Irfan Shakeel

19/07/2024

Many Windows users faced the infamous Blue Screen of Death due to a new CrowdStrike update. This led to significant outages, affecting several airlines, including SpiceJet, IndiGo, and Akasa Air.

👉 Takeaway: Conduct rigorous testing of security updates before deployment. That's it!

01/07/2024

Protecting your critical infrastructure becomes easier when you learn from past incidents and their root causes. In my latest article, I've examined some of the world's most notorious cyberattacks on critical assets and their underlying causes. The surprising insight? Many of these attacks could have been prevented by understanding and implementing a few core security strategies.

Discover how to safeguard your infrastructure by learning from these real-world examples. 💡🔒

https://www.opswat.com/blog/behind-the-breach-analyzing-critical-ics-ot-cyberattacks

06/06/2024

Is the Cybersecurity Skills Shortage a Myth? 🤔

The heatmap shows 469,930 cybersecurity job openings in the U.S. for this year alone. The real challenge isn't just the number of people—𝗶𝘁’𝘀 𝘁𝗵𝗲 𝗾𝘂𝗮𝗹𝗶𝘁𝘆 𝗼𝗳 𝘀𝗸𝗶𝗹𝗹𝘀.

🔍 Key Facts:

👉 95% of breaches exploit known vulnerabilities, underlining the need for expert skills over mere headcount.

👉 70% of cybersecurity roles remain unfilled due to a lack of adequately skilled candidates.

👉 Half of the current workforce admits to being underqualified, affecting their ability to secure systems effectively.

Increasing the workforce without improving skill levels does little to enhance security.

At OPSWAT Academy, we focus on providing high-quality training that equips professionals with the expertise to make a significant impact from day one.

𝗪𝗵𝗮𝘁 𝗱𝗼 𝘆𝗼𝘂 𝘁𝗵𝗶𝗻𝗸?

👉 How is the skills gap impacting your organization?

👉 What steps can we take to collectively raise cybersecurity standards?

Share your thoughts, and let's explore solutions together! 🚀

04/06/2024

Sunday was a thrilling day for me! 🎉 I successfully built a virtual OT lab designed to test various attack vectors and their defenses. Here's a sneak peek at the lab network diagram:

✅ Set up VLANs
✅ Configured OS
✅ Installed SCADA, PLC, and HMI

I know I'm posting this a bit late, but I wanted to share the excitement with you all. Stay tuned to , where I'll be uploading a step-by-step tutorial on this setup. 💻

What do you think of this setup? I'm considering adding FactoryIO for simulating physical processes. Any thoughts or suggestions? 🤔

04/06/2024

Sunday was a thrilling day for me! 🎉 I successfully built a virtual OT lab designed to test various attack vectors and their defenses. Here's a sneak peek at the lab network diagram:

✅ Set up VLANs
✅ Configured OS
✅ Installed SCADA, PLC, and HMI

Today, I'll be setting up the analyst machine. 🔍

Stay tuned to OPSWAT Academy, where I'll be uploading a step-by-step tutorial on this setup. 💻

I'm considering adding FactoryIO to simulate physical processes. Any thoughts or suggestions? 🤔

23/05/2024

Keeping our critical infrastructure safe is paramount, and open-source tools play a vital role in securing OT/ICS security. Here are some awesome options I rely on:

👉 Kamerka-GUI: Ultimate Internet of Things/Industrial Control Systems reconnaissance tool. https://lnkd.in/d_tQYMqA

👉 S7Comm-Analyzer: A plugin for Bro that parses S7comm protocol data traffic. https://lnkd.in/dTav4ngw

👉 PCS7-Hardening-Tool: A standalone PowerShell script that enumerates security issues on Siemens PCS 7 DCS servers, based on Siemens security guides. created by OTORIO https://lnkd.in/deJnne5q

👉 NetToPLCSim: TCP/IP-Network extension for the PLC simulation software Siemens PLCSim. https://lnkd.in/dB6ABD5C

👉 s7scan: The tool for enumerating Siemens S7 PLCs through TCP/IP or LLC network https://lnkd.in/dJUcPD4r

What are your favorite tools? Share below.

06/05/2024

Embracing change is not just a choice, it's a necessity!

As a passionate advocate of change, I've seen firsthand how it drives growth in both professional and personal development.

In the ever-evolving landscape of business and life, adaptability isn't just an asset; it's a critical skill. Change fuels innovation, unlocks potential, and helps us stay ahead of the curve. Whether it's learning a new skill, adjusting to market shifts, or adapting to personal transitions, embracing change keeps us moving forward.

"Change is the essence of life; be willing to surrender what you are for what you could become." - Reinhold Niebuhr

Let's continue to push boundaries and embrace the change that helps us grow! 🚀 Happy Monday!

01/05/2024

GISEC Global has always been an exciting platform to connect with partners, customers, and other cybersecurity professionals. This year was even better, thanks to OPSWAT's amazing booth, live sessions, and engaging conversations.

Here I am with my colleagues.

04/04/2024

"Appear weak when you are strong, and strong when you are weak." - Sun Tzu, The Art of War.

This timeless principle from Sun Tzu's "The Art of War" is more relevant today than ever, especially in cybersecurity.

In our world, this strategy can be the key to safeguarding our data and networks.

It's about deception and countermeasures.

Making a system seem less valuable to attackers can deter unwanted interest.

Conversely, strengthening our defenses silently prepares us for unforeseen attacks.

This balance is crucial in a landscape where threats evolve daily.

isn't just about strong firewalls and encryption.

It's also about strategy, foresight, and, sometimes, the art of deception.

Let's strategize not just to defend but to outthink our adversaries.

18/03/2024

No, You cannot become an expert in offensive security without an IT background.

12/03/2024

𝑶𝑺𝑰𝑵𝑻 𝒇𝒐𝒓 𝑰𝑪𝑺/𝑶𝑻: 𝑩𝒆𝒚𝒐𝒏𝒅 𝑺𝒉𝒐𝒅𝒂𝒏 𝒂𝒏𝒅 𝑪𝒆𝒏𝒔𝒚𝒔

Think ICS/OT security relies solely on exposed ports? Think again! Savvy cybercriminals can leverage OSINT, publicly available information, to gain a foothold in your OT network. Here's how they might do it:

🌐 Website recon: Company websites, press releases, and social media profiles often reveal juicy details - ICS technologies used, project locations, even employee expertise (https://www.maltego.com/blog/how-to-conduct-person-of-interest-investigations-using-osint-and-maltego/).

📝 Job postings: Hunting for engineers? Job descriptions might disclose specific control systems or SCADA software, aiding attackers in crafting targeted exploits.

🔍 Subdomain safari: Beyond the main domain lies a treasure trove of subdomains! Attackers can use tools like Shodan (https://www.shodan.io/) to map these subdomains, potentially uncovering forgotten test systems or remote access points.

📊 Following the paper trail: Annual reports, security filings, and even news articles can provide clues about your ICS vendors, which attackers can research for known vulnerabilities.

🎤 Conferencing virtually: Attending industry events (virtually or in-person) can expose details about your ICS setup through presentations or casual conversations. Be mindful of what information you share publicly.

Remember, strong defense starts with awareness! By understanding OSINT tactics, you can take steps to minimize your attack surface.

Let's discuss in the comments below - what OSINT techniques are you most concerned about for ICS/OT security?

05/03/2024

When IT meets OT, it's like a plot twist in a techy plot,
A digital handshake, seems simple, but it's not.
ICS gears up, in its own, secure spot,
Then IT steps in, and says, "Let's connect the dot."

But wait! There's a catch, not all is smooth,
As OT's steady beat meets IT's groove.
Security challenges pop up, playing whack-a-mole,
A dance of risk and control, taking its toll.

Firewalls and patches, in a constant dance,
Passwords and protocols, leaving nothing to chance.
Yet, in this tech tango, vulnerabilities sneak,
A game of cyber hide-and-seek, unique.

So, here's the twist, the funny part of the tale,
When IT and OT merge, we must not fail.
For in this union, strength we find,
With careful steps, leaving threats behind.

07/02/2024

Drumroll please... the 2023 OPSWAT Academy Sales Champion is... Amjad!

These photos capture just a glimpse of the infectious energy and dedication that fueled his incredible achievements last year. Not only did he crush it as OPSWAT Academy Champion, but he also racked up several other awards – proof that hard work and passion truly pay off!

Amjad Quteifan, I'm incredibly proud of everything you've accomplished. You're an inspiration to the entire team, and I can't wait to see what you achieve in the year ahead! Keep shining! ✨

15/01/2024

Exciting times at 2024! Stay tuned for updates on what's shaping up to be our best SKO ever! OPSWAT OPSWAT Academy

31/12/2023

Hello everyone,

Wishing you a happy New Year! May this new beginning fill your life with joy, health, and prosperity. Best wishes for a wonderful 2024 🎉🎈🎊

13/12/2023

Four myths of critical infrastructure security that we must lay to rest

In May, in a statement to the UN Security Council Arria-formula Meeting on Cyberattacks on Critical Infrastructure, Her Excellency Lana Nusseibeh, the United Arab Emirate’s Ambassador and Permanent Representative to the United Nations, confirmed that the nation’s critical infrastructure — the ...

29/11/2023

This Woman Does Not Exist - And DevTernity's Ethics Seem to Follow Suit! 🚫👩‍💻

DevTernity 2023. The scene of a tech travesty. AI to create female speakers? Yes, that happened.

Diversity goals? Check. Real women? Nope. Just digital creations.

Tech giants like Microsoft, Amazon, Google? They walked away. Ethics over AI illusions.

This isn't just about a conference gone wrong. It's a wake-up call. The tech world needs real diversity, not AI stand-ins.

Let's get real, tech world. Real women. Real diversity. No more AI sockpuppets.

27/11/2023

Ask anything about cybersecurity, AI, and Tech in general. I will answer your questions; you can talk about your career, how to get in, excel, or grow in your career, certifications/ education, etc. 👇 👇👇👇👇

27/11/2023

Did You Know? NERC-CIP's Role in Securing Our Energy Infrastructure 🔒

NERC-CIP standards are essential in protecting North America's power grid against cyberattacks. But what are they, and why do they matter so much?

🔍 What Is NERC-CIP?

A set of rules designed to safeguard the bulk electric systems in North America from cybersecurity incidents, impacting both national security and power supply reliability.

🔌 Impact on the Energy Sector

Compliance reshapes security strategies, ensuring the resilience of the power grid.

🔑 Key Components:

1- Cybersecurity Measures: Guarding electronic perimeters and managing cyber assets.

2- Physical Security Protocols: Protecting critical physical facilities.

3- Personnel Training: Ensuring staff are well-versed in security measures.

4- Incident Management: Ready plans for response and recovery.

5- Configuration Control: Keeping tabs on software and hardware changes.

These standards are critical for operational excellence in the face of cyberattacks.

💡 Let's Discuss:

How is your organization adapting to -CIP? Share your strategies and insights below!

20/11/2023

Happy Monday! 🌞 Einstein once said, 'Imagination is more important than knowledge. Knowledge is limited. Imagination encircles the world.'

Let's embrace this wisdom in our work life. While knowledge guides us, imagination opens doors to endless possibilities. It's the spark that ignites innovation and drives us to achieve remarkable success.

This week, let's think beyond the boundaries, dream big, and transform our imagination into reality.

02/11/2023

Steps to Transition from IT to OT Security

This post outlines the roadmap one might follow when transitioning from IT security to the domain of OT security:

Leverage existing IT security skills as a foundation for exploring OT security.

Dive into learning industrial control systems, SCADA, and the protocols governing OT environments.

Pursue relevant certifications like GICSP and COSP (from CIP Cyber ) to validate your skills and knowledge in OT security.

Engage with the OT community to gain practical insights and build a network of like-minded professionals.

Seek mentorship from seasoned OT security professionals to accelerate the learning curve.

Stay updated with the latest OT security threats, technologies, and best practices through continuous learning and professional development. Follow OPSWAT Academy to do so.

Reflect on your progress, continue to learn, and adapt to the evolving landscape of OT security.

26/10/2023

Such a joy to finally meet amazing OPSWATers in person at GITEX in Dubai last week! Nothing beats face-to-face connections. Swipe to see the memories we made! 📸

25/10/2023

Explore the basics of building a strong security awareness culture in my latest article on AT&T Cybersecurity. Uncover practical steps to enhance your organization's security stance: Read more:

https://cybersecurity.att.com/blogs/security-essentials/how-to-establish-a-great-security-awareness-culture

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.  As we mark another Cybersecurity Awareness Month, it's essential to recognize that this is more than a calendar ...

18/10/2023

Presenting the incredible OPSWAT Meta team at , Dubai! Commitment, passion, and a relentless pursuit of excellence define this team. Special shoutout to our colleagues who joined us from outside the Meta region. Together, we're stronger and unstoppable! 💪

30/09/2023

A public service message

27/09/2023

🔒 Bridging the gap between IT and OT security! Dive into the latest insights on enhancing cyber risk management by combining the strengths of both domains. A must-read for cybersecurity enthusiasts!

cybersecurity.att.com/blogs/security-essentials/combining-it-and-ot-security-for-enhanced-cyber-risk-management

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.  Integrating IT and OT security for a comprehensive approach to cyber threats in the digital age. Historically, I...

18/09/2023

Why IT/OT network segmentation is a nightmare? 👇

1️⃣ Diverging Goals

IT: Data integrity and security.

OT: Real-time performance and availability.

2️⃣ Complexity Overload

Device Diversity: OT networks host a myriad of devices and protocols.

Geographical Hurdles: Centralized management is a logistical nightmare.

3️⃣ Security Quagmires

Vulnerability: OT systems often lack cybersecurity features.

Patch Paralysis: Updates risk operational downtime.

4️⃣ Culture Clash

Team Silos: IT and OT are managed by different teams.

Understanding Gap: Each team is often unaware of the other's challenges.

5️⃣ Legacy Labyrinth

Outdated Tech: OT systems are often antiquated.

Upgrade Costs: Modernization is expensive and time-consuming.

👉 IT/OT network segmentation is a multifaceted challenge. Have you faced these issues? Share your experiences below!

11/09/2023

You've got the best digital armor money can buy, but what about your human firewall? Make cybersecurity awareness and employee training a priority today! 🛡️

04/09/2023

For those who say, "I need 3 monitors", a mechanical keyboard, noise cancellation headphones, darkroom, blue lights etc, etc..

Linus Torvalds, the mastermind behind Linux, keeps it simple and still changes the world. Sometimes, less is more. 💡

01/09/2023

So, you are in tech, but what did you study? I studied Telecom Engineering, and you? 👇