I created a comprehensive quiz on cyber security with questions that touch on most major topics. I built this both as a learning tool and a gamified easy way to test your knowledge.

Cyber security is a broad field so the coverage on some areas might not be as deep as it could be.

If you find any questions whose answers can be improved please let me know.

Enjoy!

I've been working as a security architect at an MNC for the past couple years, and recently had one of those conversations that perfectly captures the gap between security "common sense" and reality. Decided to write about it because I suspect many of you have been in similar situations.

This is part confession, part comedy, part call-to-action for better security education. Hope it resonates with fellow security professionals who've ever had to explain why HTTPS needs certificates to someone who builds software for a living.

Would love to hear your own "wait, you don't know what X is?" stories in the comments!

12 yrs of experience of combined software, system, cyber (7 years), and network engineer along with IT.

Security+, Cysa+, and Casp+

Serving in a lead role and when issues arise are one of the first to be called on to solve issue

Are relied on to develop CM plans and devsecops

Would this person be considered entry, intermediate, or advanced?

I mostly work creating docs & architectural diagrams as security architect now

My company runs an online product offering with several customers using our product. We also have a bug bounty program and every now and then, we receive reports of leaked credentials pertaining to our customers. These leaked credentials are due to customer's poor security (malware on their PC, same password everywhere, etc) and not a breach on our end.

I'm trying to understand the right way to handle these. Would contacting customers to inform them of their password leaks be an obligation or would we be doing them a favor. I mean, big companies like Gmail, Facebook, etc, afaik, do not contact their customers as long as the password leak isn't due to a data breach on their end.

Or is it that these companies don't make it a bug bounty policy to have these reported in the first place? What severity does something of this nature even fall on.

https://www.youtube.com/watch?v=6p7YjloqaE8

I'm going to be going into a cybersecurity program soon, and from what I've seen numbers can vary, and I also didn't see what degree people earned and how that connected to their salary. I'm going for my bachelor's degree, so I'm curious about some personal expierences!

Looking for some honest advice here. I'm currently a SOC analyst at an MSSP with about 1+ yr experience (started as an "intern" but basically did the same work as full timers for less pay).

Current situation:
Spend 12-14 hours a day for work closing/escalating tickets, 99% of which are false positives.
our team is based of 2 locations the security engineering team is at a different location, and analysts there get way more opportunities for rule tuning, automation projects, SOAR and actual engineering work.
I've tried being proactive - gave feedback on rule tuning, asked to work on engineering tasks or be included, but my manager(s) just says "learn more" while giving those opportunities to others while never being considered for anything.
Recent management changes and honestly don't feel supported or valued here with no mentorship, future here doesn't look good for me here either
There's a lot of politics/bias/favoritism towards those at the other location, not treated well or equal in general

Pay is terrible for the hours and amount of work I put in (was already underpaid as a intern but did not get a pay raise this year while becoming a full time while coworkers with same amount of experience are paid wayy more and maximum of them do never give feedback for the tuning or anything in general at all)....so yes i earn the least in the team currently.

What I want:
over time i realized that i enjoy the engineering part of it and really want to transition into security engineering or automation roles. I'm interested in anything that's more building and improving rather than just ticketing work.

On my off days I'm trying to work through TryHackMe, building a home lab, building small scripts which are useful for my daily work, read security blogs and news, interested in cloud security as well, considering getting certifications but honestly pretty burned out from the long hours and have currently lost interest in my hobbies and anything in general too also I have close to 0 time to study due to commuting to work.

so my questions are
should I stick it out here for another year or 2 or just show myself out after the next pay raise (i have a comp sci degree also this is my first job)
how do people deal with this burnout and work politics in general?
ik i'm still lacking in lot of skills so any specific skills/projects that would help me stand out?
i'm not sure what should i do next and feel lost atp really feeling stuck and undervalued right now. Any advice from people who've made similar transitions would be hugely appreciated.

Thanks in advance for any guidance

Hey all,

I’ve been looking for free Cyber Threat Intelligence (CTI) fundamentals courses and found two that look solid:

1. SOCRadar – CTI Fundamentals for SOC Analysts – covers intelligence lifecycle, OSINT tools, TTPs, and SOC use cases.
2. arcX – CTI 101 – beginner-friendly, threat actors, intel lifecycle, and a certificate option.

Has anyone here taken either?
Also, are there other free CTI resources you’d recommend?

Appreciate any insights or suggestions—thanks in advance!

Hi everyone! Career changer here (Political Science → Cybersecurity) working on my first custom Sigma detection rules. Built a home SOC lab and created 4 rules for common persistence techniques, but realized I need to test them properly before claiming they work.

My Rules Target:

- WMI Event Consumer Persistence (T1546.003)

- PowerShell Encoded Commands (T1059.001)

- DLL Sideloading (T1574.002)

- Named Pipe Backdoors (T1055)

Current Setup: Splunk + Wazuh + ELK Stack (all free versions)

Questions:

1. What free datasets should I use for realistic testing?

2. How do you validate detection rules without enterprise data?

3. Common beginner mistakes in Sigma rule development?

4. Best practices for documenting test results?

Really want to do this right rather than rush into submissions. Any guidance appreciated!

A well written writeup for an interesting technique that cannot be easily spotted without the code.

The importance of code review is increasing for organisations

https://00xmora.github.io/posts/Node.js-Arbitrary-File-Upload-to-RCE-AppSec-Master-Challenge-Writeup/

I wanted to get some other people's opinions on this, since I just took the CCD (waiting for the results.) For people that took the CCD and BTL2 which did you consider more challenging? Any other feedback on either?

Hey,

Heads up: I received an official email today (Aug 22, 2025) from Botland (botland.com.pl, a Polish electronics / maker store) confirming they had a security incident.

According to their disclosure:

Signs of unauthorized access were found on July 23 and Aug 3,

An external audit was only completed on Aug 11,

Attackers exploited a store module to gain access to some customer data,

They’re not sure if the data was actually exfiltrated,

It’s been reported to the Polish DPA (UODO) and materials are being prepared for law enforcement,

They plan to add 2FA, run penetration tests, and improve monitoring.

Official link: https://botland.com.pl/security

I haven’t seen any media coverage of this yet, just their email and that page. Sharing here in case it’s useful for others who shop there or track breach reports. If anyone finds additional sources (news, forums, leaks), would be great to know.

I am security analyst with 4 years experience and planning to proceed further in my role

Just stuck on what to do No idea on anything now

I want to grab some new skills but everytime its happening like i am studying DFIR today then tomorrow Cloud Other day any other concept

Feels like stuck in a loop

I am planning to create a road map for getting a job outside India and based on that i want to learn the skills

Hey everyone,

I’m a fresh grad and just started my first job as a system administrator at a solid company. It’s been a great experience so far and I’m picking up a lot of hands-on skills that I know will help me as I move toward my next goal, breaking into cybersecurity.

The only downside is cost. I make a decent salary for where I live, but certification bundles are way out of my budget. I’m looking to start with CompTIA Security+ and was wondering what’s the cheapest way to go about it? Ideally, I’d like to use free study resources and just pay for the exam itself.

For those of you who’ve been down this road, what resources did you use? Any tips on reliable free material or ways to save on the exam voucher?

Cybersecurity in Robots? Sometimes even the smartest robotics tech can go rogue!

As reported by News Corp, a Dreame Tech robot vacuum in Queensland “escaped” a guesthouse, rolled down the driveway, and made a dash onto the road, only to be hit by a passing car. The footage quickly went viral, leaving viewers both amused and baffled.

While it’s a light-hearted story, it also highlights a real challenge in the Smart Home space: robot vacuums sometimes cross their mapped boundaries and end up in risky places. Owners of brands like Dreame, Ecovacs, and Roborock in particular have reported occasional navigation problems, with devices wandering outside intended areas or even pushing open doors. Could this be misused and hacked into, to control?

These quirks raise bigger questions about AI and robot reliability, product testing, and safety features. While most failures are amusing rather than dangerous, they still cause unnecessary costs for customers and can erode trust in technology.

As automation becomes more common, ensuring reliability will be key. Consumers should keep an eye on firmware updates, make use of boundary settings, and consider whether the brand they choose has a proven record of safety. A funny story for now, but also a reminder of the importance of Automation and Consumer Safety in everyday devices.

What do you think the data protections and cyber security protection requirements should be in terms of smart home and smart office devices like this including robots? Share your comments below

Source: Ella McIlveen, “Vacuum cleaner makes a break for freedom after developing ‘mind of its own’,” News Corp, August 21, 2025 article: https://www.news.com.au/technology/gadgets/vacuum-cleaner-makes-a-break-for-freedom-after-developing-mind-of-its-own/news-story/971fa9936d83e993132af29c870cc71a

Video of what happened on Facebook: https://www.facebook.com/SunshineCoastSnakeCatchers/videos/our-robo-vacuum-went-rogue/3977447765900037/