# Learn and Earn form Technologies Linux FundamentalsUser & Network Administration # Cyber Security
opportunities attract. Identifying new pre-sales activities. Okay, engagements. So they try to
know, they try perform an assessment and then they try to gather all the data. Decision making services So keep this in mind. So website or website this is a company which is predominantly ah focused on the Devons ah the DevOps. But others I mean you I mean it is so evident that you can even see the the wheel of the DevOps. That's the CICDP wheel,
right? exactly. AMP I O N S Proudly proud heritage website the website commission, performance engineering, digital and crowd source testing. All of these things that appears to be a company which is devops focused, right? And then you have mentioned application security and cyber security but when you click on it, it doesn't go into detail what exactly do we do? I mean, now it mentions when it comes to I mean if I look at the all the cyber security core services from your website. This is the most important thing digital transformation services and cyber security because application security CICD pipelines static core Ah just email and messaging security CIS points cloud network and edge security zero trust 27 thousand 1 27 thousand seventeen and 27018 audits assessment I can do that endpoint and remote workforce protection solutions that ah identity in public access management solutions cyber or companies find the same solutions, right? So, vulnerability management I mean, I am well versed in terms of utilizing all the open source tools. And all the
propriety tools like call us NASS, and you know, these are the primary ones that any and every organization pretty much ends up using it, right? Open source there is a big ah plethora of solutions which are available at our disposal. Right? Okay. Take care. Software orchestration and automation security organization automation Development company. India started developers. So what
they do is ah in team This is something I can create all the relevant documentation to ensure that we are able to provide these services, right? Critical infrastructure security this is my real house, I mean six, two, four, four assessment, 27001 27017 27018. The IOT, the actually IOT for the Skada, it is I, IOT, industrial IOT, right? So, they are both slightly different. IOT is a very generic term.
Which pretty much targets all the consumer technologies. But for the SCADA, it's IIOT, right? And for the OOT as well, assessing RTUs, distributed control systems, remote terminal units, HMI PLC, all those kinds of things. Ah data protection encryption classification solutions ah HSM, TPM, con council, CSS or technology fit assessment gap assessments ah PCR DSS ah so on and so forth. Banking customer compliant right? So analyst, cyber security project Job description, so you can gather a lot of information.
Business analyst say look cyber security framework elements standards and guidelines develop cyber security risk safety and risk management. Keep pragmatic approaches companies our development every single job. security analyst GRC consultant lead cyber security engineer cyber security consultant we are looking into all the things cyber security consultant. The cyber security engineer. Elastic searches ah cyber security gym permanent full time movie. Or
ah skills in programming and scripting language team ISO twenty-seven, zero, three, five, twenty-seven, zero, three, five description GRC consultant 27000 policy writing project part is something that I am working on nowadays because my own organization going towards the psychops culture, The culture, right? So, there's a lot of integ there as well. Ah I am good in Python scripting. Ah learning couple of other scripting languages as well. Like bash and other ones. So I
mean ah casual interview We'll see IDS PKI at multifactor authentication, proxy, ASI, jobs or exam those are dollar payment architecture, right? How to ensure that it is meeting the PCIDS's requirements, it is meeting the 27, 001 requirements, it is meeting 27, 017, 27018 for cloud security and cloud privacy. And if it's a electrical grid, ah twenty-seven thousand nineteen and if it is a ITOT, then we have to talk about six, two, four, four, three. So this is how you have to approach. You have to consultant company a consultant because client so you have to be fully so job description safe video save are done through that framework, through that framework, right? So the processes, which are given to us now, Obviously, every organization have their own standards and their own internal tools. So, if I'm given the opportunity to work here, you guys might be using pink elephant which is another tool for a very famous idol tool. Indian company support or elephant let me see. You might,
you guys might be using pink elephant, I'm not sure, right? service now or in many things. So you guys might be using service now. You guys might be using ah you know pink elephant certified tools which is ideal standard for service delivery, service management, all those kinds of things. But at the end of the day it doesn't matter what tool it is.
The methodology and all those things are same. They going to service strategy, service design, service operation. Service management, operation support analysis, I mean release control and validation and I looking going through your website, this is a very, this is an organization which is very heavily ah devops right? And I totally agree with it because the DevOps, the now they're merging into Dev Sack Ops, that's where the future is, right? So, I'm also going, I have already started my journey, and I'm already doing that, the Jenkins and Civil Docker, Cubanities, Nakios, Telephone all of these are all the tools that I am now a days you know learning and working on because to work effectively with the DevOps team you really need to know all of these things. Right? And the orchestration, configuration management, the infrastructure management, infrastructure as a code. This
is where the the things are ignored washroom Abdul Base or ah answers questions law collectors design or women organisations experience native of bilingual. You can't get their private cloud or public cloud to host those servers. Even today some of, some of us, you know, some of you sitting here may have 20 years, 25 years of experience. Right? 20 years ago, Windows Windows Indeed. Windows are three Jyoti.
So, Windows three 19 ninety so 1990 say 2000, 2 thousands in 2010, 2220. Some of you may have 22 years of experience. Or 20 plus years of experience in the industry. back back in the day 20 years ago or 22 years ago, we had Windows three. Then we had Windows and T. Then we had, you know, some of these iterations of different iterations of sequel servers. Even today,
then we had Windows XP, then we had, you know, all the Windows 2003 and different versions, Windows 2000 different versions of Windows, right? Even today, within the Skada industry, these systems are still alive. So, these system are not supported by any of the cloud vendors. So what we do is to test and build and verify the integrity of the networks. You know at what we do is we mimic the whole network of what we are about to break into. So we
have these machines already cloned up ready. Windows three, Windows NT, you know, Windows XP, Windows 2000, 2003, different kind of domain controllers. They're already configured. And they run on our bare metal infrastructure which resides in our bare metal service reside in France. At OBH, data center. And and they
are all behind you know ah software defined farm walls. So there is a opens ah open stack networking going on at the back end. Ah you know there is also open VPN ah open sense firewalls. There are also Cisco
base firewalls as well. So there's a you know the architecture at Hanima Labs you know if if you ask me what does Vanima Labs really do? They build networks and then they break into those networks. Right? And they do this for various customers. And at the end of the day what they also do is they teach them to other, you know, customers as well. Since now, they have build up like, the, the amount of service that they have is more than 2, 000 plus service, right? So, what they do is like, they build up the servers, they build up, they mimic, they will mimic your whole network. Infrastructure, you know, within 24 hours. So,
if you have this complex infrastructure of Vipro here and which is connected to cloud and private data center and you guys are running Cisco and some wide label switches and open networking and SDN and Van and all those kinds of things, they can replicate that within 24 hours and they can put it in front of you, and then they will break into that. Now, obviously, the missing piece would be the application parts. So, for the application security, they do it separately, right? So, that's internal and external penetration testing. But when
it comes to assessing the network validity, assessing the applications, testing out which ports are open, which ports are closed, what kind of services are running, all those kinds of things are done, through a combination of, ah, basically virtual machines running on bare metal servers, residing at OBH data center in France, and then all the other pieces which can be hosted comfortably in the cloud, in the public, in the private cloud. because they use cloud and private cloud both. Ah and those things they reside in GCP and AWS. Now they are also planning to bring in Azure as well. Azure is coming. Azure is had already come on Sarama so Azure service so they are doing all of those things. So all of those things and then imagine it's a very complicated ah networking piece and then all of those things are globally load balance. Globally
load balance. As per the geolocation of a given customer. Right so the customers may be residing different different places. So that's what they do. So, it's a
very complicated infrastructure. There are multiple teams working behind the scene. And if you see me, I am one of those cogs that, you know, like if you, you know, when you were little, we learned about gears, right? They're different kind of gears. Gears different types of so this one gear you have to make that kind of gear. So there are different types of gears, right? Physics science so Yes, per per gear, straight gear spiral ah bevel gear part of the so once I become part of the plan you know like you can imagine ah there is a applications team so there are different teams there are developers, there are application coders, all those kinds of people but I am the Planet Daily Gear which remains in the middle but interacts with everyone. And that is how
cyber security, GRC guys, DevOps guys, this is how they, they operate, right? so this is how they all operate, right? And for, for a person to be successful within an organization, you have to be a planetary gear, you have to be in the middle and you have to interact with everyone, you have to talk to everyone. Example consultant he was a planetary kid. He was interacting with all the Sahabas. Right? So, information
and if he is not there is no Islam. Right, there is no Islam. Islam Hmm.
because lectures release lectures networks.