Simone's CyberSecurity

Countdown to Zero Day by Kim Zetter: It’s a book you don’t read but you push through.

Reading it felt like moving through a dense forest because the terrain kept changing. One moment you are deep into C and C++ internals, Windows exploitation, PLC logic, Siemens Statement List language (STL), industrial process manipulation. The next moment, you are pulled into U.S. intelligence bureaucracy, geopolitics, presidential decision-making, and the ethical gray zones of cyber warfare.

Very few books attempt this level of multidimensional compression.

Kim Zetter integrates multiple subsystems at once: a technical reverse-engineering narrative, a chronological investigative narrative, and a political-historical narrative, all while the subject itself refuses to stay still.

Just when Stuxnet seems understood and reverse engineered, a new variant appears. Just when the story could have ended, a Hungarian certificate authority compromise starts the story again exposing a much larger global espionage operation by new variants of stuxnet like malware and forces researchers back to the beginning again with another malware code to reverse engineer.

You are holding multiple mental models at once and constantly switching contexts, exactly the way real-world incident response and reverse engineering works.

Books like this do not fully land when you close the last page. They will echo for a while.

1 month ago | [YT] | 0

Simone's CyberSecurity

simonescybersecurity.com/2025/12/17/mapping-coloni…

1 month ago | [YT] | 0

Simone's CyberSecurity

Just finished reading Sandworm by Andy Greenberg, and it’s a powerful read.

I’d strongly recommend this book to two audiences:
– The cybersecurity community
– Anyone interested in understanding how cyber attacks are impacting the real world

For many of us in Asia, cyber threats still don’t feel very real. A lot of our critical infrastructure continues to rely on manual operations and analog controls. But as digitization and automation rapidly increase, especially in countries like India, cyber risks to power grids, utilities, and other critical infrastructure will inevitably become real and visible.

The book takes you in many directions. It moves from the Ukraine–Russia conflict and their shared history, to Russian military intelligence units and their cyber operations, to incidents like NotPetya and the 2018 Winter Olympics in South Korea. It also touches on Chernobyl, historical events like the Battle of Solferino that led to the Red Cross and the Geneva Conventions, and how ideas of rules, restraint, and responsibility are now being questioned again in cyberspace.

It connects cyber incidents to geopolitics, U.S. cyber policy across different administrations, global sanctions, defectors from intelligence agencies, and the long-term question of resilience: what happens when systems fail and how societies recover.

Overall, it significantly broadens your perspective on cybersecurity beyond tools, vendors, and technologies, and places it firmly in history, politics, and real-world impact. In

1 month ago | [YT] | 0

Simone's CyberSecurity

Cybersecurity Quote of the Day

“This is an incredibly new era. We haven’t made the shift to thinking about this nodal, light-speed network [the intersection of the physical and digital world] that doesn’t play by the physics that the real world plays by, and yet is intimately connected with the real world, and more connected every day. Our understanding is still growing. What’s important is that we take these lessons and apply them going forward, because cyber attacks (like NotPetya, the largest cyber attack to date) are one of those issues that will come back up. It will happen again.”

— J. Michael Daniel, former White House cybersecurity official (Obama administration),

1 month ago (edited) | [YT] | 0

Simone's CyberSecurity

Reading this chapter from Sandworm brought back a wave of 2017 memories.
I still remember creating an internal DNS record for that strange WannaCry kill-switch domain as part of our emergency mitigation steps after the EternalBlue outbreak.
Feels surreal revisiting the moment now, years later, from the other side of experience.

“Sandworm” by Andy Greenberg a good read for cybersecurity enthusiasts

Skip the Carousel

1 2

1 month ago | [YT] | 1

Simone's CyberSecurity

AI is, by a wide margin, the most vulnerable technology ever to be deployed in production systems. It’s vulnerable at a code level, during training and development, post-deployment, over networks, via generative outputs, and more. — Tito, CEO HiddenLayer


When I created this course, my goal was to make topics like LLM architecture, MITRE ATLAS, and AI security practices easier to understand and more practical.


It’s been encouraging to see people go through the course and share their takeaways.


If you’d like to explore this space too, you can check out the course here:
www.udemy.com/course/genai-cybersecurity-owasp-top…

2 months ago | [YT] | 0