If you have read the short description on the frontpage you already know about the topics I am focusing on, about my motto and a little bit what drives me to build this blog. But here I want to go a bit more into detail.
What is the Blog about
This Blog focuses on the topics:
Cybersecurity, IT-Security, Information Security, IT infrastructure, Hacking and all things related to them.
This includes: How-To’s, guides, opinions, personal experiences, my personal projects, sharing my knowledge, etc.
Why I started this Blog
One of the biggest problems I see in the wild at the moment is the lack of IT knowledge, lack of a modern IT infrastructure (network-)design and the lack of IT automation that leads to all the cybersecurity problems we are seeing today. Here I want to show how I would build a modern, automated IT infrastructure that helps to protect against cyberattacks and how to detect and respond to them.
During my consulting work I also getting the same questions, see the same problems and doing a lot of the same things over and over again.
So the First reason I built this Blog is to give a blueprint on how to build a security framework with a good, solid IT infrastructure in mind. I also want to structure and document my knowledge and procedures and set up some kind of knowledgebase or library for myself. And sharing it could also benefit others.
Second reason is to write about my experiences and thoughts. Because I have the opportunity (and had) to work with a lot of people and companies I am fortunate to have gained and been able to gain a lot of experience and knowledge. So why not share them.
Third reason ist the problem I see that a lot of companies focusing more on products instead of solutions. I want to show more how to use existing tools, software, applications or open-source to solve problems and to learn what you really need and maybe then choose the right product (always start small and simple).
Fourth reason is to force myself into acting. I love to learn, read and think. And I have a lot of ideas for my own projects. But to be honest I often have the problem of implementing my ideas. So push me 😉
And that is also the reason…
Where my Motto comes from
Enforce IT | Automate IT | Protect IT
or leave it
Enforce IT: With the help of Information Security you have to build a strong security governance with a framework of policies, procedures and processes that is measurable and where nobody can avoid them.
Automate IT: IT-Security not only has the responsibility to manage and build security infrastructure, but also to design it that way, that the IT infrastrucutre is well protected and attacks can be automatically detected. Also it should be able to automate the delivery of key figures, logs and information to the Information Security and Cybersecurity divisions.
Protect IT: With the support of IT-Security, Cybersecurity should be able to help to protect and proactively monitor the infrastructure for current risks and threats and react or repsond to security incidents. To protect the organization it is also necessary to check and verify that guidelines and policies are being followed.
What does the name Cyberblend mean
Cybersecurity can not be described as one specific topic. It is a mixture of several independent subjects and areas that needs to work together. I was always thinking about what describes this mix the best. I also like to travel and I love Scotland. And when you think about Scotland you definitly think about Whisky. And as the connoisseur knows, there is something like blended Whisky, where different Whiskys are mixed together. And I think the name Cyberblend perfectly describes this mixture of serveral different topics that needs to play together to show the big picture of Cybersecurity.
So when I talk about Cybersecurity, IT-Security or Information Security I only use this topcis as generic terms. And as I described above the hole area is a mix of hundreds of smaller, more specialized subjects and skills that fit into this niche. And I also want to cover and dive deeper into this topics. To name a few: IT Forensics, Pentesting, IoC (Indicators of Compromise), Hacking, Detection, Code and Malware Analysis, Machine Learning and AI, Big Data and SIEM, IoT, Programming, Bug Hunting, etc, etc.
Because I come from and always was working in a “Blue-Team” environment I also want to learn more and go deeper into the “Red-Team” approach. Here I want to document my progress.
Follow on Twitter if you want to keep updated:
You might be thinking what makes this guy the expert.
Maybe you have found out a little bit on the frontpage already. But here you can find more details about my personal history.
1. Introduction and what got me into computers
So my name is Florian and I am at the end of my thirties. I live in western Germany in the “Ruhrarea”. Since my childhood I am into computer and technology stuff. My first touch with computers, was the Commodore C64 from my brother.
I will never forget my first commands that I typed into a computer:
# LOAD "$" ,8
# LOAD "PROGRAMNAME" ,8 , 1
But I did not only use the C64 for playing videogames, I also was interested on how computers work. So I read the manual and a book about computers that my parents got for my brother. I then started to write my first BASIC programs. Ok, I just copied what was written in the manual and see what will happen ;-). After a short excursion to the Amiga 500 and looking a little bit into Amiga OS, I was able to have my first PC experience with my brothers 4/86 computer. I learned about MSDOS and Windows 3.11 but more importantly how to tweak the config.sys and autoexec.bat for better gaming performance ;-).
2. The first foundation for my career
You can say I started to build my foundation for a professional career when I was 14. This was the time I was able to afford my first own PC. I completly built this PC on my own, learning what parts I need and how to put them together. This was when Windows 95 came out. At this time I was really into computers, learned everything about building and repairing PCs and especially into Windows 95. I knew every detail of it and how to solve its problems. And this is what got me my first part-time job.
During a vacation job working in a warehouse for a wholesale company, the owner found out about my computer skills and asked if I could help out fixing their computer problems. And that brought me my first real job, where I did computer support, built my first, small, “professional”, local BNC network for the company and managed their small wide are network.
During the end of my highschool, the Internet got more popular and during computer science classes we built up and published the schools website and of course we did the computer support. Here we also had the opportunity to build up Germanys first Internet Café for a school with the support of the German Telecom.
3. Getting more professional in IT
Between highschool and college I was working for a small consulting company where I developed and implemented a database system for managing their clients [in modern terms CRM ;-)] and migrated the existing MS Access database. Here I also got my first hands on Windows Server. At this time it was still called Windows NT and Windows 2000 was just released. I got the responsibility to setup a new Windows 2000 Active Directory Domain and migrate the existing one. I completly failed. As a punishment the Manager condemned me to rebuild the Active Directory from scratch on the weekend :-(.
4. First touch with Cybersecurity
I then visited a technical college for computer science. And that was the time I got more into security. During the time I played a lot of Counter Strike with other students and we founded a clan. One of my friends was really great in PHP development and he had the idea of building a statistics website for our clan and members by getting the stats out of the game (I don’t know how anymore). So that was the first time I rented a public “Root Server”, to run our own CS server, clan website, email server and to collect the statistics out of the game. And here I became the “Security Guy”. Because the server was publicly available on the Internet I was very paranoid that it could get hacked. So I invested a lot of time and effort to learn how to protect it. I started to set up iptables, got my patchmanagement running ;-), and did everything to harden the Apache and Postfix servers. I also started to get a little bit into code analysis because I did not trust my friend to write secure code :-D. Also I put a lot of time into my skills and knowledge to detect possible attacks. I have set up a central logging server at home to get all the logs and manually digged through them. At this point there were no such thing as SIEM. But lucklily it seemed there were no real attacks so there was no need to define an incident response process :-). After 3 years I successfully graduated and left college. Because I already had a lot of experience it was an easy walk, but I was still able to learn a lot about new stuff like electrical engineering, communications or programming in C, C++ and Java.
5. Start of my professional IT career
After my studies I got my first, real, longterm job as a System-/ and Network Engieer in an international, medium-sized company that was run as a family business (and still is). The company is in the industry automation sector and was growing rapidly fast. When I started there, they were just about to replace and renew their worldwide network infrastructure with Cisco devices and migrating their WAN from dial-in to VPN connections. That included all of the sales offices, production sites and logistic centers (about 30 locations in about 10 countries). Also it felt like they tried to build new sales offices in all countries on earth. That was the first time I was sent out to the world, start migrating and building a lot of Cisco networks. Here is where my third passion began – Cisco Networking. As always, when I am interested in a topic I like to learn everything about it, So my goal was to become a CCIE and I started with the CCNA and CCNP but unfortunately never finished to get my CCIE certificate :-(. When the company stopped their extension because there were no more countries left to build new sales offices, I think we ended up building office networks in over 100 locations in over 70 countries (of course smaller ones that could be setup remotely and bigger ones on site). Not to mention the building of 2 new Data Centers, 1 Logistic Center, 2 Research Centers, a completly new headquarter with 2 redundant Data Centers and the move and migration to it. And all the “small side projects” like building a new worldwide Active Directory Domain and migrate 10 other Domains to it, building a worldwide Public Key Inrastructure for Smard Card authentication, intergrating purchased companies and partners, doing second/third level support and so on. It was a tough pace but it was really fun and I gained a lot of experience.
6. What got me into Cybersecurity
After the big growth and expansion of the company I got more into network security and started managing and monitoring the security infrastructure. At this time the company was already certified for ISO 27001 but wanted to invest a little bit more into IT-Security. So I started to improve the security infrastructure, installing new firewalls, setting up proxys and gateways at their “critical” locations and was finally able to set up my beloved central security logging (but no SIEM yet).
So after working in this area for about 3 years I felt I needed to do something new. Because I still wanted to work for my company and with the people there I asked my manager if there is an area in which I can further develop. After a fews days my manager offered me the position as Security Operations Manager.
7. Start of my professional Cybersecurity career
In this new position my goal was to build up a security operation center with a blue team approach. So I worked a lot together with the companies CISO to improve the current security policies and procedures and defining key figures that we could measure, Yes, and for that I got my SIEM :-). And not only a SIEM, we decided to go with Splunk. If you have read the section about the blog, then you know that I do not prefer to focus on products. But there are a few I really do recommend and Splunk is one of them. Additionally we developed an Incident Response Process and built up a Cybersecurity Incident Response Team. I also focused on defining use cases to be able to detect security events and attacks or rather anomalies.
When time goes on a lot of things change. So did I and the company. With the growth the company became more of a corporation and I was at a point where I was not able to improve myself or my skills. During all the time I also was working with a lot of external partners, providers and consultants and I was always interested in working for different companies in a short period of time like them. Not only to help and support them and share my knowledge but also to gain experience in other business sectors. One thing I really wanted to find out is how other companies solve their problems and how they set up their infrastructure and their approaches [Spoiler Alert: different company, same problems and approaches ;-)]. So after over 12 years I quit to become a freelancer.
8. The present and future
And that is where I am now, Since 2017 I am working freelanced as a Cybersecurity Consultant. The first months I was working on building my business and on getting clients. During that time I still helped out my old company. My first job was building a MS Public Key infrastructure for a carrier and logistics company. Then I had a few consulting jobs especially for email encryption, SOC building, web security and doing some pentesting. I was also asked to review security policies and if they comply with ISO 27001.
This brought me to the point where I got more into project management to help building divisions for Cybersecurity, SOCs, CSIRT and implemting incident response processes. Because of a new German cybersecurity law a lot of companies need to get certified for a framework like ISO 27001, NIST or the german “BSI – Basic Protection Catalogue”. I had and still have a lot of projects in this section.
During this projects I often get the same questions and doing the same tasks over and over again and see the same problems. That is why I started this Blog. To share my knowledge and experience, what personal projects I am working on and what I learned from them.
That is it. Longest introduction in blogging history :-).
I would also appreciate your feedback and would love to hear more about your thoughts, what you are interested in, what problems are you facing and what you want to learn more about.
See you on the other side.
If you like to connect with me personally you can find me here: