Samer Aoudi
Courses Ethical Hacking Web Security Tutorials Digital Forensics Risk Management Intro to Information Security Incident Response
CTF Platform Career Paths Certifications Security Tools Commands Cheatsheet Awareness Blog About LinkedIn
Cybersecurity Simplified
Considering a career in Cybersecurity, or looking for resources?

Are you considering a career in cybersecurity but not sure where to start? Or perhaps you are already in cybersecurity but overwhelmed and confused? Well, from my professional experience, you are not alone. The field of cybersecurity can be overwheling but data shows it is a career worth pursuing for several reasons:

  1. Growing demand
  2. High earning potential
  3. Career advancement opportunities
  4. Personal fulfillment

We live in times where not only is information our most valuable resource, but also it is literally money (Bitcoin, anyone?!). To manage this critical resource, we rely on Information Technology; to protect it, we employ Information Security. After all, we want our information to be safe from threats. If you are considering a career in Cybersecurity, or just curious, you've come to the right place. Welcome to my website.

Samer Aoudi
Disclaimer: The website is still work in progress. We are doing our best to making it fully ready soon.
#cybersecurity #digitalforensics #pentesting #ethicalhacking #websecurity #onlinelessons

Learn Cybersecurity
Learn
Cybersecurity lessons and tutorials
Learn Cybersecurity
Read
Cybersecurity awareness blog
YouTube Channel
Watch
Cybersecurity YouTube Channel      
Cybersecurity Careers
Explore
Cybersecurity job market & insights
The Cybersecurity Learning Journey

The process of gaining new information, skills, and understanding through education and experience is a journey we must all make. Our learning journey is a distinct and dynamic process that differs for each person and can take a variety of shapes and directions. To help you organize your thoughts and get started in the field, we outlined a learning journey in Cybersecurity for you:

Discover: What is Cybersecurity?

While Information Security is a more general term referring to the state of information being safe from threats, Cybersecurity specifically deals with threats in the cyberspace. In other words, the technology component of information security. We will be using the terms Information Security and Cybersecurity interchangeably throughout the website.

Cybersecurity threats are an intrinsic part of our digital world. The boundaries between our physical world and the digital one are slowly diminishing. Cybersecurity attacks target the increased complexity of electronic infrastructure and the sensitivty of digital resources. Cybersecurity risks affect individuals, communities, organizations, and entire economies. Cybersecurity risk can harm an organization in so many ways. Cybersecurity is a critical component to identify, assess, and mitigate risk.

Watch a Short Video

Discover: Is Cybersecurity for me?

The best way to know if cybersecurity is right for you is to learn more about it, and we hope this website will help you. Research and understand what cybersecurity is, what kind of skills and commitment it requires, and what career paths are out there. A good way to start is to talk to a career counselor or an academic advisor. In case you don't have access to either, we collated a set of questions that can help you can get a sense of whether cybersecurity may be a good fit for you.

A strong interest in computer security and problem-solving, as well as strong analytical and logical skills, may be helpful for a career in cybersecurity. Similarly, the ability to work well under pressure and handle multiple tasks at once, as well as strong communication and teamwork skills, can also be important for success in this field. Additionally, a willingness to commit to ongoing learning and professional development is essential for staying current in the rapidly-evolving field of cybersecurity.

#uae #cybersecurity #tdra #desc
Navigating the Ever-Changing Landscape of Cybersecurity

In today's world, the use of technology has become ubiquitous, with the internet and various digital devices being an integral part of our lives. However, with increased connectivity comes the risk of cyber-attacks and data breaches, making cybersecurity an essential field to protect sensitive information. As technology continues to evolve and cyber threats become more sophisticated, the landscape of cybersecurity is constantly changing, requiring organizations and individuals to adapt and stay up-to-date with the latest best practices and technologies.

Because cyber threats are constantly evolving, cybersecurity professionals must be constantly learning and adapting to stay ahead of them. Thus, as a future cybersecurity professional, you wiuld need a range of technical skills, including knowledge of programming languages, operating systems, and networking. You would also need strong analytical and problem-solving skills to identify and mitigate potential threats.

Cybersecurity is a broad field with a variety of career paths and a broad range of skills, and therefore the start can be overwhelming. Let us take a look at these two important aspects:

  1. Cybersecurity Domains
  2. Cybersecurity Careers

Cybersecurity Domains

A domain, in cybersecurity, is an area that consists of a set of related activities aimed at achieving specific outcomes. When you research cybersecurity domains, you might come up with quite a few. WHile the naming may differ, in essence they should collectively cover all aspects of security. In my opinion, the best two reference when it comes to cybersecurity domains are the NIST Cybersecurity Framework and the CISSP Information Security Domains.

CISSP
CISSP (Certified Information Systems Security Professional) is an independent information security certification granted by the International Information System Security Certification Consortium, also known as (ISC)². The certification is globally recognized and demonstrates an individual's knowledge and skills in the field of information security. CISSP is highly valued in the industry and can lead to better career opportunities and higher salaries for professionals in the field of information security.

The CISSP defines eight domains which are highly referenced in the industry due CISSP's global recognition:

Security &
Risk Management

Security Architecture &
Engineering

Identity &
Access Management

Security
Operations

Asset
Security

Communication &
Network Security

Security Assessment &
Testing

Software Development
Security

NIST Cybersecurity Framework
The NIST security framework is a comprehensive set of guidelines, standards, and best practices for improving cybersecurity across various industries and sectors. It was developed by the National Institute of Standards and Technology (NIST) in response to an executive order by the President of the United States in 2013.

The NIST security framework provides a risk-based approach to cybersecurity that organizations can use to assess and manage their cybersecurity risks. The framework is built around five core functions:

  1. Govern: This function focuses on establishing, communicating, and monitoring an organiztion's cybersecurity risk management strategy, expectations, and policy.
  2. Identify: This function focuses on understanding the assets, systems, and data that need to be protected and the potential risks to those assets.
  3. Protect: This function focuses on implementing safeguards to protect the assets identified in the Identify function, including access controls, security training, and security policies and procedures.
  4. Detect: This function focuses on identifying cybersecurity events as they occur and taking appropriate action to mitigate their impact.
  5. Respond: This function focuses on developing and implementing plans to respond to cybersecurity incidents, including communication plans, incident response plans, and recovery plans.
  6. Recover: This function focuses on restoring normal operations after a cybersecurity incident, including analyzing the incident, assessing the damage, and implementing improvements to prevent similar incidents in the future.

#cybersecurity #cissp #nist
Cybersecurity Careers

Cybersecurity is an increasingly important field as more and more of our lives move online, making it a growing industry with plenty of job opportunities. Factors like high demand, competitve salaries, and opportunities for growth, make a career in cybersecurity a good choice.

Of course, like any career, there are also potential downsides to working in cybersecurity. For example, the job can be stressful and require long hours, particularly during a crisis or after a cyberattack. Additionally, some people may find the work to be repetitive or overly technical.

NIST NICE Framework

Those who are seeking a career in Cybersecurity, must first understand the workforce dynamics; a good starting point is the NICE Framework. The NIST NICE (National Initiative for Cybersecurity Education) framework is a set of guidelines developed by the National Institute of Standards and Technology (NIST) to help organizations manage and reduce cybersecurity risk.

The NICE framework provides a common language and set of categories to describe cybersecurity work, as well as a structured approach to organizing and managing cybersecurity efforts. The framework is designed to be flexible and scalable, so that organizations of any size and in any industry can use it to improve their cybersecurity posture.

By using the NICE framework, organizations can better understand their cybersecurity risks and identify areas for improvement, as well as develop and implement a comprehensive cybersecurity program that meets their unique needs and requirements. For individuals, the NICE framework provides a good reference for udnerstanding the cybersecurity career path.

#careers #nist #niceframework
Ads by Google
Cybersecurity in the UAE

The cybersecurity industry in the UAE is rapidly growing, driven by the government's commitment to creating a secure digital environment. The country's position as a global business hub has also contributed to the growth of the industry, as companies seek to protect their data and infrastructure from cyber threats. The UAE has established several government initiatives, such as the National Electronic Security Authority (NESA), to promote cybersecurity and ensure the protection of critical information infrastructure. In addition, there are a number of private cybersecurity companies operating in the UAE, providing a range of services including cybersecurity consulting, threat intelligence, and incident response. The UAE is also investing heavily in developing its cybersecurity talent pool, with several universities offering courses in cybersecurity and the government providing training and certification programs for professionals. However, like other countries, the UAE faces challenges in terms of cyber threats, such as increasing sophistication of attacks and a shortage of skilled cybersecurity professionals.

The National Cybersecurity Strategy

One key aspect of cybersecurity in the UAE is the development of strong and effective regulatory frameworks. The UAE has a number of agencies and organizations that are responsible for regulating and enforcing cybersecurity standards and practices, including the National Electronic Security Authority (NESA) and the National Computer Emergency Response Team (aeCERT). These organizations work to ensure that businesses and individuals in the UAE are aware of and comply with best practices for protecting against cyber threats.

In addition to regulatory measures, the UAE has also invested in a range of technological solutions to enhance cybersecurity. For example, the government has implemented advanced firewall systems and other security measures to protect against cyber attacks and data breaches. It has also established partnerships with leading cybersecurity firms and organizations to access cutting-edge technologies and expertise.

UAE Cybersecurity Strategy

Despite these efforts, the UAE remains vulnerable to a range of cyber threats, including malware, phishing attacks, and other forms of cybercrime. To address these threats, the government has encouraged businesses and individuals to adopt strong passwords and other security measures, and has provided education and awareness programs to help people understand how to protect themselves online.

"The UAE's National Cybersecurity strategy aims to create a safe and strong cyber infrastructure in the UAE that enables citizens to fulfill their aspirations and empowers businesses to thrive. The updated version of the strategy was launched in 2019 by Telecommunications and Digital Government Regulatory Authority (TDRA), the entity which is responsible for the ICT sector and digital transformation in the country. The strategy is based on 5 pillars and 60 initiatives aiming to mobilise the whole cybersecurity ecosystem in the UAE."

The strategy focuses on four key areas:

Prevention

This involves raising awareness, promoting good practices, and encouraging companies to implement effective measures.

Protection

This pillar focuses on protecting critical infrastructure and national assets, including the government's networks and systems.

Response

This involves developing a comprehensive Incident Response (IR) plan and establishing a dedicated Cyber IR Team (CIRT).

Recovery

This pillar focuses on developing effective recovery plans to ensure that critical systems are quickly restored after disasters.

To achieve the aspirations of this strategy, the UAE government will mobilize the whole ecosystem to deliver ~60 initiatives across 5 pillars:

  1. Cybersecurity Laws & Regulations: Strengthening the legal framework for cybersecurity and improving coordination between government agencies and the private sector.
  2. Vibrant Cybersecurity Ecosystem: Investing in cybersecurity research and development to support innovation and enhance the country's cybersecurity capabilities.
  3. National Cyber Incident Response plan: Responding to cybersecurity incidents and effectively recovering from disasters.
  4. CIIP* Program: Critical Information Infrastructure Protection
  5. Partnerships: Promoting international cooperation and collaboration on cybersecurity issues.

But what does all that mean to you as an aspiring cybersecurity professional?
In order for these pillars to be implemented, the UAE will require developing capabilities of more than 40,000 cybersecurity professionals. The strategy will be a catalyst for professionals and students to pursue a career in cybersecurity, and will launch training and education programs to develop a skilled cybersecurity workforce.

UAE Cybersecurity Bodies

The United Arab Emirates (UAE) has several key bodies that are responsible for regulating and enforcing cybersecurity standards and practices. As a cybersecurity professional or student, in the UAE, you must know who's who in your domain. Below are some authorities, government bodies, and private sector organizations, you should know:

Cybersecurity NESA

The National Electronic Security Authority (NESA): is a government agency in the United Arab Emirates responsible for the country's cybersecurity and information security. NESA was established in 2012 by a presidential decree to ensure the protection of the UAE's critical information infrastructure from cyber threats.

NESA works closely with other government agencies, private sector organizations, and international partners to develop and implement effective cybersecurity strategies and policies. Its responsibilities include:

  1. Developing and implementing national cybersecurity strategies and policies
  2. Conducting cybersecurity awareness campaigns and training programs
  3. Developing and enforcing cybersecurity standards and regulations
  4. Conducting cybersecurity risk assessments and audits
  5. Responding to and mitigating cyber threats and incidents
  6. Collaborating with other countries and international organizations to enhance cybersecurity cooperation

TDRA

The Telecommunications and Digital Government Regulatory Authority (TDRA): is a government agency in the United Arab Emirates responsible for regulating the country's telecommunications and information technology sector. TDRA was founded in 2003 with the mission to be a leading organization in the ICT sector in United Arab Emirates. TDRA oversees the telecommunications and digital government sectors in the UAE.

The primary objective of TDRA is to ensure that the UAE's telecommunications sector is developed in a sustainable and innovative manner, while also safeguarding the interests of consumers and promoting fair competition among service providers. Some of the key responsibilities of TDRA include:

  1. Licensing and regulating telecommunications and information technology services in the UAE.
  2. Promoting investment in the telecommunications sector and encouraging innovation and competition.
  3. Developing and enforcing regulations and standards to ensure the safety and quality of telecommunications services.
  4. Monitoring and analyzing market developments and trends in the telecommunications sector.
  5. Protecting the rights of consumers and ensuring that service providers adhere to the highest standards of customer service.
  6. Collaborating with other government agencies and international organizations to promote best practices in the telecommunications sector.

Visit TDRA »

DESC

The Dubai Electronic Security Center (DESC) was founded in 2014 with the mission to protect Dubai digitally by securig and protecting its data. DESC provides a variety of services including: Security Strategy, Policy, and Laws; Trust Services; Training & Support for ISR Implementation; Security Systems Consultation; Cyber Security Awareness & Education; Incidence Response; and more

According to the DESC website, the functions of this entity are:

  1. Set and implement the government information security policy of Dubai.
  2. Set, and supervise the implementation of, standards for ensuring cybersecurity in Dubai.
  3. Prepare, in coordination with concerned government entities, a strategic plan to manage any risks, threats, or attacks on government information.
  4. Verify the efficiency of the telecommunication network security systems and information systems of government entities.
  5. Monitor compliance by government entities with the information security requirements issued by DESC and follow up implementation of these requirements.
  6. Combat various cybercrimes and information technology crimes.
  7. Coordinate with government, regional, and international entities with respect to the work of DESC.
  8. Provide technical and advisory support to all government entities in Dubai.

Visit DESC »

UAE Cyber Law

The UAE cyber law is a set of laws and regulations that govern the use of information technology, the internet, and other electronic communication channels in the United Arab Emirates. The cyber law was introduced in 2012 through the issuance of the UAE Federal Law No. 5 of 2012, also known as the Cyber Crimes Law. Federal Decree-Law no. (5) of 2012 on Combatting Cybercrime, define 51 articles relating to cybercrime. Articles articulate illegal activities and their corresponding punishments (e.g. imprisonment and/or fines). The law can be read in Arabic or English on the UAE Ministry of Justice website.

The Cyber Crimes Law includes provisions that address a wide range of cyber-related offenses, including::

  1. Unauthorized access to computer systems and networks
  2. Hacking and identity theft
  3. Cyber fraud and financial crimes
  4. Cyber bullying and harassment
  5. Distribution of pornographic materials and content that violates the country's social norms and values
  6. Promotion of terrorism and extremism through electronic channels
  7. Cyber espionage and the theft of confidential information

The Cyber Crimes Law also outlines the penalties and punishments for these offenses, which can include imprisonment, fines, and deportation for non-citizens. In addition to the Cyber Crimes Law, the UAE has also introduced other regulations and guidelines that address specific aspects of cybersecurity, such as the Protection of Information Systems Regulations and the National Information Assurance Standards.

UAE Cyber Law

UAE Cybersecurity Events & Centers

Here are a few UAE-based cybersecurity events, centers, and communities that you might find helpful:

GISEC

"GISEC Global is the leading gathering ground for the cybersecurity community worldwide. Top cybersecurity enterprises from 40 countries, CISOs from major corporations across the Middle East, Africa & Asia, government dignitaries and cyber leaders, regional and international innovators and global experts came together to decisively lead cybersecurity transformations across sectors and nations." GISEC is an annual even that takes place in the Dubai World Trade Center and features InfoSec exhibitors, a conference, a series of workshops, and certified training.

CTF.ae

CTF.ae is a Dubai-based platform specialized in creating and managing cybersecurity Capture the Flag events and training. CTF.ae organized a nationwide competition in 2022 and hosted the Dubai Police CTF in 2023.

UAE Hackathon

"Viewed as the largest competitive event for innovation at the national level, the UAE Hackathon reflects the efforts of the Telecommunications and Digital Government Regulatory Authority (TDRA) to disseminate the culture of digital transformation in the country. This project provides an opportunity to different sections of the community including university and high school students, entrepreneurs, employed people and IT experts to use open data as a tool for coming up with solutions based on specific themes and challenges listed for the hackathon."

Cyber Safety and Digital Security

Cyber safety and digital security are serious issues in the UAE, and the UAE government is serious about combating them. Discover how the UAE is protecting its citizens and residents in this comprehensive list of resources.

#uae #cybersecurity #strategy #tra
               
© Samer Aoudi 2005-2024