Podcast Recommendation: Cyber Security Interviews

I’ve recently set up my podcast app again (deleted all episodes and unsubscribed all podcasts), because there have been too many old episodes I will never listen to and some podcasts which I subscribed are no longer interesting for me or they are no longer actively maintained. However, there was one podcast that I really miss and which didn’t get any new episodes. I recommended Jay Schulman’s “Building a Life and Career in Security” here. Unfortunately the last episode was published more than a year ago … , but there is light at the end of the tunnel!

During the setup of my podcast app and searching for the podcasts I like to listen now I’ve found a new podcast with people from the infosec industry. It’s the Cyber Security Interviews podcast, which I highly recommend if you are interested in people in the infosec and their opinions and their path into the field. The host is Douglas Brush and he is alo on Twitter as @DouglasBrush as well as the podcast itself as @CSI_Podcast. The show picks every week someone who is working in cyber security and Douglas asks about their work, opinions on some infosec topics, how they got into the field, which advice they can give to someone starting into cyber security and so on. It is very interesting and the interviews provide insights which are relevant even outside of cyber security. At the moment, this is my favourite podcast!

What’s up next?

After some struggle in the past months I try to get my study progress back on track. Currently I’m working towards the two modules “Introduction to Mobile Application Development” and “Electronic and Mobile Services”. Both require an exam. Surprisingly the first module on mobile app development contains some practical parts. So it might not be a pure theoretical and conceptual-driven session. For Electronic and Mobile Services I’ve not spent much time at the moment. The first study letter contains a lot of information about the technical concept of computers and their networks. Because of my Computer Science degree this should be a completely revision for me.

Slow Progress

I’ve finally finished the media competency task this evening. It is part of the first modules in the Master’s study to get all students on the same level. I didn’t had this module in my Bachelors degree so I had to do it in the Masters now. The whole module is about media itself, signs, graphics, colours, perspective and so on. Some parts are very abstract and philosophical. Definitely not my favourite module and I’m happy to finish it some minutes ago. However, let’s hope for a good grade anyway. 🙂

First Steps in Python

To get my feet wet in Python, I started yesterday to solve some smaller programming challenges. I’ve created a new Github repo here and uploaded some of my Python scripts.

The language Python is often used in infosec, so I want to extend my knowledge there. After the first small tests I can tell, that the language seems at first a little bit unfamiliar. I have primarily programmed in C, C++ or Java. There you have classes or at least a main() method. Python just executes the statements in the script. So you can build a working program very fast. And the code is very small. For example, if I want the user to input a value, which I need to compute further, I need three lines in Java. The declaration of the variable, the console output and then the input reader. In Python it’s just one line:

I can’t wait to go further and explore more of the language. And while doing these small coding challenges in Python I can also train some thinking about algorithms again. 🙂

HTTPS? Not available here…

HTTPS is great. Your connection to a website is encrypted so an attacker or just an observer of the connection is not able to read the traffic. Fantastic! However, HTTPS requires a certificate that confirms you’re on the correct site and not on a fake website, used for phishing etc. There are several certificate authorities (CA) out there which can issue a certificate, but most of them require a payment. No money, no certificate.

Then Let’s Encrypt showed up. A project and an automated tool to create certificates for HTTPS connections. And even better: It’s free! Last weekend I wanted to enable HTTPS connection on my blog. I’ve also managed to create a valid certificate. Unfortunately, I was not able to configure it in my webadmin interface provided by my web hoster.

The online documentation had nothing about HTTPS as well, so I opened ticket, requesting more information about how to configure HTTPS in this environment. The answer is more than disappointing: It’s simply not possible and furthermore they do not support Let’s Encrypt in any way, but of course I can buy an extra package for encryption and then my provider will manage to set-up everything. Isn’t it nice?

No, it’s not! I wanted to use a free and widely supported service, that should be a basic procedure nowadays.
Hello! It’s 2017! Have you ever heard of Edward Snowden, the NSA and mass surveillance? Wake up!
And no, I do NOT want to buy your f***** certificate. I’m really thinking about switching my provider asap.

dev.to() Recommendation

I just want to drop this link here. dev.to() is my latest favourite website about software development. It’s kind of a blogging site like Medium, but it’s also used for discussions, sharing ideas, etc. Since some weeks I’m reading the articles and following the related twitter account @ThePracticalDev regularly. I really like the side and the mood of the community. The articles are widespread in topic and depth. There are some small, easy reads and also some more in-depth analysis and discussions. If you haven’t heard about it yet, I highly recommend taking a look at dev.to. It is also a very good source for software development related podcasts, if you’re looking for some new casts to subscribe.

Software Architecture Exam Summary

The SWA exam is done. Here are the topics and tasks of the exam:

  1. Textual specification is given. Class diagram and sequence diagram for a specific process have to be created. Design decision needed to be described shortly.
  2. Component and package diagram have to be created. And the interface between two components had to be written basically in pseudo code.
  3. Multiple tasks regarding ‘What is SOA and how does it work?’.
  4. Multiple questions about Object Orientation basics, like ‘What is a Aggregation?’, ‘What is a Composition?’, etc. and ‘Which UML diagram is best for a given scenario?’.
  5. Multiple questions about Software Architecture.

It was a good mix of practical and theoretical questions. However, I had to write a lot and now my right hand hurts. 🙂 I’m happy that I had to write only one exam today.

One Day to go for the Software Architecture Exam

There is only one day left to learn for the Software Architecture exam. At the moment I’m mostly fine with the topics. Part of the exam will be UML diagrams, especially class diagrams, component diagrams, state machines, etc. Then there might be also some questions about Object Orientation in general.

The second part is mostly architecture related. There are two topics that worry me. At first there are multiple layer concepts, for example the 4+1 architectural view model by Kruchten, the four architectural views by G. Starke, TOGAF, RM-ODP, etc. I can’t get these things in my head. They are also very similar to each other, which makes it harder to memorize each view model.
The second hard thing is the architecture description language called Z and Object-Z. This is an ADL like UML, but without graphical elements. Instead it uses predicate logic and textual description to describe the rules and functions. I’m mainly used to graphical UML diagrams, so this predicate logic stuff is a whole new world for me.

The last topics are related to Domain Driven Design and Cloud Computing, but these things are not that deeply described and therefore they should not be that hard to learn for the exam. Overall I hope that the exam will be more practical in terms of application and not so much theory related.