The Certified Cloud Security Professional certification is offered by the ISC2 and is one of the many courses I have helped develop at ALC Training. It is proving to be one of the most popular certifications that I run....I have 11 others that cover cloud computing, agile, cybersecurity and big data areas. But why?
As you can see, it covers 6 domains and we focus on a range of techniques and best practices associated with cloud computing. For those studying CCSP, I have created a free flashcard quiz below. This is handy for anyone that is involed in CyberSecurity and is a good way to re-enforce your knowledge.
For a detailed list of learning outcomes check out the ISC2 website below....
The reason I think CCSP is popular, is because CyberSecurity is in the Top 5 items that keep senior leaders awake at night. The fear that the organisation you have worked hard to protect, could one day be maliciously attacked is a troubling thought for many...resulting in a cold sweat nightmare at 3am in the morning.
To be honest there are many things that business leaders need to consider. So let me outline 2 of the key items that spring to mind this morning....
1 - Secure the use of Identity and Access Management Systems
The key here is people....because they are the solution....not the problem. Here is a simple checklist that everyone can follow...not just at work...but also at home.
Tip 05 can be adapted for business, by building a list of trusted sources, i.e. a whitelist. You can do this manually, or by using a whitelisting tool, preferably one based on Artificial Intelligence technology. That way it can detect not just trustued sources that you list, but predict or warn when something looks malicious.
2 - Simulate Probable Security Scenarios
Again the key here is people. Create a realistic scenario....data breaches are the most common, so this is a good place to start. Brief a small number of individuals, including leadership, that you're creating a simulated security challenge....execute the scenario for real on a non-production system with the team....then treat it like a fire drill and allow the remainder of the team to see how they react and recover from the simulation. It's a bit like paintballing...where one team attacks the castle....and the other team defends it. Although in this scenario....the defending team is really ascertaining what happened and how best to protect the organisation going forward.
If you need inspiration for what threats you should be simulating....take a look at the Treacherous 12....which we cover in the CCSP course.
Have a secure and safe day beautiful people. ❤😎🚀
I've been running some DevOps, Agile and Cloud Computing courses the past 2 weeks. A common question that I'm asked...is what exactly is Agile and what does it mean to be Agile.
Simply put...Agile is a mindset...where you're able to take a problem....divide it up into very small pieces...and execute as efficiently as possible using lean flow techniques....agile principles....feedback loops....whilst allowing yourself to experiment, fail and learn to produce a significantly better outcome.
Lean flow is all about eradicating waste....things like shorten waiting times....don't pass defects or problems downstream to the next person....relying less on email and more on face to face communications....as well as experimenting with smaller targeted meetings of 30 minutes or less.
Value stream mapping is a very effective tool for understanding the flow of work between teams.....as illustrated by my fantastics students below:
Agile principles include.....decentralised decision-making by allowing others to experiment, fail and learn, whilst creating a safe enviromment...free from blame and finger pointing. Not jumping into solution-mode...instead preserving options....until much later in the solution lifecycle...thinking of functions and capabilities, rather than tech. And finally unlocking the intrinsic motiviations of knowledge workers....simply put...give your people Autonomy, Mastery and Purpose.
Below is some artifacts from a PI Planning simulation that I run on our Leading SAFe course. It's all part of the Scaled Agile Framework which includes the above Agile principles:
Finally feedback loops....by asking your client how you can improve...asking your stakeholders their key concerns....automating your tasks....especially tests....and ensuring all your work is visible...especially with a large geographically dispersed team. Using physical and digital Kanbans are great methods for reminding the team what needs to be done...and also helps to celebrate the wins...especially the small ones.
Students in my cloud security (CCSP) class are using the Kanban technique to derive work that covers some of the top cloud security threats:
What does Agile mean to you?
I love the world of social media, 🚀 because there is always something new to learn every day.
Well today I learnt all about shadowbanning. This appears to be something that is specific to twitter, but it could also easily apply to other social media networks. So what is it?
In a nutshell, its the ability for a social media platform to limit the visibility of a person's profile or their content, without suspending their account. This can happen in a number of ways. I'll use a tool called shadowban.eu to illustrate 3 ways that twitter can restrict your content or your profile.
Here is a link to the tool:
The three ways are as follows:
What is also interesting, is that I did some experimenting on various twitter accounts to see if I could establish some patterns. These accounts were from influencers that I highly admire and respect, and interact with on a frequent basis. I only performed a limited amount of experiementation, so it not's 100% conclusive, however I'd love to share what I found with you all:
Here is a link to the Kred Rules that explains in more detail how the scoring works.
The great thing about Kred, is that it's transparent.
So my conclusion is as follows.
There appears to be a correlation between twitter users that have the Search Suggestion Ban in place and rather low or zero outreach scores. This is because outreach increases when you retweet @reply or follow. Now of the 5 or so accounts that I found to be under a Search Suggestion Ban, all their outreach scores were close to zero for at least the past month.
Here is a screenshot of my Kred Outreach scores.
Twitter uses AI to determine whether my account and others are breaching their rules. So I think it's likely that for the few days, you see that Outreach points spike, is due to the twitter AI determining that I was compliant for those few days.
This evidence to date, points to two possible hypothesis:
So what can you do about it?
So option 3 it is, but keep growing other social media accounts, so you're not reliant on the single platform. I'm a keen advocate of Instagram and LinkedIn. I do use Facebook, but I've found that unless your paying to display content, most of my public posts are not very visible to the public. Maybe it's another form of shadowingbanning......
Anyway, back to the story, I carefully looked that twitter rules, did some more testing, and have developed a theory. I believe if you follow these 3 rules, you're likely to have the search suggestion ban lifted.
Let me know whether you have found any evidence to support or contradict my theory. Or maybe you're going to try to focus on those 3 things yourself. You can reach me publicly on twitter using @MusicComposer1.
My plan is to adhere to my new theory for a 2 week period and report back on my progress and findings.
I truly hope this post helps many of my followers and influencers on their social media journes.
For a full list of the twitter rules, which will aid your sleep at night, here is the link:
Not only have I been busy on the road running courses covering all things tech, I have also taken some time out to visit Las Vegas and New York. So it was all too tempting when the New York Comedy Club welcomed me into their open arms for a short open-mic session last night, at the New York Comedy Club. Check out the video below....
I also got to meet some incredible people, that I had known on twitter for a few years. Namely Kevin Jackson, who is a CyberSecurity and Cloud Computing expert and Sally Eaves, who is an AI and Blockchain specialist. Both were in Las Vegas. presenting at the Dell Tech World conference. And then onto New York City, where I met up with the following:
Check out my LinkedIn post just here:
I even spent some time talking with one of New York's professional comedians. Watch this space, as we organise a time to do an Instagram podcast special.....
I was running a DevOps Foundation course 2 weeks ago for a client and I was explaining the meaning of technical debt and cultural debt. As the conversations in the room unfolded, it became very clear to me, that every system and object in the universe starts to accrue debt. So what is debt? I'll illustrate this over a beer......
Let's take a simple object, like a beer glass. It starts it's life as silicon, is put through a manufacturing process and out pops the magical beer glass at the end. From this point onwards, it undergoes constant change. To the naked eye, this is largely invisible, but with glass in particular, over time it begins to degrade. If I were to leave the glass somewhere safe for 1000 years, the glass would have deteriorated. This is a form of debt.
On a much shorter timeframe, I would also use the glass, maybe put it in the dishwasher, handwash and dry the glass.. This too degrades the glass. It can become scratched by the dishwasher process. Pieces might break off, during use. I might even accidentally smash the glass, after a big night of drinking. I'm sure many of you have done that. I'll just finish the night with a glass of water....crash!
If you accept that all objects degrade, then that is a form of debt. Because if the debt is not managed properly it can lead to problems:
This same concept, can also be applied to systems. Here is an example of a pictoresque, natural system.
A system is an interconnection of 2 or more things:
And for those that are technical....here is a great link explanining entropy in more detail:
The key takeaway from all this, is that once you understand that every system incurs debt, you can then shift your life around how to manage that debt. Which means whenever you delay some form of action or maintenance task, you're accruing debt, which will need to be paid back. Leave it too long, and the debt becomes progressively difficult to service. Over-servicing is bad too, as it's inefficient.
Let's use another great example to illustrate this concluding point. A car is considered a reasonably complex system. Most people own a car and it's certainly one of the most complex systems to manage.
If I ignore any faults that the car develops, and don't ensure it is regularly serviced. Then it will degrade and it will stop functioning. This might take months or years.
If on the other hand, I fix any critical faults immediately, ensure it is serviced once a year as per the manual, and tend to minor faults as required, I am effectively arresting the debt on the car. Some things I can't control though, such as the wearining of the engine and other critical parts, maybe degradation of the paint finish and any rust that may accrue. However I can slow the accrual of debt on those things by:
So next time, you're thinking about making economic decisions. Don't just consider the price point. Consider the total costs of ownership of your decision and factor in the accrual of debt in the equation. Remember that debt, will always need to be paid back. And a poor economic decision will compound that debt.
Paul Colmer is a digital coach for ALC training and consulting, with a real passion for learning and applying disruptive technologies. Paul has responsibility for building and delivering ALC's digital architecture strategy and the development and execution of a number of cloud courses, including Cloud Security (CCSP), Amazon AWS, DevOps, Microsoft Azure and Office 365.