DEV Community: DAPHNE Chiedu

## My First Git Tree

DAPHNE Chiedu — Thu, 06 Nov 2025 17:19:54 +0000

This post walks through how I created a simple Git workflow on GitLab, worked across branches, and handled my first merge conflict with confidence.
So I built a small project called daph-git-tree to visualize the flow of branching and merging. It wasn’t about complex code,just understanding how branches evolve and come back together.
I began with a few commits on main:
Initial commit
first commit
second commit
third commit

Then I created a branch from an older commit instead of the latest one. GitLab’s dropdown didn’t make that obvious, but I found the option by opening the commit details and creating a new branch from there. That’s how feature-branch was born.
From there, I worked on both branches in parallel — small text changes, nothing dramatic, but it made me appreciate how Git isolates work.

When it was time to merge, GitLab threw my first conflict warning. Both branches had modified the same README section differently, so Git needed me to decide what stayed. It looked something like this:
<<<<<<< feature-branch

My changes

Main branch changes

main
I picked the final version I wanted, removed the markers, saved the file, and completed the merge. N
Opening the repository graph afterward was the best part. I could see my branches split and merge visually, which is exactly how teams collaborate every day.

Along the way, I made some small mistakes: committing to the wrong branch, getting confused in the Web IDE, or forgetting which file I’d just edited.

By the end, I’d practiced:
Creating and merging feature branches
Handling merge conflicts
Reading Git graphs to visualize work history
Making (and fixing) real mistakes without fear

It reminded me that Git isn’t about memorizing commands and more about building habits around clarity, versioning, and collaboration.

The repo graph now has extra commits from my learning curve, but I kept them all. They tell the real story of how understanding grows through use.

Internal IT Audit Using the NIST Cybersecurity Framework – Case Study of Botium Toys (Coursera Portfolio Activity Work)

DAPHNE Chiedu — Tue, 15 Jul 2025 15:43:37 +0000

During my free time, I decided to take cybersecurity coursework through Coursera. I had the opportunity to simulate an internal IT audit for a fictional company called Botium Toys. This exercise was designed to apply real-world audit skills using the NIST Cybersecurity Framework (CSF) and provided insight into how businesses can proactively manage cyber risks while maintaining regulatory compliance.
Botium Toys is a small U.S.-based toy business with a single physical location that also functions as a warehouse and storefront. Due to growing online sales, including international customers in the E.U., their IT department is under pressure to secure infrastructure and comply with relevant laws and standards—especially around online payments and data protection.

To address these concerns, the IT manager initiated an internal IT audit with the following goals:

Improve infrastructure security posture
Identify risks and vulnerabilities to critical assets
Ensure compliance with E.U. and U.S. regulations (such as GDPR and PCI DSS)
Align with the NIST Cybersecurity Framework

I performed a security audit by evaluating Botium’s environment against standard security controls and compliance best practices. Here's a summary of the assessment:
No formal patch management process exists, recommend establishing one.
MFA is missing for admin accounts; recommend immediate deployment.
Current system lacks necessary encryption and logging controls.
Lacks clear data handling policies and user consent protocols.
Recommendation for the IT Manager
To support Botium’s growth and compliance needs, I recommend the following:

Implement a robust patch management system to reduce software vulnerabilities.
Deploy multi-factor authentication, especially for privileged accounts and remote access.
Update incident response and disaster recovery plans and conduct tabletop exercises.
Ensure PCI DSS and GDPR compliance by consulting with legal and security professionals, especially around secure payment processing and customer data protection.
To validate my internal audit report, I reviewed my work using the course-provided checklist.
This audit project is now part of my cybersecurity portfolio. Feel free to connect with me if you’d like to collaborate or chat about NIST CSF, compliance, or internal audits!

Real-time cloud security thinking bigger

DAPHNE Chiedu — Fri, 11 Apr 2025 17:36:26 +0000

I just watched a Palo Alto Networks LinkedIn Live on cloud security, and one question really made me think:
What happens when you're using AI services across multiple cloud providers?
Someone mentioned how Amazon Bedrock Guardrails can block bad inputs or outputs using filters. Cool, right? But Palo Alto flipped the script: What if you're not just using AWS? What if your data and apps live on AWS, Azure, and GCP?
That hit me. As a cybersecurity beginner (with GSEC, GFACT, and GCIH under my belt), I’m learning that real-time protection isn’t just about having a security tool — it’s about having the right kind of visibility everywhere.
Zero-day attacks don’t wait. You need tools that can understand your normal behavior, spot something weird, and act fast — no matter where your services are running.
One session, and I’m rethinking how big the cloud really is.
Would love to hear how others are thinking about multi-cloud security. What tools are you looking at?

Identity Theft- a Ad Perspective

DAPHNE Chiedu — Fri, 04 Apr 2025 12:43:41 +0000

I recently came across a TELUS ad on identity theft, and it made me question “how safe am I, really?” The ad had creatively highlighted identity theft by showing a man impersonating a parent pushing a stroller with a teddy instead of a child, while another person receives an alert about their identity being used elsewhere. This perfectly captured the unsettling reality of how easy it is for someone to steal your personal information and hurt you. One moment, you’re just going about your day, and the next, a stranger is using your identity to incur debt, access your accounts, or even commit crimes in your name. It also showed how subtle identity theft can be. The ad didn’t show some hacker in a dark hoodie typing away in a basement no, it was normal, everyday situations where someone was being impersonated and may have unknowingly given away their personal information through a fake email, an innocent-looking link, a quick phone call from “your bank”, a sketchy WiFi network. And that’s it!
As someone who’s just transitioned into cybersecurity and earned certifications from SANS Institute I’ve been learning a lot about the real-world threats out there. But this ad reminded me that it’s not just technical knowledge that matters. It’s everyday awareness.
Rethink your digital habits. Am I using strong passwords? Do I have multi-factor authentication enabled? Have I been too trusting with my personal information online.
What I found cool is that TELUS offers Online Security powered by Norton with tools that go beyond antivirus, things like identity monitoring, credit alerts, and even identity theft recovery services. It’s not magic, but it’s a layer of protection that buys you time and peace of mind.
That ad reminded me that good cybersecurity is more than just certifications or firewalls—it’s also about everyday awareness and action.

How my Kid’s tablet turned me into a Cybersecurity Analyst

DAPHNE Chiedu — Wed, 26 Mar 2025 01:36:49 +0000

How My Kid’s Tablet Turned Me Into a Cybersecurity Analyst
As a parent, I want my child to explore technology safely. But as someone stepping into the world of cybersecurity, I can’t help but instinctively assess risks even with something as mundane as my kid’s Lenovo Yoga Tab (Android).
Today, what started as a simple parental check-in quickly turned into an exercise in risk assessment, threat modeling, and log analysis and it's quite hilarious.
Before handing over the tablet, I did what any cybersecurity professional would do assess its attack surface. I know that outdated systems are a playground for exploits, so I checked if the tablet had the latest Android security patches and updated apps. I also disabled unnecessary permissions, and turned off developer mode to minimize potential risks. Keeping everything updated is the first line of defense.
Downloading a “harmless” kids' app should be simple, right? Not necessarily. Before installing, I would always check what data it collects and where that data goes. I also reviewed permissions: does a drawing app really need access to the microphone, location, and contact list? If so, why? Threat modeling isn’t just for businesses, it’s a mindset. Before trusting an app, I ask: What’s its purpose? What does it access? Where does my data go?
I make it a habit to review app permissions weekly. Checking which apps have gained new permissions since the last review, removing apps that are no longer in use, and I realized what i was doing was what any Security Operations Center (SOC) team would do to monitor logs for anomalies. Continuous monitoring is key.
Securing my kid’s tablet wasn’t just about protecting a single device—it was a hands-on exercise in real-world cybersecurity thinking. The same principles apply whether you’re securing a personal device or a large enterprise network: assess vulnerabilities, model threats before trusting applications, and continuously monitor and review permissions. I believe cybersecurity isn’t just for IT professionals it’s for everyone. And sometimes, it starts with a kid’s tablet.