AI is changing the game for cybersecurity, and not in a good way. Phishing attacks used to be easy to spot—generic emails full of typos, random calls from 'Microsoft tech support' claiming your computer is infected. But now, cybercriminals are using AI to make these scams almost impossible to detect. From deepfake voice calls to hyper-personalized emails crafted from scraped social media data, AI-powered phishing is getting smarter and more dangerous.

1. AI-Generated Voice Phishing (Vishing)

One of the scariest developments is AI-driven voice cloning. Scammers can now take a few seconds of someone’s voice—pulled from YouTube, social media, or even a voicemail—and use AI to create an eerily accurate replica. Imagine getting a call from your boss or a family member, only it’s not them.

Real-World Examples:

• In one case, a UK company’s CEO was tricked into wiring over $240,000 because the scammer perfectly mimicked his boss’s voice.

• Kidnapping scams are getting worse—people are receiving calls that sound exactly like their loved ones, crying for help.

As this tech improves, we’ll see even more fraud targeting businesses, executives, and everyday people.

2. AI-Powered Spear Phishing Emails

Forget those obvious "Dear Customer" scam emails. AI can now generate phishing emails that feel incredibly real by mimicking someone’s writing style and referencing actual details from their lives. By scraping public data from social media, attackers can craft emails that sound like they’re from a friend, coworker, or even a past conversation.

How This Works:

• Impersonation Scams: AI can write in a way that perfectly mimics a real person’s style, making fake emails hard to detect.

• Smart Replies: AI chatbots can seamlessly insert phishing attempts into ongoing conversations.

• Mass Customization: AI lets scammers generate thousands of realistic, unique phishing emails instantly, making traditional spam filters useless.

3. Fake AI-Generated Identities & Deepfake Videos

It’s not just emails—attackers are using AI to create fake social media profiles, complete with deepfake profile pictures and AI-generated bios. These fake personas can infiltrate professional networks, dating sites, and even corporate environments.

Emerging Threats:

• Romance Scams 2.0: Deepfake videos and AI-generated voices make online dating scams even more convincing.

• Business Email Compromise (BEC): Fake executives or employees trick companies into sending money or sharing sensitive data.

• Fake Job Offers: AI-generated recruiters lure job seekers into handing over personal details.

4. AI in Social Engineering and Data Scraping

Most of these scams start with one thing: data. AI can now scrape massive amounts of publicly available information to build detailed profiles of potential targets.

How It Works:

• Attackers pull names, email addresses, and even personal interests from social media.

• AI scans this data to craft messages that feel personal and convincing.

• AI-powered chatbots can interact with victims in real-time, making phishing attempts even more effective.

5. How to Protect Yourself from AI-Powered Phishing

While AI-driven phishing attacks are getting more advanced, there are still ways to protect yourself. The key is to stay vigilant and use multiple layers of security.

Tips to Stay Safe:

• Use Multi-Factor Authentication (MFA): Even if someone steals your credentials, MFA can stop them from logging in.

• Be Skeptical of Unexpected Requests: If you get an email or call that seems off, verify it independently before taking action.

• Limit Public Exposure of Personal Data: Avoid oversharing on social media, especially personal details that could be used to target you.

• Train Yourself & Your Team: Awareness is key. The more you know about these scams, the harder it is for attackers to fool you.

• Monitor Your Digital Footprint: Regularly check your online presence and remove unnecessary personal information.

• Enable AI-Powered Security Solutions: Some cybersecurity tools now use AI to detect phishing patterns—use them to your advantage.

• Push for Better Security Standards: Governments and companies need to step up with regulations and AI-driven defenses to fight AI-driven threats.

What’s Next? The Future of AI-Powered Phishing

As AI technology gets better, phishing attacks will become even harder to detect. We’re looking at a future where scammers combine deepfake voice calls, real-time chatbot scams, and adaptive AI-driven attacks to manipulate people like never before.

Final Thoughts

AI-powered phishing is evolving fast, and it’s getting scary. We’re past the days of easy-to-spot scams. The lines between real and fake are blurring, and both individuals and businesses need to step up their cybersecurity game. The fight between AI security and AI scams is just getting started—are we ready for it?

Keep it secret, keep it safe.

Artificial intelligence is everywhere these days, and the newest player on the scene, DeepSeek, is making waves. Developed in China, this AI platform is climbing the charts, offering natural language processing tools that rival ChatGPT. But before you dive in and start feeding it your data, let’s talk about the elephant in the room: the serious cybersecurity risks tied to DeepSeek.

Here’s why you should think twice about using it and what you can do to protect yourself if you decide to.

What Makes DeepSeek a Risk?

1. Your Data May Not Be Yours Anymore

DeepSeek’s privacy policy spells it out: your data—including conversations and personal details—is sent to servers in China. That’s where the problem starts. Under Chinese law, government agencies can access data stored on servers within their jurisdiction. This means any sensitive info you share with DeepSeek could potentially fall into the hands of the Chinese government or other third parties.

Whether you’re sharing personal insights or brainstorming ideas for your next big project, you’re essentially handing that data over with little to no control over what happens to it.

2. Built-In Censorship

DeepSeek doesn’t just process your data; it controls the narrative. The platform actively censors topics deemed sensitive by the Chinese government. For instance, it sidesteps discussions on events like Tiananmen Square or Taiwan’s independence. This isn’t just a political issue—it means the information you get back from the platform could be biased, incomplete, or flat-out wrong.

Think about the implications if you’re relying on it for research, decision-making, or content creation. Can you trust an AI that’s programmed to avoid certain truths?

3. Security Gaps

It’s no secret that DeepSeek has faced cyberattacks. Shortly after its rise in popularity, the platform was hit with large-scale malicious attacks that disrupted its operations. While details are scarce, the takeaway is clear: if hackers can target the platform, they might also gain access to user data.

Combine that with the fact that DeepSeek’s open-source models could potentially introduce vulnerabilities into systems where they’re integrated, and you’ve got a recipe for disaster.

4. Not Multimodal

While DeepSeek’s performance is comparable to OpenAI’s o1 model for text-based tasks, it lacks multimodal capabilities. OpenAI’s models are capable of handling both text and images, giving them a broader range of applications. If you require AI that can work across multiple formats or integrate more seamlessly into diverse workflows, sticking with OpenAI might be the smarter choice—assuming you trust their privacy practices.

How to Stay Safe While Using DeepSeek

Let’s say you still want to give DeepSeek a shot. Fair enough. Here are some practical steps to minimize the risks:

1. Keep It Local

One of the best ways to mitigate risks is to run DeepSeek locally. Since DeepSeek’s models are open-source, you can download and deploy them on your own hardware. By doing this:

• You keep all data processing on your machine, ensuring no sensitive information leaves your control.

• You eliminate the risks of data interception or misuse by external servers.

• You gain the ability to audit and modify the code for additional security measures.

DeepSeek’s source code is publicly available on GitHub:

• DeepSeek GitHub Organization: https://github.com/deepseek-ai

• DeepSeek-R1 Repository: https://github.com/deepseek-ai/DeepSeek-R1

To set this up, you’ll need adequate hardware resources and some technical know-how to configure the models. This approach is particularly ideal for businesses handling sensitive data or individuals who prioritize privacy.

2. Avoid Sharing Sensitive Data

Even if you’re running DeepSeek locally, be mindful of the kind of data you feed into the AI. Avoid inputting personal, financial, or confidential information, as AI models often log data during processing (unless explicitly disabled).

3. Don’t Integrate It Into Sensitive Systems

If you’re a business, resist the urge to embed DeepSeek’s tools into your workflows without a thorough security audit. Open-source doesn’t always mean safe.

4. Double-Check Its Outputs

Cross-verify any information you get from DeepSeek, especially on sensitive or critical topics. Don’t assume the AI’s responses are unbiased or complete.

5. Stay Updated

If you’re using DeepSeek’s open-source models, make sure you’re running the latest versions with all security patches applied. Outdated software is a hacker’s playground.

6. Isolate It

Use sandboxing techniques if you’re testing or experimenting with DeepSeek’s tools. This keeps it from accessing your broader systems or data.

Final Thoughts

DeepSeek might be flashy and powerful, but its risks are just as big as its promises. Whether it’s the lack of data privacy, the built-in censorship, or the security vulnerabilities, users need to tread carefully. At the end of the day, cybersecurity comes down to making informed choices, and when it comes to DeepSeek, the choice is yours.

Personally, I’d think long and hard before handing over my data to a platform that raises so many red flags. If you’re going to use it, running it locally is by far the safest approach. However, if you need multimodal capabilities or prefer a more established ecosystem, OpenAI remains a solid option—as long as you’re comfortable with their data handling practices. Stay informed, stay cautious, and, most importantly, stay secure.

Keep it secret, keep it safe.

The question of how often to change passwords has been a hot topic in the cybersecurity world for years. A lot of people still cling to the advice of changing passwords every 90 days, but is that really the best approach? I had this exact conversation with my Ethical Hacking professor recently, and he gave me a perspective that really stuck. He said, “Changing passwords too often is like asking someone to carry a hundred fragile plates—they’ll drop them eventually.” At first, I laughed, but then he explained why. Frequent password changes can actually weaken security because they encourage users to take shortcuts, like reusing patterns or slightly modifying old passwords. Think about how many people turn “Password1” into “Password2” after being forced to change it. Attackers know this pattern and can exploit it. Let’s take a deeper dive into when you should change your passwords and explore the best ways to create strong, secure passwords without driving yourself crazy.

How Often Should You Change Passwords?

The old-school advice was to change passwords every 30, 60, or 90 days, but recent guidance has turned that on its head. Today, organizations like the National Institute of Standards and Technology (NIST) recommend only changing passwords if there’s evidence of a breach or compromise. For example, if you get a notification from a site like Have I Been Pwned that your email was part of a data breach, that’s your cue to act. Changing passwords unnecessarily can lead to bad habits: people create simpler passwords when forced to change them often, making accounts more vulnerable. Repeating similar passwords or making predictable changes (e.g., “MyPassword1” to “MyPassword2”) doesn’t help. Instead of rotating passwords frequently, focus on creating strong, unique passwords from the start and only update them when you suspect they’ve been compromised.

The Types of Passwords: Passphrases vs. Randomized Passwords

When it comes to securing your accounts, there’s a lot of debate about whether to use passphrases or randomized passwords. Let’s break down the pros and cons of each. Passphrases are longer strings of words or phrases that are easier to remember but still highly secure. For example, “SunsetDrive!OpenSky42” is a passphrase that combines random words with numbers and symbols. Passphrases are easier to remember since they often have personal relevance. Their length makes them more resistant to brute-force attacks, and they work great for accounts where you need memorability but also want strong protection. However, some systems limit password length, which could restrict the use of passphrases. Additionally, not all platforms support spaces or unconventional characters, which can be frustrating.

Randomized passwords consist of completely random combinations of characters, like “7$hG!5xW^2J”. These are often generated by password managers. Randomized passwords are highly secure because they have no patterns or personal relevance, making them nearly impossible to guess. They are ideal for sensitive accounts like banking or cloud storage. However, they are hard to remember unless you’re using a password manager, and typing them, especially on mobile devices, can be frustrating.

My Ethical Hacking Professor’s Take on Passphrases

During one of our classes, my professor mentioned that passphrases are often the best compromise between usability and security. He joked that “nobody remembers a password like ‘7$hG!5xW^2J’ unless they’re a robot or have a photographic memory.” His advice was to use a passphrase for most accounts and save the hardcore randomized passwords for things like password managers or accounts where absolute security is non-negotiable, like banking or healthcare.

Best Practices for Managing Your Passwords

Use strong, unique passwords for each account. Never reuse passwords. If one account is compromised, reused passwords give attackers a free pass to access your other accounts. Adopt a password manager, which can generate and store complex passwords for you. This eliminates the need to remember every password while encouraging the use of stronger, randomized options. Enable multi-factor authentication (MFA). Adding a second layer of protection ensures that even if someone steals your password, they’ll need another form of authentication to gain access. Use tools like Have I Been Pwned to monitor your accounts for breaches and act immediately if your passwords are exposed.

Don’t change passwords unnecessarily. Instead, change them when you receive a breach notification, suspect unauthorized access, or if you’ve shared the password with someone and no longer want them to have access. For sensitive accounts, use randomized passwords, and for frequent-use accounts, use passphrases.

Passphrases vs. Randomized Passwords: Which One Should You Use?

My professor summed it up perfectly: “Use passphrases when you need to remember them, and use randomized passwords when you don’t.” For example, a passphrase like “CoffeeBeansSunshine42!” is perfect for your email or work login—something you type every day. A randomized password like “7$hG!5xW^2J” is ideal for accounts stored in a password manager, where memorability isn’t necessary.

Final Thoughts: Balancing Security and Practicality

Password management is all about finding a balance between security and usability. The key isn’t how often you change your passwords but how strong and unique they are in the first place. By combining strong passwords, multi-factor authentication, and a password manager, you’ll stay ahead of most threats. Remember, cybersecurity isn’t about being perfect; it’s about making yourself a harder target than the person next to you. Whether you’re using passphrases, randomized passwords, or a mix of both, the best password is one that keeps attackers guessing while still being manageable for you.

You can read about what password manager I think is the best and why here https://bazsec.net/supporters/posts/95242

And you can read about why you should NEVER save your passwords in your browser here https://bazsec.net/supporters/posts/95241

Keep it secret, keep it safe.

As I sit here with some time before class, I find myself reflecting on the mix of emotions I’m feeling as I approach the end of my time at Rockland Community College (RCC). In less than four months, I’ll officially earn my associate degree in cybersecurity—a milestone that represents both the end of one chapter and the beginning of another. This summer, I’ll be closing the door on RCC, and in the fall, I’ll be stepping into new opportunities at Mercy University. The thought of leaving RCC is bittersweet.

Over the past couple of years, the people I’ve met at RCC have made a lasting impact on me. The professors and staff in the cybersecurity department have been nothing short of incredible. They are not only professional and knowledgeable but also genuinely invested in their students’ success. It’s rare to find such a supportive community of educators who truly care about both your academic growth and personal journey. While RCC is far from perfect—it has its flaws, like any school—I am genuinely grateful for the experience. Attending RCC was the right decision, and I’m proud to have stuck it out to the finish line.

That said, my time at RCC hasn’t been without its challenges. There were moments when I questioned whether I should transfer to Mercy University earlier than planned or finish my associate degree first. Transferring early might have been the faster route, but ultimately, I believe I made the right decision by staying. Completing my degree at RCC not only gave me the chance to finish what I started, but it also provided a strong foundation for my next steps. Sometimes, the journey itself teaches us just as much as the destination.

Now, as I prepare to move on, I can’t help but feel a sense of excitement for what’s to come. Mercy University seems to have a solid cybersecurity program that will push me to grow further, both academically and professionally. I’ve already connected with a few friends who are attending Mercy, which makes the transition even more exciting. I’m looking forward to tackling the challenges ahead and continuing to build on everything I’ve learned at RCC.

Reflecting on this journey reminds me how far I’ve come, not just in terms of knowledge and skills, but also in terms of confidence and perseverance. The field of cybersecurity is constantly evolving, and while there’s always more to learn, I feel ready to take the next step. As I move forward, I’ll carry the lessons, friendships, and experiences I’ve gained at RCC with me.

For now, I’m savoring these last few months at RCC and appreciating all the moments—both big and small—that have shaped my path. The road ahead is exciting, and I can’t wait to see where it leads.

So, while I am sad to hang up my green hoodie, I am excited to go buy a blue one. Go Mavericks!

Keep it secret, keep it safe.

When it comes to cybersecurity, one of the most important steps you can take is adopting a solid password management strategy. With countless accounts to manage, each requiring strong and unique credentials, a password manager becomes an essential tool—not just for convenience, but for security.

My go-to solution? Bitwarden.

I’ve tried several password managers over the years, but Bitwarden stands out for its blend of robust features, open-source transparency, and affordability. Whether you’re a seasoned tech enthusiast or just starting your cybersecurity journey, Bitwarden has something to offer. Here’s why it’s my top choice.

Key Features of Bitwarden

1. Open-Source Transparency

Unlike many competitors, Bitwarden is fully open-source. Its code is publicly available for review, which means anyone can audit it for vulnerabilities. This level of transparency fosters trust and ensures that Bitwarden meets the highest security standards.

2. End-to-End Encryption

Bitwarden encrypts your data locally on your device before it’s sent to their servers, ensuring that only you have access to your credentials. Even if their servers were compromised, your data would remain safe.

3. Cross-Platform Compatibility

Bitwarden works on just about everything—Windows, macOS, Linux, iOS, Android, and even browser extensions for Chrome, Firefox, Edge, and others. It also has a web vault for quick access on any device.

4. Password Generator

Bitwarden’s built-in password generator creates complex, unique passwords on the fly. You can customize the length, use special characters, and exclude ambiguous symbols, making it a great tool for meeting specific password policies.

5. Two-Factor Authentication (2FA) Support

Bitwarden supports two-factor authentication for an added layer of security. For advanced users, it also offers integration with hardware security keys like YubiKey or biometric authentication for premium subscribers.

6. Affordable Premium Plan

While Bitwarden’s core features are free, their premium plan is one of the most affordable in the industry at just $10 a year. Premium unlocks extras like encrypted file storage, advanced 2FA options, and priority support.

7. Secure Sharing

Bitwarden makes it easy to securely share login credentials with trusted individuals or teams. Their Bitwarden Send feature lets you share encrypted notes and passwords without fear of exposure.

8. Self-Hosting Option

For those who prefer maximum control, Bitwarden offers the ability to self-host your password vault. This is a great option for businesses or tech-savvy users who want complete oversight of their data.

Why I Trust Bitwarden

I trust Bitwarden not just because of its features, but because of its philosophy. In a world where some companies treat security as an afterthought, Bitwarden puts it front and center. Its open-source nature, combined with regular third-party security audits, gives me confidence that my data is in good hands.

As someone deeply invested in cybersecurity, I also appreciate Bitwarden’s ability to scale with my needs. Whether I’m managing my personal passwords or sharing credentials securely within a project team, Bitwarden handles it all seamlessly.

Tips for Using Bitwarden

• Enable Two-Factor Authentication: Strengthen your vault’s security by adding 2FA. It’s quick to set up and adds a crucial second layer of protection.

• Audit Your Vault Regularly: Bitwarden includes a health report that flags reused or weak passwords. Use it to stay on top of your password hygiene.

• Explore Advanced Features: Try out encrypted file sharing or self-hosting if you’re comfortable diving deeper into Bitwarden’s ecosystem.

Final Thoughts

Bitwarden isn’t just a tool—it’s a key part of my cybersecurity strategy. With its robust features, open-source nature, and affordable pricing, it’s easy to see why it’s my favorite password manager. If you’re still saving passwords in your browser or using the same credentials across multiple sites, it’s time to make a change.

Remember, good password hygiene is the foundation of your digital security. Tools like Bitwarden make it easy to stay safe without sacrificing convenience.

Keep it secret, keep it safe.

We live in an age of convenience, and no tool embodies this quite like the humble browser password manager. Google Chrome, for example, offers to save your passwords with the promise of auto-fill magic across devices. It sounds like the perfect solution to juggling dozens of complex credentials. But is it safe?

Here’s the brutal truth: relying on Chrome (or any browser) to manage your passwords creates a single point of failure. If your Gmail account becomes compromised, your entire digital life could unravel in moments. Let me share a story about one of my clients to drive this point home.

A Nightmare in Action: One Client’s Story

A few months ago, I worked with a client — let’s call him James — who experienced the kind of disaster we all think could never happen to us. James was a small business owner who relied heavily on his Gmail account for both personal and professional communication. Like many people, he trusted Chrome’s built-in password manager to store his credentials, believing it was secure enough for everyday use.

One morning, James received an email claiming to be from Google’s security team. The email warned of unusual activity on his account and directed him to a login page to verify his identity. The email looked legitimate: the logo, formatting, and language were all spot-on. Trusting the message, James clicked the link and entered his credentials.

That’s all it took.

The link led to a phishing site designed to harvest usernames and passwords. Within hours, the attacker had logged into James’s Gmail account and gained full control.

• They Changed Recovery Options: The attacker immediately updated James’s recovery phone number, backup email, and security questions. This ensured James couldn’t use Google’s automated account recovery tools to regain access.

• Synced Chrome Data: Using James’s Gmail login, they accessed Chrome’s synced data, including every saved password. Bank accounts, business tools, cloud services — all of it was now in their hands.

• Financial Devastation: The attacker drained thousands of dollars from James’s bank accounts, made unauthorized credit card charges, and even set up new accounts in his name.

• Business Chaos: They took control of James’s business email and started sending phishing emails to his clients, damaging his reputation and leading to lost contracts.

When James realized what had happened, he tried to recover his Gmail account. But with the recovery options changed, Google’s system couldn’t verify that he was the rightful owner. Despite repeated attempts to escalate the issue with Google support, the account was lost for good. Years of emails, business contacts, and personal files stored in Google Drive were gone.

Why Your Browser Isn’t Built for Security

James’s experience highlights the inherent vulnerabilities of browser-based password managers:

• Tied to Your Email: Chrome encrypts your passwords, but the encryption key is linked to your Google account. If the account is compromised, everything is exposed.

• No Additional Protections: Unlike dedicated password managers, Chrome doesn’t require a master password or two-factor authentication to access stored credentials.

The Domino Effect of a Gmail Breach

A single compromised Gmail account can lead to widespread damage:

• Identity Theft: Stolen credentials allow attackers to access other accounts or create new ones in your name.

• Financial Losses: Fraudulent charges and account takeovers can quickly deplete your finances.

• Reputational Harm: Phishing emails sent from your account can erode trust with friends, family, or clients.

• Permanent Data Loss: Emails, photos, and documents stored in Google’s ecosystem could be irretrievable.

How to Protect Yourself

1. Use a Dedicated Password Manager: Invest in a tool like Bitwarden, LastPass, or 1Password. These services encrypt your passwords with a master key and require authentication to access stored credentials.

2. Enable Two-Factor Authentication (2FA): Always activate 2FA for your Gmail account and other critical services. Even if an attacker steals your password, they can’t access your account without the second factor.

3. Avoid Browser Password Managers: Review what’s stored in Chrome or other browsers, export those passwords to a dedicated manager, and delete them from the browser.

4. Strengthen Your Awareness of Phishing Attacks: Always verify the sender’s email address and think twice before clicking links in unsolicited messages. If in doubt, go directly to the service’s website instead of using a provided link.

5. Regularly Monitor Account Activity: Google offers tools to review recent logins and device activity. Make it a habit to check for anything suspicious.

James’s story is a cautionary tale about the risks of convenience over security. Browser-based password managers might seem like an easy solution, but they create a dangerous single point of failure. By using a dedicated password manager, enabling 2FA, and staying vigilant against phishing attacks, you can protect yourself from similar disasters.

In cybersecurity, small lapses can lead to catastrophic consequences. Learn from James’s experience and take steps today to secure your digital life.

Keep it secret, keep it safe.

This past month, I had an incredible opportunity to work with Tater Networks, setting up the network infrastructure for AWS re:Invent in Las Vegas. It was a whirlwind experience that pushed me both professionally and personally, and I wanted to share the highlights of this adventure with you.
The work began a week before the show at the Mandalay Bay. While most people were gearing up for Thanksgiving with their families, I was in the trenches with the amazing team at Tater Networks. Being away from family during the holidays isn’t easy, but Tater made it special. They gave us Thanksgiving Day off and treated everyone to an incredible dinner at Fogo de Chão. Sharing that meal with my coworkers, who quickly felt like family, was a moment I won’t forget.
Setting up for re:Invent meant running what felt like thousands of feet of LAN cable. These cables connected wireless access points (APs), switches, and drops at tables throughout the venue. It was physically demanding but also incredibly satisfying to see it all come together. My experience in IT helped me stand out as I assisted newer team members with tasks like crimping RJ45 connectors and ensuring proper connections. It was a great reminder of how far I’ve come in this field and how much I enjoy collaborating with others.
One bittersweet aspect of this experience was not getting to see the event itself. Our work was finished just as re:Invent began, and we packed up and headed home. Next time, I hope to join the breakdown team as well, so I can see the fruits of our labor in action.
The highlight of my time with Tater Networks was the people. It’s a truly diverse and talented group, with a professional atmosphere that makes you feel like part of something bigger. I was constantly impressed by the dedication and camaraderie of everyone on the team, and it was an honor to work alongside them.
I wouldn’t have had this opportunity without the incredible support of the Cyber Security Department at Rockland Community College. Professors Jeanette Geller, Nicole Hanaburgh, and Christopher Flatley played a pivotal role in fostering my passion for cybersecurity and IT as a whole. These three instructors not only provided me with the foundation I needed but also believed in me enough to select me for the Cisco GSX Dream Team, an experience that directly led to my meeting the amazing team at Tater Networks.
I’m also especially grateful to Norman Randall Jr, Tater Networks’ Director of Operations, for giving me a chance to prove myself and take part in such an amazing experience. This project reminded me why I love this field. The blend of technical challenges, teamwork, and a sense of accomplishment makes all the hard work worthwhile. I’m looking forward to my next adventure with Tater Networks and continuing to grow in this exciting industry.

Keep it secret, keep it safe.

I am currently in my college's Cyber Security Club, and we are competing in the NCL (National Cyber League) this weekend. While I consider myself very computer literate, I don’t know much about Capture the Flag (CTF) events and the various tools available for competitions like this. (Side note: I’ve added a tools page to the club site with links to all the tools I discover.)

I started practicing in the Skyline NCL Gymnasium, but even those challenges were a bit complex. After a conversation with ChatGPT, I discovered picoCTF—and I’m in love with it. The site offers a massive selection of practice challenges that start off super simple. I’ve been working my way through them, and finding the flags has been a lot of fun. It has given me a lot more confidence in my abilities for this weekend.

My recommendation for anyone looking to get into cybersecurity is to check out picoCTF first. It’s an outstanding (and free) resource run by Carnegie Mellon University that has helped me tremendously in taking my first steps into this field.

Keep it secret, keep it safe.

Read on Medium | https://bazsec.net/supporters/posts/87009

Hi, my name is Baz. I’m about two-thirds of the way to earning my associate’s degree in cybersecurity, and I’ve been thinking a lot about what I want to do with my second career. You see, I’m retired military, having served in the active Army for 20 years. After I retired, I decided to take advantage of my Post-9/11 GI Bill (mostly for the financial support) and chose an IT major that caught my interest.

Over the past year and a half, I’ve fallen in love with cybersecurity. What started as a class requirement has quickly become both a prospective career path and a deep-seated hobby. I’ve joined my college’s Cyber Security Club, where I’m a sitting member of the eBoard, and we’re gearing up to compete in the National Cyber League (NCL) as a team. Even with all this hands-on experience, I’m realizing just how much there is to learn.

Originally, I thought about creating an online repository of useful tools and resources I find along the way. However, the more I considered it, the more I realized that a blog would allow me to document my entire journey in this incredible field. So, here we are — welcome to BazSec: One byte at a time!

This blog will be my adventure log, where I’ll share useful tools, websites, and resources as I find them. I’ll document the strategies that work well for me, along with the inevitable stumbles. My hope is that by charting my path from college to the cybersecurity workspace, this blog can serve as a blueprint for others to follow.

Thanks for joining me on this journey; it’s going to be a wild ride!

Keep it secret, keep it safe.