Posts

The NIST published last June the final version of the Digital Identity Guidelines also known as SP 800-63. This publication was a draft since 2016 and they even asked for comments from the community on GitHub during the summer 2016. All these comments were inputs for the final publication.

The data security breaches occurred/disclosed in October 2017. Disqus The popular commenting system was breached in 2012. Disqus got notified by Troy Hunt, a security expert, who obtained a copy of the data. According to the company, the data exposed are from 2007 and involve 17.

You probably already received one of these letters if you have registered a domain name in the past few years. The company behind these letters is Brandon Gray Internet Services Inc. The worst part is the fact this is a legitimate organization registered and operating in Canada (Markham, Ontario).

This post was published when this blog was also in French. This post is available in English. Septembre 2017 a été un mois intéressant pour plusieurs brèches importantes de sécurité. Nous avons tous appris la valeur de nos informations personnelles. À partir de maintenant, je vais publier un billet mensuel au sujet des brèches importantes de sécurité du mois précédent.

September 2017 has been an interesting month for many important security breaches. We all learned the value of our personal information. From now, I will publish a monthly post about the major security breaches from the previous month. Equifax Equifax is a consumer credit reporting agency and they had a recurrent unauthorized access to their systems from May 13th to July 30th.

This post was published when this blog was also in French. This post is available in English. Kantoku était une application autohébergée pour les entreprises afin de pouvoir gérer facilement leur gouvernance, risque et conformité TI (GRC). Comme mentionné dans une publication précédente, j’ai développé cette application pendant les premiers mois de 2016.

Kantoku is a self-hosted application for companies to manage their IT governance, risk management and compliance (GRC). As mentioned in a previous post, I developed this application during the first part of 2016. At first, it was a Software-as-a-Service (SaaS) solution with a really nice high availability infrastructure on AWS.

This post was published when this blog was also in French. This post is available in English. Terminé. Cet examen de 6 heures avec ses 250 questions est enfin du passé. Eh oui, je parle bien du légendaire CISSP ou l’examen pour le “Certified Information Systems Security Professional” de ISC2.

Done. The 6-hour exam with its 250 questions is finally in the past. Yes, I am talking about the famous CISSP or the “Certified Information Systems Security Professional” exam from ISC2. This is the certification that most information security professionals will try to obtain at one point in their career.

This post was published when this blog was also in French. This post is available in English. Depuis les dernières années, je suis de plus en plus du côté de l’audit TI et de la sécurité de l’information. Du moins, en théorie, j’ai encore plusieurs projets techniques… Toutefois, ça faisait déjà quelque temps que je voulais poursuivre la certification « Offensive Security Certified Professional » (OSCP).

I am more an IT auditor, and on the business side of information security (at least, in theory, I still like doing many technical projects). However, it was still important for me to pursue the Offensive Security Certified Professional (OSCP) certification.

It has been a little more than 3 years since I graduated from my bachelor degree. I must admit, it has not been always simple to figure out what I wanted to do. It could have been easier, but overall, I understand now why those different experiences were required for me.