Lesson 7: Why HR Policies complement Information Security

The perception of most employees to both the HR and Cybersecurity Department is that they exist so they can look for a mistake and punish you. Some say that HR is the principal's office, while the Cybersecurity team is the surveillance arm.  Although most of the time during investigations, the cybersecurity team becomes the expert … Continue reading Lesson 7: Why HR Policies complement Information Security

Lesson 6: Organizational Security

Coming from a technical team, organizational security might be seen as a domain that only focuses on paper-based policies (sometimes, just copy-paste templated policies), budgets and risk assessment results. There's also a gap between highly technical security members who have been doing hands-on security and those management guys who may have their MBAs but whose … Continue reading Lesson 6: Organizational Security

Exploring the Security Issues behind Facebook’s User Tracking from its ‘Big Data’ for Competitive Intelligence

Credit: Taken from https://www.mobistealth.com/blog/facebook-spy-tool-lets-read-messenger-conversations/  (First released in September 2016) Abstract— Facebook (FB) is one of the most popular social networking sites all over the world. According to Zephoria, there are approximately 1.71 billion FB users worldwide as of July 2016. There are 4.75 billion contents that are shared daily which include status posts, notes, images, … Continue reading Exploring the Security Issues behind Facebook’s User Tracking from its ‘Big Data’ for Competitive Intelligence

Tips and Reasons: A Career in Cybersecurity

Is there a career in IT Security/Cybersecurity in the Philippines? – This is the question that is always asked when I give workshops or lectures in the academe. I always answer an astounding “yes.” Here are the reasons why: Reason #1: There is a need for cybersecurity professionals because of the increasing number of cybercrimes … Continue reading Tips and Reasons: A Career in Cybersecurity

4 Reasons Why All-In-One/Automated Penetration Testing is a Fallacy

COMING from the business side, I have met and seen various vendors who promise heaven and earth to answer IT problems in your organization. There are the ‘yes’ guys who will always answer ‘yes’ when you ask if the solution can do this or that. There are the ‘deflectors’ who try to confuse or worse, … Continue reading 4 Reasons Why All-In-One/Automated Penetration Testing is a Fallacy

Proud of my students’ achievements @ UA&P event

Last February 24, 2017, me and my undergraduate students went to the University of Asia and the Pacific (UA&P) in Pasig City to present their project Hydra in a school-initiated research conference. The event was not very big but various students from undergrad to PhD were prepared to present their papers. I was really pushy … Continue reading Proud of my students’ achievements @ UA&P event

8 Helpful Things You can do to Prepare and Pass a GIAC exam

Roughly one year after I passed the GIAC Web Application Penetration Tester (GWAPT) exam, I took the GIAC Mobile Device Security Analyst (GMOB). I became one of a less than a thousand professionals who earned the certification. One of the observations that I have is that preparations I did for both exams were pretty much … Continue reading 8 Helpful Things You can do to Prepare and Pass a GIAC exam