Cyber risk is calculated by considering the identified security threat, its degree of vulnerability, and the likelihood of exploitation. At a high level, this can be quantified as follows:
Cyber risk = Threat x Vulnerability x Information Value

In the newly revised How to Measure Anything in Cybersecurity Risk, Second Edition, a pioneering information security professional and a leader in quantitative analysis methods delivers yet another eye-opening text applying the quantitative language of risk analysis to cybersecurity. In the book, the authors demonstrate how to quantify uncertainty and shed light on how to measure seemingly intangible goals. It's a practical guide to improving risk assessment with a straightforward and simple framework.

How to Measure Anything in Cybersecurity Risk
Second Edition
DOUGLAS W. HUBBARD
RICHARD SEIERSEN
Logo: Wiley
Copyright © 2023 by John Wiley & Sons, Inc. All rights reserved.
https://lnkd.in/euz7HM8Y

-Business Secure Continuity-
1402.03.21
#cybersecurity #job #training #help #university #future #security #business #sansinstitute #eccouncil #iso22301 #nistcybersecurityframework #isaca #cissp
#isc2 #redteam #blueteam #csirt #forensics #splunksecurity #siem #otsecurity

@Engineer_Computer

#ProgrammingLanguage

The most common programming languages ​​since 2000


-Business Secure Continuity-
1402.03.23
#cybersecurity #job #training #university #future #security #business #sansinstitute #eccouncil #iso22301 #nistcybersecurityframework #isaca #cissp
#isc2 #redteam #blueteam #csirt #forensics #splunksecurity #siem #otsecurity
#tenable #nessus #ibm #emc #vmware #pentesting #eccouncil #sans #microsoft #cisco #ise

https://www.linkedin.com/posts/diyako-secure-bow_programminglanguage-cybersecurity-job-activity-7074428330229293056-52kk?utm_source=share&utm_medium=member_ios

@Engineer_Computer

#DiyakoSecureBow

No Network Access
Sandboxes don't have network access, so if a malicious document can compromise one, it can't phone home

Optional OCR
Dangerzone can optionally OCR the safe PDFs it creates, so it will have a text layer again

Reduced File Size
Dangerzone compresses the safe PDF to reduce file size

Open Docs Safely
After converting, Dangerzone lets you open the safe PDF in the PDF viewer of your choice, which allows you to open PDFs and office docs in Dangerzone by default so you never accidentally open a dangerous document

HOW IT WORKS
Dangerzone works like this: You give it a document that you don't know if you can trust (for example, an email attachment). Inside of a sandbox, Dangerzone converts the document to a PDF (if it isn't already one), and then converts the PDF into raw pixel data: a huge list of of RGB color values for each page. Then, in a separate sandbox, Dangerzone takes this pixel data and converts it back into a PDF.

#cyberresilience #event #stage #business #help #siem #threatintelligence #threatdetection #threathunting #threatvulnerabilitymanagement #threatanalysis #network #data #pdf #email #like

Open source #siem tools
@Engineer_Computer

SOC, SIEM, and SOAR are often discussed separately.

👉 Get A Complete Set of Cybersecurity Template Bundle: https://excellog.biz/l/cybersecurity-complete-suit?layout=profile
✔️ Editable | ✔️ Practical | ✔️ Instant Download | ✔️ No learning curve
Get organized faster, work smarter, and manage with confidence.

But in modern cybersecurity operations, they work together as an end-to-end threat detection and response ecosystem.

Each component plays a distinct role in protecting the organization.

✔️ SOC - Security Operations Center
The operational team responsible for monitoring, investigating, and responding to security incidents.
SOC analysts analyze alerts, hunt threats, contain attacks, and coordinate incident response.

✔️ SIEM - Security Information & Event Management
The detection engine that collects and analyzes security logs from across the environment.
It aggregates data from firewalls, endpoints, servers, cloud platforms, and applications to identify suspicious activity.

✔️ SOAR - Security Orchestration, Automation & Response
The automation layer that orchestrates workflows and executes response actions automatically.
SOAR reduces manual effort by automating tasks such as alert enrichment, threat intelligence lookups, ticket creation, and containment actions.

When combined, they create a powerful security workflow:

Logs & Events → SIEM Detection → SOC Investigation → SOAR Automated Response

The objective is simple:

• Detect threats faster
• Respond to incidents quickly
• Reduce analyst workload
• Improve consistency in security operations

Modern security teams measure success through key metrics such as:

• MTTD - Mean Time to Detect
• MTTR - Mean Time to Respond

Organizations that integrate SOC, SIEM, and SOAR effectively build faster, smarter, and more automated security operations.

For cybersecurity professionals:

Which capability is the biggest challenge in SOC environments today?

▪️ Reducing false positives
▪️ Automating incident response
▪️ Integrating security tools
▪️ Threat detection accuracy
▪️ Analyst skill shortages

Interested to hear your perspective 👇

#CyberSecurity #SOC #SIEM #SOAR #SecurityOperations #ThreatDetection #IncidentResponse #CyberDefense #SecurityAutomation

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

🚨 A real SOC Analyst does not just close alerts.
They investigate, correlate, contain, and communicate.

I’ve been reviewing a SOC Analyst Technical Assessment, and it highlights something many people still misunderstand about the role:

Being a SOC Analyst is not just about staring at dashboards.
It is about making the right judgment under pressure.

What stood out to me most is how realistic the assessment is.

It tests the exact skills that matter in the real world:

✅ SIEM alert triage
• separating true positives from false positives
• prioritizing incidents correctly
• recognizing brute force, phishing, malware, and benign IT activity

✅ Log analysis and threat hunting
• identifying suspicious RDP activity
• spotting privilege escalation
• noticing command-line abuse
• correlating firewall, Windows, EDR, and SMB-related events

✅ Attack chain thinking
• mapping activity to the MITRE ATT&CK stages
• understanding initial access, execution, persistence, privilege escalation, defense evasion, and exfiltration

✅ Incident response under pressure
• isolating affected systems
• blocking SMB spread
• identifying IOCs
• building timelines
• recommending containment and remediation actions

✅ Written communication
• turning technical findings into an executive summary
• explaining business impact
• giving clear next steps after a ransomware incident

That is the part I like most:

A strong SOC Analyst is not just technical.

They must also be able to:
• think critically,
• connect small signals,
• understand attacker behavior,
• write clearly,
• and explain risk in a way the business can act on.

The uncomfortable truth?

A lot of people think SOC work is repetitive.

But real SOC work is where:
• false positives waste time,
• missed signals become breaches,
• and one bad decision can change the impact of an incident.

This assessment proves something important:

SOC is not about tools alone.
It is about analysis quality.

👇 Don’t just like comment:

What do you think is the most important SOC Analyst skill today?

A) Alert triage
B) Log correlation
C) Threat hunting
D) Incident response
E) Reporting and communication

Comment A / B / C / D / E I’m curious what security professionals value most in real environments.

#SOC #SOCAnalyst #CyberSecurity #SIEM #ThreatHunting #IncidentResponse #LogAnalysis #BlueTeam #ThreatDetection #MITREATTACK #Ransomware #EDR #SecurityOperations #InfoSec #CyberDefense #DFIR #DetectionEngineering #SecurityMonitoring #AnalystMindset #CyberCareer

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

🛡 Wazuh Mastery Pack · 01 of 15 — Installation & Setup

The single most repeated question from juniors picking up Wazuh:
"Where do I even start?"

This first cheat sheet gets a Wazuh stack from zero to producing alerts in under 30 minutes — Manager, Indexer, Dashboard, Agents, all the ports you must open, and the verification one-liners I run before walking away from any new install.

A few non-obvious things people miss on day one:
- The all-in-one assistant script (wazuh-install.sh -a) is a lab/PoC tool — don't ship it to prod
- /var/ossec/wazuh-install-files.tar contains your initial creds. Move it to a vault. Lose it = full reinstall.
- Prefer TCP/1514 over UDP for event ingest — UDP silently drops events under load
- Always run /var/ossec/bin/wazuh-control configtest before restarting the manager

If you're starting your Wazuh journey this week, this one is for you.


#Wazuh #SIEM #SOC #CyberSecurity #BlueTeam #InfoSec #OpenToWork

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

🛡 Wazuh Mastery Pack · 02 of 15 — CLI Commands

The Wazuh GUI is great. The CLI is where you actually solve problems at 2am.

This cheat sheet is the muscle memory I wish I'd had on day one — service control, agent management, live log testing with wazuh-logtest, cluster operations, and the file paths you'll touch a thousand times.

Three commands every Wazuh operator should burn into memory:

🔹 /var/ossec/bin/wazuh-control configtest
→ validates ossec.conf BEFORE you restart in production. Has saved me from at least three outages.

🔹 /var/ossec/bin/wazuh-logtest
→ paste a raw log line, see exactly which decoder and which rule fires (or doesn't). Single best tool for tuning custom rules.

🔹 /var/ossec/bin/agent_control -l
→ shows every agent and its connection status. Faster than the dashboard when you just need a quick health check.

If you operate Wazuh and aren't using these, you're doing it the hard way.

#Wazuh #SIEM #SOC #BlueTeam #DevSecOps #CLI #InfoSec

📱 Channel : @Engineer_Computer

🛡 Wazuh Mastery Pack · 03 of 15 — Configuration Files

Wazuh's power lives in three XML files:

🔹 /var/ossec/etc/ossec.conf — manager's brain
🔹 /var/ossec/etc/shared/default/agent.conf — central agent policy
🔹 /var/ossec/etc/rules/local_rules.xml — your custom detections

This cheat sheet ships ready-to-paste blocks for all three — the global section, the <remote> block agents connect through, central agent policy that pushes to every endpoint, and a working custom rule template.

The single biggest mistake I see in custom rules:
👉 Using rule IDs below 100000.
The 1–9999 range is owned by Wazuh's built-in ruleset. Collide with it and your rule will silently lose to the built-in. Always use 100000 and above for your custom detections.

If you're tuning Wazuh this week, save this one.

#Wazuh #SIEM #SOC #DetectionEngineering #InfoSec #BlueTeam

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

🛡 Wazuh Mastery Pack · 04 of 15 — Rules & Decoders

Detection engineering with Wazuh comes down to two artifacts:

📜 Decoders — pull structure out of unstructured logs
🚨 Rules — turn structured fields into alerts

This cheat sheet is the anatomy of both: alert levels 0–16 and what they actually mean, the rule ID ranges that keep you from colliding with built-ins, the chained-rule pattern (if_matched_sid + frequency + timeframe) that detects brute-force behavior, and a working decoder for a custom application log.

A practice that separates senior detection engineers from juniors:
👉 Every rule should map to a MITRE ATT&CK technique.
<mitre><id>T1110</id></mitre>

It costs nothing, takes seconds, and makes your alerts speak the same language as every threat report on the planet.

#Wazuh #DetectionEngineering #SIEM #MITREATTACK #SOC #ThreatHunting #InfoSec

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

🛡 Wazuh Mastery Pack · 05 of 15 — Wazuh API Anything you can do in the Wazuh dashboard, you can automate via the REST API on port 55000. This cheat sheet is the muscle: token auth, the endpoints I hit weekly, filtering and pagination, and curl one-liners you can drop into a Bash script today. Three workflows the API unlocks:
🔹 Mass-restart agents after a rule change → PUT /agents/restart (no more clicking through 200 hosts)
🔹 Auto-decommission stale agents → GET /agents?lastKeepAlive&status=disconnected → DELETE the list
🔹 Pipe rule and SCA data into your own dashboards → no need to touch OpenSearch directly Tokens expire in 15 minutes by default. Re-auth in your script, don't hardcode them.

#Wazuh #API #SIEM #Automation #SOC #DevSecOps #InfoSec

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer

🛡 Wazuh Mastery Pack · 06 of 15 — Wazuh Query Language (WQL)

Triage speed = how fast you can write the right query.

This cheat sheet is the field-level reference for filtering alert data inside the Wazuh Dashboard — exact-match, ranges, boolean logic (AND / OR / NOT), wildcards, and the fields you'll reach for every shift.

The three queries every SOC analyst should know by heart:

🔹 rule.level >= 12
→ only critical alerts. Cuts the noise instantly during triage.

🔹 rule.groups: "authentication_failed" AND NOT data.srcuser: "backup"
→ real failed-auth events, minus your noisy service accounts.

🔹 rule.mitre.id: "T1110"
→ every brute-force alert across your fleet, in one click.

Save these as Saved Searches in the Dashboard. Triage time drops by half.

#Wazuh #SOC #ThreatHunting #SIEM #BlueTeam #SecurityAnalyst #InfoSec

🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer