-
Continue reading →: The Evolving Role of WAFs: On-Premises vs. Cloud-Based DeploymentWeb Application Firewalls (WAFs) have become a cornerstone of modern network and perimeter security. Not only are they a best practice for protecting web applications, but some regulations—such as PCI DSS—now mandate their use. As the threat landscape evolves and compliance demands increase, WAF deployment and licensing models have also matured,…
-
Continue reading →: CVSS 2.0 vs. CVSS 3.0: Why the Upgrade Matters—And What’s Still MissingCVSS (Common Vulnerability Scoring System) is the industry standard for rating the severity of security vulnerabilities in software and hardware. Most vulnerabilities receive a CVSS score—ranging from 0 to 10—and are categorized by severity, with CVSS 2.0 using Low, Medium, and High, and CVSS 3.0 adding Critical and None for…
-
Continue reading →: Rate Limiting: Your First Line of Security DefenseIf you’ve ever wondered whether rate limiting is a performance or security control, the answer is both. While I look at it from a security perspective, it’s also a powerful tool for maintaining system stability. Most modern products offer rate limiting out-of-the-box, making it an accessible layer of defense. What…
-
Continue reading →: Why Group Policy Objects (GPOs) Can’t Be Enforced Natively on Linux — And How Enterprises ManageAs an IT professional, I’ve always been curious about the fundamental architectural differences between Windows and Linux operating systems. One area that particularly intrigues me is how certain enterprise requirements—like centralized policy enforcement—are handled differently across these platforms. Specifically, why can’t Linux enforce Active Directory Group Policy Objects (GPOs) the…
-
Continue reading →: TLS 1.3 in Focus: The Upgrade Your Enterprise Can’t IgnoreTransport Layer Security (TLS) is the backbone of secure communications on the internet. It protects data as it moves between clients and servers. While TLS 1.3 has been available for over five years, and TLS 1.2 still lacks an official sunset date, regulatory bodies and security-conscious organizations are pushing hard…
-
Continue reading →: From Siloed Tools to Unified Defense: Lessons from a Real-World Ransomware IncidentMost medium to large organizations deploy a range of security tools—endpoint protection, file integrity monitoring (FIM), SIEM, and more. These tools often generate their own reports and benchmarks. The true value emerges when their data is correlated in real time. This integrated approach can reveal malicious activity or insider threats…
-
Continue reading →: Positioning WAF and IPS: Building a Robust Security Posture for Enterprise ApplicationsIf you’ve ever debated whether your Intrusion Prevention System (IPS) or Web Application Firewall (WAF) should come first in your enterprise security stack, you’re in good company. This question isn’t just common—it’s fundamental to building a resilient, layered defense for public-facing applications. Let’s break down the roles of these controls,…
-
Continue reading →: The Costs of Over-Engineering Identity Management SystemsIdentity management (IdM) is the backbone of secure access in every organization. At its core, it’s about ensuring the right people have the right access. Increasingly, the right machines need this access too. It’s crucial they have the right resources at the right time. Most large enterprises have relied on…
-
Continue reading →: Thinking About Moving Into Security? Here’s What You Need to KnowAre you planning to transition into the security domain? This applies whether you are a scrum master, program manager, developer, tester, cloud administrator, or database administrator. The good news is that moving into security doesn’t have to be a complex leap. The security field offers a wide range of options.…
-
Continue reading →: Do You Know Your Network Profile? Windows, Mac, and Linux ComparedHave you noticed why there are three profiles in Windows and why such profiles do not exist on Mac? Or how, in Linux, there are no fixed profiles, but you can create your own user-defined profiles? Before we go further, let’s clarify what a “profile” or so-called network profile actually…
Hello,
Welcome to InfoSec Journey!
I’m glad you’re here. This is a friendly space where you can explore cybersecurity at your own pace—whether you’re curious about network, application, or cloud security, or just want to stay updated with the latest trends. You’ll find easy-to-follow tips, practical insights, and helpful resources to support you, no matter where you are on your security journey. Let’s learn and grow together in today’s digital world!
Let’s connect
Stay Connected!
Stay connected with us—subscribe to our newsletter for regular updates and valuable insights, sent with your interests in mind.
Infosec Journey 