Back to Blog PostsHeader image for post

Cybersecurity Recommendations

Security recommendations from someone who has no place to be giving security recommendations.

Ian Rose

July 12, 2024

Take this with a grain of salt, I'm not an expert.

Development Resources/ Terminology

  • OWASP Top 10
    • "The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications."
  • Secure Software Development Lifecycle (SSDLC)
    • Implementation of tools like SAST, SCA, and DAST at specific stages of development to ensure security is considered at every phase
  • Web Application Firewall (WAP)
    • "[P]rotects web applications from attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, among others."
  • CIA Triad
    • Confidentiality, Integrity, and Availability
    • Basis of security standards for software systems
  • Common Weaknesses Enumeration
    • Root Cause mapping of vulnerabilities from community
  • Try Hack Me
    • Cybersecurity practices to learn about penetration testing and hacking in general
  • Quip Quip
    • "quipqiup is a fast and automated cryptogram solver by Edwin Olson. It can solve simple substitution ciphers often found in newspapers, including puzzles like cryptoquips (in which word boundaries are preserved) and patristocrats (inwhi chwor dboun darie saren t)." - From Site

Personal Security Tools and Tips

  • Yubico YubiKeys
    • Hardware token that can be configured for authentication as a Passkey (like Apple's Face ID)
    • On sites where it cant be configured as a passkey, you can use the yubico authenticator for 2FA. The authenticator app requires that the Yubikey be scanned each time the app is opened in order to see the authorization codes.
    • Supports FIDO2/WebAuthn (hardware bound passkey), FIDO U2F, Yubico OTP, OATH-TOTP, OATH-HOTP, Smart card (PIV) and OpenPGP.
    • Can add additional PIN numbers required for specific protocols for even more security
    • Advised to have more than 1 for backup
  • BitWarden Password Manager
    • Encrypted password vault that can also store notes, credit cards, identities, and more
    • Paid version allows configuration of a YubiKey in order to be able to access your Web Vault
    • Can share encrypted messages with other BitWarden users
    • Can get a family account and have shared password folders for logins like Netflix, Amazon, Etc.
      • Can even configure different access-controls for different family members
    • I prefer it to iCloud's password manager because it can be installed on any device or accessed through a browser
    • I don't trust Google's password manager
    • Other good alternatives are KeePass (Open-Sourced) and 1Password
    • *Should back up your vault to a secure external drive from time to time
  • Proton VPN
    • 10 Protected devices with paid plan ($10/ month, $60/ year, $108/ 2-years)
  • Malware Bytes
    • Scans OS and the file system for signs of malware or suspicious files
  • Apple Pay
    • I use Apple Pay whenever possible. EFT providers have very strict security regulations, but it's even better if the EFT providers themselves only get a single use payment token from Apple.
  • I only use Face ID for convenience, not security. I will not use it as a Passkey for any sensitive accounts as it can be seen as too forgiving to differences
  • ID Shield
    • Identity monitoring
    • Offered (or at least was offered) as an employee benefit (large discount)
    • $3 million Identity Theft Insurance
    • Fraud Alerts
  • Ledger Nano Cryptowallet
    • Secure bluetooth cryptowallet with iOS support
    • If you're going to store/ invest in/ use cryptocurrencies, this is a very secure way to do so

Personal Privacy Tools and tips

  • Firefox Browser or Brave Browser
    • TOR browser if you're REALLY looking for privacy (Uses Firefox). Accesses Dark Web
  • EFF Privacy Badger Browser Extension
  • Ghostery Privacy Ad Blocker Browser Extension
  • Duck Duck Go Privacy Essentials Browser Extension
  • Duck Duck Go Search Engine
  • Mullvad VPN
    • Haven't tried yet, but seen some good reviews. I think Mozilla VPN is built on top of it.
    • Account is not tied to you at all, you add minutes to the software through western union transfers or bitcoin wallets. Debit cards are allowed, but frowned upon to use by the developers. Site makes you check a box that says you agree to stay anonymous in order to create an "account"
  • Pi Hole
    • Network wide ad-blocker and tracker-blocker
  • Cloaked App
    • This service scans 116 data broker websites for your personal information and fills out removal requests on your behalf while also warning you about the data exposure
    • Allows the creation of "Cloaked" identities for creating accounts. Generates a phone number and email for you to use that gets forwarded by cloaked to your actual phone/ email. Also keeps track of all your cloaked identities
    • $1 Million Identity Theft Insurance with paid plan
    • A lot of times sites will give you a discount code for giving them your email and phone number. This allows you to give them a "soft" account identity that you still have access to, but can delete at any point without worry of your personal info being out there
  • Monero for payment
    • Most private cryptocurrency
    • Should have a "middle man" wallet still
Back to Blog Posts