The latest articles on DEV Community by Mukesh Verma (@mukesh_verma_). https://dev.to/mukesh_verma_ https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F819722%2Fce1a2fa3-b606-407c-8e00-bca22fb88cb4.jpg https://dev.to/mukesh_verma_ en Mukesh Verma Sat, 02 Jul 2022 15:33:53 +0000 https://dev.to/mukesh_verma_/what-to-do-in-case-of-ransomware-attack-52c0 https://dev.to/mukesh_verma_/what-to-do-in-case-of-ransomware-attack-52c0 <p>**</p> <h2> What to do in case of Ransomware Attack. </h2> <p>**<br> 1.Disconnect the infected computer. Isolate the other suspected computers from the network.<br> 2.Check other computer sand servers on the network for the signs of encryption, altered files. In case of doubt disconnect from network. Then scan from anti ransomware package without connecting to the network.<br> 3.Avoid paying Ransomware.<br> 4.Report attack to law enforcement if required.<br> 5.Rebuild your operating system, put all the latest security patches and update definitions of you AV. Don't put the generic accounts/passwords which were used earlier org wide. Attacker might have got these credentials already and he can come back on the new machine if same credentials are enabled in new machines.<br> 6.Check all directly attached network storage for the infections and disconnect them from network.<br> 7.Check for the data exfiltration.<br> 8.Warn users not to open/click any suspicious email, as this can infect their machine.<br> 9.Conduct detailed study that how the attack had happened and what was the initial infection point, what vulnerability was leveraged to further attack the systems and propagate in the environment.<br> 10.Enable MFA for users, if not enabled. </p> <p>For more information you can also reach me out <a href="mailto:mukesh@eshieldconsulting.com">mukesh@eshieldconsulting.com</a><br> <a href="http://eshieldconsulting.com">http://eshieldconsulting.com</a></p> ransomeware protection cybersecurity itsecurity Mukesh Verma Fri, 06 May 2022 11:32:32 +0000 https://dev.to/mukesh_verma_/how-to-make-your-career-in-cyber-security-54bk https://dev.to/mukesh_verma_/how-to-make-your-career-in-cyber-security-54bk <p>Hi I am Cyber Security professional with 12 Plus years of experience and the below certifications</p> <p>▪ISO 27001:2005 and ISO 27001:2013 (ISMS-LA)</p> <p>▪CISA (Certified Information Systems Auditor) ( ISACA)</p> <p>▪CRISC (Certified in Risk and Information Systems Control) (ISACA)</p> <p>▪CISM (Certified Information Security Manager) (ISACA)</p> <p>▪SANS 504 Hackers Tools Techniques Exploits and Incident Handling, GIAC GCIH Certified.</p> <p>▪CISSP (Certified Information Security Professional) (ISC2)</p> <p>▪CCSK (Certificate of Cloud Security Knowledge (Cloud Security Alliance)</p> <p>▪CDPSE (Certified Data Privacy Solutions Engineer) (ISACA)</p> <p>▪OSCP(Offensive Security Certified Professional)</p> <p>▪ISO27001:2013 ISO/IEC 27001. Information Security Management System 2022</p> <p>▪ISO/IEC 27701. Privacy Information Management System 2022</p> <p>▪ISO 22301 Business Continuity Management System. 2022<br> I am planning to write article for the upcoming hackers. So that people looking for resources can kickstart their career.</p> <p>After completing education and gaining experience below is my summary which I will recommend to the new comers in the domain.</p> <h1> Cyber Security is big vast subject. One need to build basic foundation of IT and then start with cyber security. </h1> <h1> Some of the subdomains of Cyber Security are </h1> <p>1)Information Security Governance and Compliance (ensuring Policy Procedures, are implemented and followed)<br> 2)Vulnerability Management &amp; Penetration Testing (Web, Mobile, Infrastructure)<br> 3)Information Security Monitoring and Response (Monitorring for threats and security incidents in real time and responding)<br> 4)Information Security Risk Management(Managing the Information Security risks for the organization considering external, internal local and regulatory requirements )<br> There can be further segregation you can see in companies.</p> <p>Most of the newcomers get attracted towards ethical hacking, bug bounty. This is great but it requires lot of exposures and understanding to do excel and for beginners I will recommend to understand the basics and then jump into it.</p> <p>Cyber Security is domain where you need to be pushing yourself every days and you need to be aware of what all things are happening in the domain specially for bug hunters, and vulnerability management candidates. </p> <p>New comers should try and understand basic concept of all the subdomain and then pick one and then start working on it.<br> If you need any support or help you can reach me out directly at twitter: mukesh_verma_<br> or <a href="mailto:mukeshverma@msn.com">mukeshverma@msn.com</a></p> <p>This blog is sponsored by<br> <a href="https://mditservices.in">https://mditservices.in</a><br> <a href="http://eshieldconsulting.com/">http://eshieldconsulting.com/</a><br> <a href="http://eshieldconsulting.in/">http://eshieldconsulting.in/</a></p> cybersecurity career internship beginners