Yoo. Welcome to Issue #01 of Navigating Security.

🍃Quote of the week:

TLDWTR 🙄

• When you get sick take a break

• Some of the best cloud security (pentesting) resources - AWS & more

• Security frameworks are for old heads?

⏱️ Incase you missed the previous issue, here you go:

This Week’s YouTube Video:

Life & Sickness 🤧

I was utterly sick since the day of the first release of this newsletter. Seems it came with a curse, but I am recovering now so hopefully you’ll have more to read next week.

CloudBreach’s Breaching AWS Course 👨🏾‍💻

So I recently passed the OAWSP certification by CloudBreach. It was a great course followed by a great exam as well. A full review will be coming on the channel so look out for that. Here’s a highlight of some of the cool things I learned:

Very Long List of Cloud Security Stuff 📃

Bumped into this list of resources for Cloud Security on Linkedin. Enjoy!

Frameworks & Other ‘Boring’ Stuff 🪪

A big reason why millennials and the generations preceding them don’t like us (Gen Z) is because we consider the aspects of security they find interesting rather tedious. Who wants to go all in with security frameworks and compliance stuff right? Well, I had to do a bunch of reading on security frameworks this week, and here’s the gist of it:

Compliance vs Security

While compliance is focused on meeting set standards and is a part of security, true cybersecurity goes beyond said ‘set standards’, encompassing proactive risk management and continuous adaptation to emerging threats. Being compliant does not automatically equate to being fully secure.

Frameworks You Might Want To Know

ISO 27001 & ISO 27002

ISO 27001 focuses on establishing a risk-based approach and implementing an Information Security Management System (ISMS), while ISO 27002 provides specific security control guidelines.

NIST Cybersecurity Framework (CSF)

Developed by the U.S. National Institute of Standards and Technology, this framework provides a policy framework of computer security guidance for how private sector organizations can assess and improve their ability to prevent, detect, and respond to cyber-attacks.

CIS Controls

A set of best practices developed by the Center for Internet Security (CIS) to help organizations defend against known cyber attack vectors.

PCI DSS

The Payment Card Industry Data Security Standard is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment.

HIPAA Security Rule

Applies to the healthcare industry; it establishes national standards to protect individuals' medical records and other personal health information.

Suggestions

Hit me up on Discord or LinkedIn if you have anything you feel would be cool to include. Thanks, Cheers.