Introduction to AI & Machine Learning Part 1.

Artificial intelligence (AI) is an area of computer science that emphasizes the creation of intelligent machines that work and reacts like humans.

Some applications of AI include expert systems, speech recognition and machine vision.

But can we really call this AI , yes but this is not the Ultimate goal of AI , developers looking to create Machines more smarter than Humans , which leads many to warn from this step.

Elon Musk believes that the advancement in technology can create super intelligence that can threaten human existence.

This smart than Human AI ( we call it Artificial Super Intelligence ASI ) could be presented as network of computing power, it can be a human-computer interface(hybrid) or it can be a biologically advanced brain.

But we still far away from that, we did not even reach yet the point where AI machine can be smart as human beings.  (We call it Artificial General Intelligence AGI )

The Singularity Summit (2012) predicted this may happen around 2040 based on inputs from experts.

Most of the AI systems in place today are Weak Artificial Intelligence (WAI), which were designed to solve a specific problem.

Such as AlphaGo, who beat human champions in board game.

AI Types:

  • Artificial Super Intelligence (ASI)   , where machines are intelligent & smart more than human beings.
  • Artificial General Intelligence (AGI)  , where machines are intelligent & smart as human beings. This also what we call AI-complete.
  • Weak Artificial Intelligence (WAI), where machines are intelligent & smart less  than human beings in general while it could be smarter in specific task or set of tasks.

We are moving from WAI to AGI but slowly


Read More in my Article here :

The History of DevOps & NetDevOps

Everything started with Virtualization products (such as VMware) then Data Centers came (Cisco Nexus & UCS) that leads to Cloud Computing (Microsoft Azure , Google Cloud & Amazon AWS) then the needs of containers pop up (Dockers) and that is why Microsoft added a complete chapter for how to use docker on windows 2016 server

Same time we used to have Network functions virtualization NFV (Virtual Router, Switch, Firewall,IPS..etc) which leads to even having Virtual switch independent products ( VMware VSS,VDS/ Cisco Nexus 1000v /AVS/OVS).

Then we got the new term “Network Virtualization” where a complete network is just virtualized, solutions such as VXLAN provide us this concept where you can had a complete virtual layer 2 network overlay Physical layer network.

Story continue, Devices now had API (such as Cisco NX-API / Cisco onePK / eAPI)

Read More in my article here:

What is NSM (Security Onion) & SIEM (ELK)?

Network Security Monitoring NSM

is the collection, detection and analysis of network security data.

The majority of NSM is dedicated to Detect in an effort to better Respond.

Example for NSM is Security Onion

Security Onion is a Linux distro specialized on network security monitoring and intrusion prevention, simplify the whole network management with a Ubuntu-based distro that you can start using with just few steps.

It comes with many valuable security software to monitor your network in real time or perform analysis on pcap files and/or system logs.

Here are tools you will find on Security Onion:

  • Reassembler
  • tcpdump
  • hunt
  • Squert
  • Xplico
  • tshark
  • Bro
  • dsniff
  • ELSA
  • tcpxtract
  • ngrep
  • Snort (IDS/IPS)
  • sslsniff
  • Snorby
  • tcpstat
  • Wireshark
  • Suricata
  • mergecap
  • sguil
  • tcpslice
  • ssldump
  • barnyard2
  • driftnet
  • p0f
  • tcpreplay
  • NetworkMiner
  • u2boat
  • netsniff-ng
  • Sniffit
  • scapy
  • Argus
  • u2spewfoo
  • driftnet
  • tcpick
  • chaosreader
  • Daemonlogger
  • netsed
  • labrea
  • hping

Snort is a Network Intrusion Detection System (NIDS). It sniffs network traffic and generates IDS alerts.

Suricata is a free and open source, mature, fast and robust network threat detection engine. Suricata inspects the network traffic using a powerful and extensive rules and signature language, and has powerful Lua scripting support for detection of complex threats.

Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well.

Bro monitors your network traffic and creates logs

netsniff-ng is a free Linux networking toolkit, a Swiss army knife for your daily Linux network plumbing if you will. Its gain of performance is reached by zero-copy mechanisms, so that on packet reception and transmission the kernel does not need to copy packets from kernel space to user space and vice versa.

OSSEC watches it all, actively monitoring all aspects of system activity with file integrity monitoring, log monitoring, rootcheck, and process monitoring.

System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log. It provides detailed information about process creations, network connections, and changes to file creation time.

Autoruns This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and when you start various built-in Windows applications like Internet Explorer, Explorer and media players.

syslog-ng allows you to flexibly collect, parse, classify, and correlate logs from across your infrastructure and store or route them to log analysis tools.

The tools in the bottom row are dedicated to the collection and production of raw NSM data.

The tools in the middle row are associated with the optimization and maintenance of the data. For example, Bro, OSSEC & syslog-ng all produce flat files with one log entry per line. The ELSA system takes this raw data and organizes it into a relational MySQL database, using high-performance Sphinx indexing.

The tools that are listed in the top row are responsible for the presentation of the data to the analyst.

also Latest version of Security Onion is shipped with ELK software as well.

But what is ELK > to answer this question we need to answer another question first , What is SIEM?

Security event and incident management (SEIM)

SIEM systems are data correlation tools that capture data from multiple sources and provide data analysis and reports to management on system, application and network activity and possible security events.

These tools can be used to detect compliance violations, identify known attacks and provide reporting.As shown in exhibit a SEIM system gathers data from multiple sources and correlates and analyzes that datato develop reports for management on the wider picture of security across the systems of the organization

Most modern SIEMs also integrate with other information systems to gather additional contextual information to feed the correlation engine.

Cisco ISE and Cisco Stealthwatch are examples of an identity management system and flow collector that are able to integrate with most of the SIEM systems.

Examples of SIEM software: Splunk , IBM QRadar , Log Rhythm , HP ArcSight and ELK , ELK is open source SIEM

ELK” is the acronym for three open source projects: Elasticsearch, Logstash, and Kibana.

The ELK stack consists of the open source products Elasticsearch, Logstash and Kibana.

Logstash is a receiver for log data from virtually any source.

It can filter, process, correlate and generally enhance any log data that it encounters.

(is a server‑side data processing pipeline that ingests data from multiple sources simultaneously, transforms it, and then sends it to a “stash” like Elasticsearch)

Elasticsearch is the storage engine and is one of the best solutions in its field currently available. (it is an open source, distributed, RESTful, JSON-based search and analytics engine)

Kibana is the visualization portion of the equation, and it is hands down one of the best visualization system the open source community has yet produced. (lets users visualize data with charts and graphs in Elasticsearch.)

Logstash, a part of the ELK stack, uses input plugins to collect logs; however, it also can accept input from more purpose-built solutions such as OSSEC or Snort.

The Elastic Stack is the next evolution of ELK.

To Make ELK collect data from different servers and services we need some agents to be installed on these servers, we call it Beats.

Beats are lightweight data shippers that you install as agents on your servers to send specific types of operational data to Elasticsearch.

The servers that are running Logstash agents are called shippers.

PMPv6 Changes Summary

If you preparing for PMPv6 exam, here is a list of notes you should take care of:

1-Read “AGILE PRACTICE GUIDE” book ISBN: 978-1-62825-199-9 since PMP now is completely running with Agile spirit.

2-Time Management Knowledge Area name changed to Schedule Management

3-Human Resources Management Knowledge Area name changed to Resources Management

4-Estimate Activity Resources moved from Time Management to Resources Management

5- Three new process added :

  • Manage Project knowledge (executing) process added to Integration Management
  • Implement Risk Responses (executing) process added to Risk Management
  • Control Resources (monitoring & controlling) process added to Resources Management

6-Nine process renamed

7-Process Close Procurement REMOVED and details of it added to Close Project or Phase process

8-New chapter for the role of project manager has been added (chapter 3)

9- recategorize many tools and techniques

CISSP 15-April 2018 Changes Summary

To understand these changes lets first go two versions back CISSP 2012 made from 10 Domains:

  1. Information Security Governance and Risk Management
  2. Access Control
  3. Security Architecture and Design
  4. Physical and Environmental Security
  5. Telecommunications and Network Security
  6. Cryptography
  7. Business Continuity and Disaster Recovery
  8. Legal, Regulations, Compliance, and Investigations
  9. Software Development Security
  10. Security Operations

In 2015 new changes happened to CISSP and the 10 domains became 8 domains:

  1. Security and Risk Management
  2. Asset Security
  3. Security Engineering
  4. Communication and Network Security
  5. Identity and Access Management
  6. Security Assessment and Testing [the official book is 1304 pages, this domain is 49 pages ONLY!!]
  7. Security Operations
  8. Software Development Security

Summary for what happened in 2015:

  • No topics were REMOVED from the exam.
  • New topics were added to the exam.7% such as:
  1. Talking about SCADA & Dnp3 protocol, IoT
  2. More about Converged protocols (e.g., FCoE, MPLS, VoIP, iSCSI)
  3. New Investigation types, Asset types
  4. DevOps , Agile and Scrum overview
  5. Attribute-based access control ABAC
  • The Book was condensed from 10 domains to 8 domains but the content was not removed. It was simply restructured

In April 2018 few changes happened again, But we still have 8 domains:

  1. Security and Risk Management
  2. Asset Security
  3. Security Architecture and Engineering
  4. Communication and Network Security
  5. Identity and Access Management (IAM)
  6. Security Assessment and Testing
  7. Security Operations
  8. Software Development Security

Summary for what happened in 2018:

  • “Security Engineering” Domain name changed to “Security Architecture and Engineering”
  • No topics were REMOVED from the exam.
  • Only 1% New topics were added to the exam and Official Book.
  • Content restructured again.
  • Domains weight changed in the exam

Domain Average Weight in CAT exam

Security and Risk Management 15%

Asset Security 10%

Security Architecture and Engineering 13%

Communication and Network Security 14%

Identity and Access Management (IAM) 13%

Security Assessment and Testing 12%

Security Operations 13%

Software Development Security 10%

So Nothing really changed from 2015 version to 2018 version, just remember that exam now in CAT format since December 2017