For everyone interested in history of information security I highly recommend visiting Bletchley Park. Among other things, visitors can explore legendary British WW2 Codebreaking Huts, learn more about the cryptography and the Enigma machine in particular.
There is even a computer simulation available that explains in simple terms the basic principles behind the device.
Some interesting facts about Alan Turing and more modern exhibitions definitely sparkle the curiosity of any visitor.
I delivered a 1,5-day Information Security Concepts course at KPMG UK.
We covered a wide range of topics, including information security risk management, access control, threat and vulnerability management, etc.
According to the feedback I received after the course, the participants were able to understand the core security concepts much better and, more importantly, apply their knowledge in practice.
Leron is very engaging and interesting to listen to
Leron has the knowledge and he’s very effective making simple delivery of a complex topic
Leron is an effective communicator and explained everything that he was instructing on in a clear and concise manner
There will be continuous collaboration with the Learning and Development team to deliver this course to all new joiners to the Information Protection and Business Resilience team at KPMG.
I participated in UK Cyber Security Challenge.
Our university team won the competition.
It was an interesting experience and through teamwork we solved all the challenging puzzles other universities had submitted.
Try to crack Christmas Cipher 2012 to practice for upcoming UK Cyber Security challenges.
Enigma Machine Spreadsheet
You can try encrypting your own messages using this spreadsheet
How AES encryption works – a flash clip demonstrating Rijndael cipher in action
Public Key Cryptography: Diffie-Hellman Key Exchange
The Internet gives us unlimited opportunities to educate ourselves. Here I want to share with you some free resources, which can help you understand information security concepts better.
1. For those of you who want to familiarize yourself with ISO 27001 standard I recommend free e-learning course
“The purpose of this course is to enable information security practitioners to successfully implement an ISO 27001 compatible information security management system in their respective organizations. This course is made freely available to interested candidates and is modeled on ISO 27001 Lead Implementer courses.” (c) ISQ
2. Designing and Executing Information Security Strategies course provides you with opportunities to integrate and apply your information security knowledge. Following the case-study approach, you will be introduced to current, real-world cases developed and presented by the practitioner community. You will design and execute information assurance strategies to solve these cases. A term-long capstone project leads you through an actual consulting engagement with a local organisation adding experience to your resume before you even complete the program.
3. Stanford University provides free online cryptography courses.
“This course explains the inner workings of cryptographic primitives and how to correctly use them. Students will learn how to reason about the security of cryptographic constructions and how to apply this knowledge to real-world applications. The course begins with a detailed discussion of how two parties who have a shared secret key can communicate securely when a powerful adversary eavesdrops and tampers with traffic. We will examine many deployed protocols and analyze mistakes in existing systems. The second half of the course discusses public-key techniques that let two or more parties generate a shared secret key. We will cover the relevant number theory and discuss public-key encryption and basic key-exchange. Throughout the course students will be exposed to many exciting open problems in the field.” (c) Dan Boneh
“The course begins with constructions for digital signatures and their applications. We will then discuss protocols for user authentication and zero-knowledge protocols. Next we will turn to privacy applications of cryptography supporting anonymous credentials and private database lookup. We will conclude with more advanced topics including multi-party computation and elliptic curve cryptography” (c) Dan Boneh
4. One-hour seminar by Xeno Kovah (Mitre) on rootkits highlights the few weaknesses in detection methodologies and many weaknesses in tools
5. Using buffer overflows
– Understanding the Stack – The beginning of this video explain Intel x86 function-call conventions when C code is compile
– Buffer Overflow Exploitation Megaprimer for Linux video series
6. Series of videos introducing wireless networking and the application of penetration testing tools to WLANs