How To Become A Cyber Security Expert

Gen AI Insurance, Copilot, Surge in DDoS Attacks & More

October 31, 2023

Good morning!

In today’s line up:

  • Generative AI Insurance

  • Microsoft Security Co-Pilot

  • Cloudflare Reports Surge In DDoS Attacks

  • Cloud Network Components

  • PLUS, 7 Habits of Highly Limitless People!

Generative AI Insurance?

It’s clear that the use of Generative AI is exploding across industries.

What will follow is the emergence of LLM / Generative AI insurance for any copyright issues relating to its output.

Big vendors are already offering cover to prevent any consumption slow down:

  • Google: They are protecting customers with generative AI indemnification. “If you are challenged on copyright grounds, we will assume responsibility for the potential legal risks involved” (read more here).

  • Microsoft: They are protecting Co-Pilot users. “Microsoft is announcing our new Co-pilot Copyright Commitment. As customers ask whether they can use Microsoft’s Copilot services and the output they generate without worrying about copyright claims, we are providing a straightforward answer: yes, you can, and if you are challenged on copyright grounds, we will assume responsibility for the potential legal risks involved” (read more here).

Microsoft Security Copilot

Microsoft has released documentation to help you understand Microsoft Security Copilot and Copilot in M365Defender!

Here's a breakdown of how Microsoft Security Copilot works:

  1. User prompts from security products are sent to Security Copilot.

  2. Security Copilot then pre-processes the input prompt through an approach called grounding, which improves the specificity of the prompt, to help you get answers that are relevant and actionable to your prompt. Security Copilot accesses plugins for pre-processing, then sends the modified prompt to the language model.

  3. Security Copilot takes the response from the language model and post-processes it. This post-processing includes accessing plugins to gain contextualised information.

  4. Security Copilot returns the response, where the user can review and assess the response.

In practice this will make Incident Response in Sentinel & Defender 365 much faster, as the Security Copilot can more quickly summarise the incident, provide a guided response and even analyse malicious scripts & code within the tool.

Microsoft documentation:

Cloudflare Reports Surge In DDoS Attacks

Cloudflare says the number of hyper-volumetric HTTP DDoS (distributed denial of service) attacks recorded in the third quarter of 2023 surpasses every previous year, indicating that the threat landscape has entered a new chapter.

DDoS attacks are a type of cyberattack that involves directing large volumes of garbage traffic or large numbers of bogus requests to targeted servers hosting apps, websites, and online services to overwhelm and make them unavailable to legitimate visitors.

During Q3 2023, they mitigated thousands of hyper volumetric HTTP DDoS attacks. Over 89 of these attacks exceeded 100 million requests per second (rps), and the largest one peaked at 201 million rps, three times larger than the previous record, which occurred in February 2023.

VM-based botnet generates 5000 times the traffic of IoT nodes (Cloudflare)

Overall, Cloudflare reports a 65% rise in the aggregated volume of HTTP DDoS attack traffic in the last quarter and an increase of 14% in L3/L4 DDoS attacks.

More info here.

Cloud Network Components Cheat Sheet

Network components form the backbone of cloud infrastructure, enabling connectivity, scalability, and functionality in cloud services. These components include routers, load balancers, and firewalls, which ensure data flows efficiently and securely between servers and clients.

In essence, these network elements work together to create a robust and responsive cloud ecosystem that underpins modern digital services and applications.

This cheat sheet offers a concise yet comprehensive comparison of key network elements across the four major cloud providers.

For those trying to master the world of cloud security, this may serve you!

How To Become A Cyber Security Expert

There are 6 areas of focus required to climb the cyber security ladder and become a high performer.

1/ Education

  • You’re forever a student of cyber security. In your initial years you need to build strong foundational knowledge that will allow you to expand upon this learning with more complex topics. This can’t be rushed, nor is there a reason to rush.

  • Accept and embrace the fact you’re on a journey of continuous learning, and with enough time / commitment, you’ll figure things out.

  • Frameworks and models – these will mostly remain constant with minor amendments e.g. standards, TOGAF/SABSA, STRIDE/PASTA etc.

  • Technologies and capabilities – these will evolve over time, never take your finger off the pulse.

  • You don’t need to go out of your way to find and master these before you need them. Let the demands of your role guide you and seek solutions to the challenges you face.

2/ Experience

  • It’s important that you seek experiences that broaden your perspective and expand upon your expertise.

  • Wide – conquer domains and understand how the landscape intersects. Each role you take on and person you collaborate with in a different role, will help you understand how security capabilities function.

  • Deep – explore the depths of a domain you wish to specialise in. Complex challenges will arise that require more than surface level knowledge and demand an expert that can clearly articulate what is possible and propose a solution.

  • A combination of these two is what is required to achieve ‘expert’ status. You may be very knowledgeable on a specific domain, but if your solutions don’t account for wider security implications, you’re not doing your job effectively.

  • Equally, if you understand all the domains, but lack in depth knowledge, you’ll forever be reliant on others and you’ll end up being a coordinator of expertise.

3/ Tooling exposure

  • Cyber security tooling is fundamental to achieve security and business requirements.

  • The tooling market is incredibly saturated across domains. Leveraging output from the likes of Gartner and their Magic Quadrants will help you identify market leaders across these domains.

  • Having experience with a range of tooling is incredibly valuable to an organisation. You’ll have first-hand experience, giving insight into their benefits and drawbacks. You’ll have an understanding of how to use them effectively and avoid common pitfalls.

  • Many of these skills are often transferable.

4/ Soft skills

  • Communication, persuasion, inspiration, leadership, teamwork, presentation skills etc.

  • All of these are not factored into your Security+ training, or CISSP. The skills you get from them are hard skills.

  • These ‘soft’ skills are probably the biggest determining factor on how far you will go in your career.

  • What’s the point in knowing which tool is best, if you can’t persuade your peers or boss?

  • What’s the point in knowing how to improve the team’s capability, if you can’t inspire them to do so?

  • What’s the point in discovering issues if you can’t effectively communicate them and present them to leadership?

  • Cheat code for developing these skills is to work for a consultancy – it’s their bread and butter.

5/ Business focus

  • You must conquer the enterprise, to conquer security.

  • To give the ‘best’ advice possible on how an organisation should approach security, you first must understand how the enterprises works, what keeps the lights on, what are the goals, what’s the vision, what are the priorities, how is security viewed, which stakeholders are security advocates…

  • Security exists in a complex ecosystem – it’s one of many priorities, but it’s a thread that runs throughout every department.

  • A business does not go into business to comply with a security control. Security exists to support a business with achieving its goals.

  • Learn and read about the industry your business operates in – it will help you communicate with business stakeholders, showing them you understand what they’re trying to achieve.

6/ Content curation

  • You are what you consume.

  • You’re either consuming entertainment or education. The biggest advantage you can give yourself to unlock your ideal future, is to curate a content consumption model.

  • Evaluate everything you consume across mediums: socials, tv, books etc.

  • Write out 4-6 key areas of life you want to be knowledgeable on.

  • List out the ideal content sources under each of these areas.

  • Pick 1-2 you want to be an ‘expert’ in – there should be more sources.

  • Let this guide you.

7 Habits of Highly Limitless People

  1. They believe in their own potential: Limitless individuals understand that they are capable of achieving anything they set their minds to.

  2. Continuous learning: Limitless individuals never stop learning and are constantly seeking to improve themselves and their skills.

  3. Abundant gratitude: They practice gratitude, recognising and appreciating the abundance in their lives.

  4. Relentless drive: They have relentless drive, never giving up until they achieve their desired outcomes.

  5. Bold vision: They have a bold vision, setting their sights on big goals and pursuing them with passion and purpose.

  6. Radical self-care: They practice radical self-care, prioritising their physical, emotional, and mental health to fuel their limitless potential.

  7. Extreme ownership: They take extreme ownership of their lives, taking responsibility for their actions and outcomes.