Cyber Security Enthusiast/Learner

  As part of my GRC studies with Inegben Academy, I'm applying the OCEG Red Book framework to real-world challenges. 1. Third Party Risk Management TPRM  Why this topic? It's one of the hottest, most tangible, and highest-impact areas in modern GRC. It sits at the intersection of cybersecurity, compliance, operational resilience, and reputation. The OCEG "Red Book" (GRC Capability Model) addresses this under components like "Manage Risk" (PRC Module) and "Objectively Verify & Review" (VV Module) concerning vendor assurance.    2. GRC Work Environment Project: "Implementing a Risk-Based Tiered Approach to Vendor Due Diligence" This isn't just a policy document; it's an operational project. Project Objectives: Categorize Vendors: Develop a methodology to tier all third parties (Tier 1 - Critical/High Risk, Tier 2 - Medium, Tier 3 - Low). Criteria include: data access, financial impact, integration with core systems, a...

Regulatory Compliance and SOC 2: Which Industries and Regulatory Standards Require SOC 2? SOC 2 compliance has become a critical benchmark for organizations handling sensitive data, especially those offering services in sectors that must adhere to strict regulatory and legal requirements regarding data protection. While SOC 2 itself is not a law, many industries have incorporated SOC 2 compliance as a necessary standard for meeting their data security and privacy obligations. Below, we explore which industries and regulatory standards require or strongly encourage SOC 2 compliance. 1. Healthcare Industry (HIPAA Compliance) In the healthcare sector, the Health Insurance Portability and Accountability Act (HIPAA) governs how healthcare organizations should manage, store, and share patient data. HIPAA mandates strict guidelines for maintaining the privacy and security of personal health information (PHI), and organizations that handle PHI are required to implement specific controls to s...

Understanding SOC 2: Types, Importance, Timeframe, TSCs, and Controls In today's highly digitized world, data security and privacy are of paramount importance. Organizations handling sensitive customer data must demonstrate their commitment to safeguarding this information. This is where SOC 2 comes into play. SOC 2 (System and Organization Controls 2) is a framework that helps service organizations demonstrate their adherence to security, availability, processing integrity, confidentiality, and privacy principles. In this blog post, we'll dive deep into what SOC 2 is, its types, the importance of achieving SOC 2 compliance, the time it takes, and the Trust Services Criteria (TSCs) along with the necessary controls for each criterion. What is SOC 2? SOC 2 is an auditing standard that was developed by the American Institute of Certified Public Accountants (AICPA). It focuses on the security, availability, confidentiality, integrity, and privacy of customer data stored in the clo...

**My Experience Earning the CRTA (Certified Red Team Analyst) Certification** I’m thrilled to share that I’ve recently earned the *Certified Red Team Analyst (CRTA)* certification from Cyber Warfare Labs (CWLabs), and I wanted to take a moment to reflect on my experience and share some insights into what the certification entails. The CRTA is a beginner-level red team certification, but don’t let the term “beginner” fool you—it’s incredibly valuable for those just starting in the world of offensive security. The certification process involves completing the *CyberWarFare Labs Red Team Analyst Course* and successfully passing a 24-hour practical exam that mimics real-world red team operations. This exam is designed to test your ability to think and act like an adversary in a highly realistic, simulated environment. **What You Learn in the CRTA Course** The CRTA course covers a comprehensive set of skills that are essential for red team analysts. Here are some of the key areas that are i...

To send a message on Skype at a scheduled time, you can use the schedule library in Python along with the skype4py library to interact with the Skype API. Here is an example of how you can schedule a message to be sent on Skype: import schedule import time import skype4py def send_message (): # Create a new Skype object skype = skype4py.Skype() # Connect to the Skype API skype.Attach() # Send the message to the desired recipient skype.SendMessage( "skype_username" , "Hello, this is a scheduled message." ) # Schedule the send_message function to run at a specific time schedule.every().day.at( "22:30" ).do(send_message) while True : schedule.run_pending() time.sleep( 1 ) This code will send a message "Hello, this is a scheduled message." to the skype user 'skype_username' every day at 22:30. You can change the schedule time and message as per your requirements. Note: In order to use this code,...

Python Scapy is a powerful packet manipulation tool that allows users to send, sniff, dissect, and forge network packets. It is written in Python and can be used for a wide range of purposes, including network security and testing, packet capture and analysis, and network protocol development. One of the primary uses of Scapy is network security testing. It allows users to create and send custom packets over the network, sniff and analyze packets, and perform various types of scans and tests to identify vulnerabilities and potential security threats. Scapy can be used to perform tasks such as port scanning, network discovery, and vulnerability assessment, as well as more advanced tasks such as packet injection and spoofing. In addition to security testing, Scapy is also commonly used for packet capture and analysis. It provides a rich set of functions and classes that allow users to dissect packets and extract specific fields and payloads. This can be useful for tasks such as analyzing...