Hello, everyone! I am starting this channel for my notes and ideas ๐คซ .
I am a security engineer from Ukraine with 11+ years of experience.
During this time, I managed to:
2015-2021- Ensure the security of the Armed Forces of Ukraine (I worked at the AFU Cybersecurity Center๐ซก ).
2021-2026 - Work tirelessly to improve business security (currently working on the BPM/CRM platform).
I have worked as an Engineer, a Security Analyst, a Deputy Head of SOC, and now as Security Team Lead.
Why should you subscribe to this channel?
โ I will post here everything from #ThreatIntel to #Events review and personal thoughts.
โ In addition, there will be (definitely!) posts on security vulnerabilities that may affect you (or your business).
It's up to you to subscribe or not๐ .
Welcome everyone! Thank you for joining the channel!
๐ Share and reposts are most welcome.๐ฃ
@securediary
.
I am a security engineer from Ukraine with 11+ years of experience.
During this time, I managed to:
2015-2021- Ensure the security of the Armed Forces of Ukraine (I worked at the AFU Cybersecurity Center
2021-2026 - Work tirelessly to improve business security (currently working on the BPM/CRM platform).
I have worked as an Engineer, a Security Analyst, a Deputy Head of SOC, and now as Security Team Lead.
Why should you subscribe to this channel?
โ I will post here everything from #ThreatIntel to #Events review and personal thoughts.
โ In addition, there will be (definitely!) posts on security vulnerabilities that may affect you (or your business).
It's up to you to subscribe or not
Welcome everyone! Thank you for joining the channel!
๐ Share and reposts are most welcome.
@securediary
.
Please open Telegram to view this post
VIEW IN TELEGRAM
1๐5๐1
Don't let top search results trick you into downloading malware! Malicious sites are designed to look legit.
What it is:
Attackers use popular keywords (
"free software", "templates") to push fake, dangerous sites high up in search rankings. Clicking them can be risky!Red Flags
Watch for these before clicking or downloading:
โข Spammy Site: Flashing warnings, fake alerts.
โข Aggressive Pop-ups: Close tab/browser fast (Alt+F4 / Ctrl+Shift+Esc).
โข Malicious Redirects: Sent elsewhere unexpectedly? Leave!
โข Search Engine Warnings: Pay attention to browser/search flags (e.g.
"This site may be hacked").Stay Safe
1. Cautious Downloads: Especially from new sites.
2. Check URL/Site: Does it look trustworthy?
3. Trust Your Gut: Feel suspicious? Don't click or download.
4. Stay vigilant! Cyber threats are always evolving.
Was this helpful? React or comment below! ๐
Share this message with friends & family to keep them safe too!
#CyberSecurity #SEOPoisoning
@securediary
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
1๐9๐1
Hey, everyone! Quick security reality check:
Have you ever checked if your email address has been part of a data breach? You might be shocked by the results people often find on sites like HaveIBeenPwned.com.
Scary thought?๐
It's more common than you'd imagine. But the good news is there are two simple steps you can take right now to level up your security:
1. Use Unique Passwords (with a Password Manager)
โข Why? Reusing passwords means attackers could access your other accounts if one account is breached.
โข ๐๐จ๐ฐ? A reliable password manager (e.g., LastPass, 1Password) can generate and store super-strong passwords, so you never reuse one again!
2. ๐๐ง๐๐๐ฅ๐ ๐๐ฎ๐ฅ๐ญ๐ข-๐ ๐๐๐ญ๐จ๐ซ ๐๐ฎ๐ญ๐ก๐๐ง๐ญ๐ข๐๐๐ญ๐ข๐จ๐ง (๐๐ ๐/๐๐ ๐)
โข ๐๐ก๐ฒ? Even a strong password can be exposed in a breach. MFA adds an extra hurdle for attackers.
โข ๐๐จ๐ฐ? Turn on MFA wherever possible. Use SMS or an authenticator app (Google Authenticator, Authy, Duo, etc.). Many are free and keep you secure even if your password leaks.
โถ๏ธ ๐๐๐ค๐ ๐๐๐ญ๐ข๐จ๐ง: Check your email with HaveIBeenPwned.com and lock down any exposed accounts. It's better to be safe than sorry!
๐๐ฎ๐๐ฌ๐ญ๐ข๐จ๐ง: What is your biggest hurdle to adopting password managers or MFA?
React or comment below! ๐
#CyberSecurity #Security #DataSecurity #Privacy
@securediary
Have you ever checked if your email address has been part of a data breach? You might be shocked by the results people often find on sites like HaveIBeenPwned.com.
Scary thought?
It's more common than you'd imagine. But the good news is there are two simple steps you can take right now to level up your security:
1. Use Unique Passwords (with a Password Manager)
โข Why? Reusing passwords means attackers could access your other accounts if one account is breached.
โข ๐๐จ๐ฐ? A reliable password manager (e.g., LastPass, 1Password) can generate and store super-strong passwords, so you never reuse one again!
2. ๐๐ง๐๐๐ฅ๐ ๐๐ฎ๐ฅ๐ญ๐ข-๐ ๐๐๐ญ๐จ๐ซ ๐๐ฎ๐ญ๐ก๐๐ง๐ญ๐ข๐๐๐ญ๐ข๐จ๐ง (๐๐ ๐/๐๐ ๐)
โข ๐๐ก๐ฒ? Even a strong password can be exposed in a breach. MFA adds an extra hurdle for attackers.
โข ๐๐จ๐ฐ? Turn on MFA wherever possible. Use SMS or an authenticator app (Google Authenticator, Authy, Duo, etc.). Many are free and keep you secure even if your password leaks.
๐๐ฎ๐๐ฌ๐ญ๐ข๐จ๐ง: What is your biggest hurdle to adopting password managers or MFA?
React or comment below! ๐
#CyberSecurity #Security #DataSecurity #Privacy
@securediary
Please open Telegram to view this post
VIEW IN TELEGRAM
1๐6๐1
Just wrapped up experimenting with image-generating AIโฆ
This is what a โCloud & SaaS Security Proโ action figure might look like ๐๐งโ๐ป
Honestly? This is the cleanest version I could get with the tools I used ๐
๐ What AI tools are you using to create visuals like these? Would love to explore whatโs working for others.
Drop your favorite image or design tools below! ๐
#AI #AIGenerated #PromptEngineering
@securediary
This is what a โCloud & SaaS Security Proโ action figure might look like ๐๐งโ๐ป
Honestly? This is the cleanest version I could get with the tools I used ๐
๐ What AI tools are you using to create visuals like these? Would love to explore whatโs working for others.
Drop your favorite image or design tools below! ๐
#AI #AIGenerated #PromptEngineering
@securediary
๐4๐1
Balancing WAF security with user experience is a constant tradeoff.
Too strict? False positives block real users.
Too loose? Vulnerabilities slip through.
๐ Pro Tip for WAF Tuning:
1. Start in alert mode โ observe traffic before enforcing.
2. Review logs, tune detection rules, and whitelist safe APIs.
3. Iterate weekly: adjust โค test โค repeat.
WAF should protect quietly โ users stay happy๐ , attackers stay out.
How do you fine-tune your WAF without affecting conversions?
Letโs share best practices๐
#CyberSecurity #WAF #AppSec
@securediary
Too strict? False positives block real users.
Too loose? Vulnerabilities slip through.
1. Start in alert mode โ observe traffic before enforcing.
2. Review logs, tune detection rules, and whitelist safe APIs.
3. Iterate weekly: adjust โค test โค repeat.
WAF should protect quietly โ users stay happy
How do you fine-tune your WAF without affecting conversions?
Letโs share best practices๐
#CyberSecurity #WAF #AppSec
@securediary
Please open Telegram to view this post
VIEW IN TELEGRAM
๐2โค1๐1
Third-party cookies are dying. But one thing hasn't changed:
1. Great UX needs personalization
2. Strong privacy limits tracking
3. Businesses still need insights to grow
From a cybersecurity lens, here's what I've learned:
๐ง๐ฟ๐ฎ๐ป๐๐ฝ๐ฎ๐ฟ๐ฒ๐ป๐ฐ๐ + ๐๐ฎ๐น๐๐ฒ ๐ฒ๐ ๐ฐ๐ต๐ฎ๐ป๐ด๐ฒ wins.
When people *๐ ๐ฃ๐ค๐ฌ* what data you're collecting โ and actually *๐๐๐ฉ ๐จ๐ค๐ข๐๐ฉ๐๐๐ฃ๐ ๐ช๐จ๐๐๐ช๐ก* in return โ they're way more likely to say "yes."
Tools like #Cookiebot and #DataGuard make this simpler.
Your turn: How are you tackling this? Got a go-to approach (or challenge) worth sharing? ๐
#GDPR #DataPrivacy #Privacy
@securediary
Please open Telegram to view this post
VIEW IN TELEGRAM
๐7๐1
This is your chance to dive deep into Ukraine's battle-tested defense strategies โ from a country repelling over ๐ฐ,๐ฏ๐ญ๐ฑ ๐ฐ๐๐ฏ๐ฒ๐ฟ๐ฎ๐๐๐ฎ๐ฐ๐ธ๐ ๐๐ฒ๐ฎ๐ฟ๐น๐. If you're serious about security innovation, you can't afford to miss this.
Big thanks to Mary Hanzhelo for making my attendance possible!
๐ Featuring top industry experts: โซ๏ธArtem Skrypnyk โซ๏ธMaksim Yashchyenkoโซ๏ธDr. Oleh Polihenko โซ๏ธVladimir Pokatilovโซ๏ธOleh Matata
Who else is attending? Drop a comment or DM me.
Let's connect, exchange insights, and strengthen our collective defense!
๐ซ Final spots available โ https://infosec.parkovy.tech/
#CyberSecurity #CyberResilience #Cyberwarfare
@securediary
Please open Telegram to view this post
VIEW IN TELEGRAM
๐6
InfoSec Ukraine 2025 wasn't just another conference for me โ it was a reality check. As someone who spends my days defending networks, seeing experts break down the latest threats felt like looking into the future.
๐๐๐ง๐ ๐๐ง๐ 5 ๐๐๐ฎ ๐๐ฃ๐จ๐๐๐๐ฉ๐จ ๐ฉ๐๐๐ฉ ๐ฉ๐ง๐ช๐ก๐ฎ ๐จ๐ฉ๐ง๐ช๐๐ ๐ข๐.
1. ๐ผ๐ ๐๐๐๐ช๐ง๐๐ฉ๐ฎ (Bruce Schneier): The AI revolution is here, and with it comes massive risks.
* Key areas: Protecting AI systems, ensuring output integrity, and upcoming AI regulation.
*๐ค My take: I'm particularly fascinated by how we'll balance innovation and strict regulatory compliance. That's the real challenge ahead!
2. ๐ผ๐๐ ๐๐ง๐ค๐ช๐ฅ๐จ (Serhii Khariuk): APTs now operate like professional software companies! Complete with developers, QAs, PMs, and even "sales" teams.
*๐คฏ My take: Understanding their organizational structure is crucial for anticipating their strategies. We're not just dealing with lone hackers anymore.
3. ๐๐๐ ๐๐ฃ๐ค๐ฌ๐ก๐๐๐๐ ๐๐๐ฅ (Nazar Tymoshyk Eduard Chornyi Serhii Khariuk Ilya Aksyonenko): Both offensive and defensive teams struggle to keep pace with the rapid evolution of threats and defenses.
*โก๏ธ My take: Whoever invests in team training today wins tomorrow.
4. ๐๐๐ ๐๐ช๐๐ฃ๐ฉ๐ช๐ข ๐๐๐๐ฅ (Jaya Baloo): Her session on quantum computing's impact on cryptography was a wake-up call. Preparing for a post-quantum era should have started yesterday.
*โฑ My take: What we consider "secure" today will be broken tomorrow. And not in 10 years โ much sooner.
5. ๐๐ ๐ง๐๐๐ฃ๐๐๐ฃ ๐พ๐ค๐ข๐ฅ๐๐ฃ๐๐๐จ' ๐พ๐ฎ๐๐๐ง๐ฌ๐๐ง๐๐๐ง๐ ๐๐ญ๐ฅ๐๐ง๐๐๐ฃ๐๐ (Panel): Real-world attack scenarios on major entities like Kyivstar and Ukrzaliznytsia were sobering. Investment in security directly impacts customer trust.
*๐ก My take: This is the clearest illustration that security isn't an expense, but a vital investment in reputation.
๐ฅ ๐๐ฎ ๐๐๐๐ฃ ๐พ๐ค๐ฃ๐๐ก๐ช๐จ๐๐ค๐ฃ: Cybersecurity is a marathon, not a sprint. We need to be in it for the long haul.
๐ค Which of these trends concerns you most? Is your organization already preparing for the post-quantum era?
Save this post for 2025.โคต๏ธ
๐ฃ Share if you found this helpful.
#CyberSecurity #AISecurity #APT
@securediary
๐๐๐ง๐ ๐๐ง๐ 5 ๐๐๐ฎ ๐๐ฃ๐จ๐๐๐๐ฉ๐จ ๐ฉ๐๐๐ฉ ๐ฉ๐ง๐ช๐ก๐ฎ ๐จ๐ฉ๐ง๐ช๐๐ ๐ข๐.
1. ๐ผ๐ ๐๐๐๐ช๐ง๐๐ฉ๐ฎ (Bruce Schneier): The AI revolution is here, and with it comes massive risks.
* Key areas: Protecting AI systems, ensuring output integrity, and upcoming AI regulation.
*
2. ๐ผ๐๐ ๐๐ง๐ค๐ช๐ฅ๐จ (Serhii Khariuk): APTs now operate like professional software companies! Complete with developers, QAs, PMs, and even "sales" teams.
*
3. ๐๐๐ ๐๐ฃ๐ค๐ฌ๐ก๐๐๐๐ ๐๐๐ฅ (Nazar Tymoshyk Eduard Chornyi Serhii Khariuk Ilya Aksyonenko): Both offensive and defensive teams struggle to keep pace with the rapid evolution of threats and defenses.
*
4. ๐๐๐ ๐๐ช๐๐ฃ๐ฉ๐ช๐ข ๐๐๐๐ฅ (Jaya Baloo): Her session on quantum computing's impact on cryptography was a wake-up call. Preparing for a post-quantum era should have started yesterday.
*
5. ๐๐ ๐ง๐๐๐ฃ๐๐๐ฃ ๐พ๐ค๐ข๐ฅ๐๐ฃ๐๐๐จ' ๐พ๐ฎ๐๐๐ง๐ฌ๐๐ง๐๐๐ง๐ ๐๐ญ๐ฅ๐๐ง๐๐๐ฃ๐๐ (Panel): Real-world attack scenarios on major entities like Kyivstar and Ukrzaliznytsia were sobering. Investment in security directly impacts customer trust.
*
Save this post for 2025.
#CyberSecurity #AISecurity #APT
@securediary
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
๐16๐คฏ1