KimbakiS Portfolio

This is a collection of some of the projects I've worked on during my ventures into the Cybersecurity world.

View on GitHub

๐‚๐ฒ๐›๐ž๐ซ๐ฌ๐ž๐œ๐ฎ๐ซ๐ข๐ญ๐ฒ ๐‹๐ž๐ฌ๐ฌ๐จ๐ง๐ฌ ๐Ÿ๐ซ๐จ๐ฆ ๐‰๐ฎ๐ซ๐š๐ฌ๐ฌ๐ข๐œ ๐๐š๐ซ๐ค

Video Reference: Cybersecurity Lessons from Jurassic Park.

I had watched this video a while months back and found it a very enlightening example of linking cybersecurity to a real-world scenario. And I canโ€™t help but think how helpful it would be to explain such concepts to the public using this kind of method, since a lot of people do relate to entertainment works.

This particular film (and video) outlined quite a few common mistakes, threats, and concepts within cybersecurity:

๐Ÿ’ก Social Engineering -> A competitor here bribes an employee to do a malicious action against his company.

๐Ÿ’ก Insider Threat -> The bribed employee brings the security systems down in order to complete the action. If the zero-trust model had been implemented, he wouldnโ€™t have been able to execute what are essentially admin privileges with nearly full permissions.

๐Ÿ’ก Over-Reliance on Automation -> The over-reliance on such technology is what caused a domino-effect within the park, and there were no fail-safes in such cases.

๐Ÿ’ก Single Point-of-Failure -> And to continue, because there was no segmentation, backup technology, or plan in the case of emergency (aka, incident response plan), that led to one area being able to take down the entire system.

๐Ÿ’ก Abstraction -> A lack of understanding about the โ€œassetsโ€ within the company meant that there was also a lack in the ability to be able to sufficiently protect them (or, in this case, protect FROM them).

๐Ÿ’ก Unintended Consequences -> If youโ€™re going to take an action, itโ€™s important to carefully think about what may result afterwards, which means looking at it from various perspectives to predict more obscure consequences.

๐Ÿ’ก Data Breach -> Physical, in this case (where were the security guards?)โ€ฆthe employee was able to just walk right into an unauthorized area to steal assets.

๐Ÿ’ก Complicated Recovery Procedure -> They had to jump through hoops to get the system back up and running again, and this is largely because of a lack of a sufficient recovery plan.

In the end, even though incident response and recovery are a part of the process, the mistakes made here largely tied back to a lack of planning and preventative measures. And that idea is still applicable today.