or message) and converting it into a fixed-length string of characters called a 'hash value'. The same input will always produce the same hash value; however, a minor change to the input will result in a vastly different hash value. As a result, it is extremely difficult for an attacker to reverse engineer the original input from the hash value.

The combination of salting and hashing provides a high level of protection for passwords and other sensitive information. During the creation of a password, the salt is added to the password, and the resulting value is hashed. The hashed value, as well as the salt, is then stored in a database. When the user enters their password to log in, the system adds the same salt to the entered password, hashes it, and compares the resulting value to the stored hash. Access is granted to the user if the values match.

Although salting and hashing provide a high level of security, they are not foolproof. Therefore, you should still use a strong and unique password.

Keywords: Salting, Hashing, Encryption, Password security, Dictionary attacks, Data privacy, Hash functions, Cryptography, Information security, Data integrity, One-way functions, Secure password management, Hash algorithm, Password hashing, Password protection.

Unlocking the Secrets of ECB and CBC: A Guide to Encryption Methods

January 24, 2023GeneralEdward Kiledjian

Cryptography methods such as Electronic Code Book (ECB) and Cipher Block Chaining (CBC) are widely used.

ECB is a simple method of encrypting plaintext by dividing it into fixed-size blocks and encrypting each block independently using the same secret key. In other words, if the same plaintext block appears more than once in the message, it will be encrypted into the same ciphertext block (aka will look the same). The ECB encryption method is relatively easy to implement; however, it can be vulnerable to certain types of attacks, such as pattern recognition.

By contrast, CBC is a more secure encryption method that addresses the weaknesses of ECB. CBC encrypts plaintext blocks using the same key and combines them with the previous ciphertext blocks through an operation called an XOR. Thus, even if the same plaintext block appears multiple times in the message, it will be encrypted to a different ciphertext block each time.

The major difference between ECB and CBC is that ECB encrypts each block independently, whereas CBC encrypts each block with the previous block. CBC is therefore considered more secure and resistant to pattern recognition attacks than ECB.

Implementation of CBC mode requires an initialization vector (IV), which is a random value added to the first plaintext block before encryption. An IV is sent along with an encrypted message, so the receiver can use it to decrypt it.

ECB and CBC are symmetric-key encryption methods, meaning that the same key is used for encryption and decryption. As computing power increases, it becomes increasingly important to use more secure encryption methods, such as AES-GCM or RSA-OAEP.

Keywords: Encryption, ECB (Electronic Code Book), CBC (Cipher Block Chaining), Symmetric-key encryption, AES-GCM, RSA-OAEP, Data security, Pattern recognition attack, Initialization vector (IV), Encryption methods, Data privacy, Information security

Billions of passwords, files and cookies were leaked

June 12, 2021GeneralEdward Kiledjian

I have written about general user security several times over the last years, and the recipe is always the same:

Install a good anti-malware product
Make sure your applications and operating systems are patched
Don't click or open unexpected or unknown links/attachments.

Even with the best practices, there is malware that is stealthy enough to avoid detection.

Recently security researchers from Nerdlocker followed a trail left by sloppy hackers. To everyone's surprise, they found 1.2TB of files, cookies, 900K images, 600K word files and credentials stolen from over 3M computers. The data was obtained through malware that stole data from user desktops and downloads folders.

The data is relatively fresh, and ~30% of the cookies were still valid.
1M website logins (including the 4 horsemen of the internet) Amazon, Facebook, Twitter and Gmail.

So what next

The malware is stealthy and cannot be easily detected by antivirus products.

However, the information has been added to the HaveIBeenPwnd service.

As previously described, you visit the site, enter your email address, and it will tell you if you are part of this breach (or any other).

How do you protect yourself in the future?

Use long unique passwords for each site with the credentials stored in a good password manager (like 1Password and BitWarden)
Use a good reputable antivirus, update your software and operating system.
Make sure you regularly delete your cookies. I have written about extensions that automate this in the past.
Install a good anti-malware product
Make sure your applications and operating systems are patched
Don't click or open unexpected or unknown links/attachments.

Links:

Nerdlocker blog post
Ed's favourite things - Best Password Manager
Downloaded over a billion email addresses and passwords this weekend

If you live in the USA, your info is probably on this site and how to delete it

October 1, 2020GeneralEdward Kiledjian

There are lots of “less than reputable” websites that scrape the web for your information and then make it cheaply available to anyone willing to spend money.

I recently found a website that has a ton of information about many Americans including address, telephone number and even some relationship information.

Once you enter your name and state, it will show you a list of possible “victims”. You choose your listing and prepare to be astounded by the amount of information they have about you.

Now that your are properly terrorized, here is how to remove your information from Cyber BackGRound Check

Go here: https://www.cyberbackgroundchecks.com/removal
Agree to the conditions and enter his email address
Complete the CAPTCHA and then click “Start Removal Process.”
Find your records and click the Remove My Record button at the top of the page (must be on the details page of your profile to do this)
Check your email for the removal confirmation note and click the enclosed link
48-72 hours later, your information should be removed from the site

How HR can identify a strong modern CISO candidate