Victor Anene

Let’s talk about ARP Spoofing and how it works. WHAT IS ARP SPOOFING ? ARP Spoofing is a Layer 2 attack that allows an attacker to place themselves between a device and the network gateway without the victim noticing. Think of it like this: You walk into an office and tell the receptionist you want to see the manager. But before the receptionist can respond, someone nearby quickly says “I’m the manager. You can give the message to me.” If you believe them, your message goes to the wrong person. That’s essentially how ARP Spoofing works. When your computer wants to communicate with the router, it first asks: “Who has the address 192.168.1.1?” The router responds with its MAC address. But an attacker on the same network can send a fake reply saying: “192.168.1.1 is my MAC address.” Now the victim’s computer accepts the response, and traffic that should go directly to the router is sent to the attacker instead. The attacker can then: • Read the traffic • Modify the traffic • Capture sensitive information, and even • Forward the traffic to the router so everything appears normal No malware. No password cracking. No sophisticated exploit. Just a device trusting the wrong response

A lot of cybersecurity beginners ignore GRC because they think it’s less technical. But that’s a mistake, because without GRC: • Security has no direction • Risks are not identified • Policies don’t exist • Audits will fail • Regulations get violated • Even good security tools become useless GRC is what turns cybersecurity from random controls into a structured system. I mean if security is the engine, then GRC is the steering wheel and dashboard. If you ignore it, you’ll just be driving blind.

Nigeria’s data protection landscape has gotten a lot more serious, and I’m here for it. Reading through the GAID, I couldn’t help but notice how compliance is maturing. It’s like the NDPR got us started. The NDPA gave data protection a stronger legal foundation. Now, the GAID is telling us what implementations should actually look like. The message from the NDPC is clear: “Show me your evidence.” Not just your policies. Not your awareness training slides. Not your compliance certificate. Show me that your controls work. Show me that accountability exists. Show me that privacy is embedded in your day-to-day operations. We’re no longer being asked, “Do you have a compliance program?” We’re being asked, “Can you prove you live by it?” To me, that’s what compliance maturity looks like. It’s no longer about what we claim. It’s about what we can consistently demonstrate. And that’s a significant step forward for data protection in Nigeria.

I’ve noticed that we don’t talk enough about physical security. We spend hours talking about firewalls, encryption, phishing attacks, and all the latest cyber threats. Which is fine, of course we should. But sometimes I wonder if we’ve become so focused on digital security that we forget how much of it still depends on the physical world. You can have the best security tools money can buy, but what happens when someone gains access to a restricted area they shouldn’t be in? Or plugs a device into your network? Or walks away with a laptop containing sensitive information? A single breach in physical security can bypass controls that took us years to build. I think we need to start taking physical security as seriously as we take digital security. It deserves the same level of attention and respect we give digital security. Because before someone compromises a system, sometimes they just need to get close enough to touch it.

A good morning to cybersecurity beginners. Here’s your reminder that you don’t need thousands of dollars to get started. A curious mind, an internet connection, and the willingness to learn can take you far. Just start where you are. Learn what you can, and improve as you go. The goal is not to know everything. The goal is to know a little more today than you did yesterday. Wishing y’all a productive week ahead

Writing security policies taught me that cybersecurity is less about technology and more about people. You can have the best controls, tools, and frameworks. But If people don’t understand the policies, they won’t follow it. If leadership doesn’t support it, it won’t be enforced. If it’s not practical, it will be ignored. A good security policy is not the one that sounds the smartest. It’s the one people can understand and actually follow.

Common Network Protocols Every Cybersecurity Professional Should Know 🔹 HTTP (Hypertext Transfer Protocol) Used for transmitting web traffic between browsers and web servers. 🔹 FTP (File Transfer Protocol) – Used for transferring files between systems over a network.
 🔹 ICMP (Internet Control Message Protocol) – Used for network diagnostics and error reporting. The ping command relies on ICMP. 🔹 SNMP (Simple Network Management Protocol) – Helps administrators monitor and manage network devices such as routers, switches, and servers.
 🔹 ARP (Address Resolution Protocol) – Maps IP addresses to MAC addresses on a local network.
 🔹 RDP (Remote Desktop Protocol) – Allows users to remotely access and control another computer over a network. Knowing what these protocols do, and how they communicate, provides valuable insight into how networks operate and how attackers may attempt to exploit them.

Firewalls are one of the first lines of defense in network security. Their job is simple: inspect traffic and decide what gets in and what stays out based on predefined rules. One key concept is Default Deny. If traffic is not explicitly allowed, then it should blocked. Another important distinction you should be aware of is Stateful vs Stateless Firewalls. • Stateful firewalls track active connections and understand context, making them more secure. • Stateless firewalls inspect each packet independently based on packet headers, making them faster but less intelligent because they don’t have the awareness of connection states. Understanding these fundamentals is essential for anyone learning cybersecurity🔥🛡️ Security is not just about blocking threats, its also about controlling trust.

In my early days in cybersecurity, subnetting was one concept I struggled to understand. CIDR notations like /24, /26, and /30 were really confusing to me until I learned the simple trick. The number after the slash tells you how many bits belong to the network and how many are available for hosts. So an IPv4 address has 32 bits in total. Take this address for example: 10.10.20.0/24 The “/24” means 24 bits are reserved for the network. Now to find the host portion, you simply subtract the CIDR value from 32bits. 32 - 24 = 8 host bits Now we can calculate the number of addresses in the subnet: So we have 2⁸ = 256 But not all 256 addresses can be assigned to devices. So we subtract 2:
• One for the network address
• One for the broadcast address 256 - 2 = 254 usable addresses So basically this tells us that a /24 subnet supports 254 hosts. Subnetting is actually a simple process of breaking a large network into smaller networks to improve performance, security, and reduce broadcast traffic. For example, a company may have a large address space like 10.10.0.0/8 Instead of placing everyone on one huge network, they can split it into smaller subnets: • HR → 10.10.10.0/24 • Finance → 10.10.20.0/24 • IT → 10.10.30.0/24 • Guest WiFi → 10.10.40.0/24 Once I understood that CIDR tells me how many bits belong to the network, subnetting became way much easier to understand, and I stopped looking lost during networking conversations. Sometimes the difference between confusion and understanding is just finding the explanation that speaks your language.

🚀 FREE CYBERSECURITY LEARNING RESOURCES THAT ARE ACTUALLY WORTH YOUR TIME You don’t need to spend so much money to start building cybersecurity skills. These training programs will help strengthen your knowledge, improve your CV, and help you stand out in the job market: 1. ISC2 Certified in Cybersecurity (CC) A globally recognized entry-level certification from the organization behind CISSP. Includes free training and a free exam voucher. https://t.co/e4VHCMzBQR 2. Cisco Introduction to Cybersecurity A beginner-friendly course covering cyber threats, attack techniques, and defensive strategies. https://t.co/bDbMQh7Lho 3. Securiti AI Governance Certification A concise program covering AI governance, compliance requirements, risk management, and emerging regulations. https://t.co/G16jSnuHOr 4. Google AI Professional Certificate Learn AI fundamentals, prompt engineering, and practical applications of modern AI tools. https://t.co/KA9fruLIHm 5. TryHackMe SOC Level 1 Path One of the most practical learning paths for aspiring SOC analysts, with hands-on labs and real-world scenarios. https://t.co/auI8e6AUl5 6. Mastermind ISO 27001 Lead Implementer Training A great option for professionals interested in Governance, Risk, Compliance (GRC), Information Security Management Systems (ISMS), and ISO 27001 auditing. Particularly valuable if you are pursuing careers in compliance, risk management, and security governance. https://t.co/eJYcYvRY6W 7. Cisco Networking Basics: A beginner-friendly networking course from Cisco that covers IP addressing, routing, switching, network security, and troubleshooting fundamentals. Includes a certificate of completion and provides a strong foundation for careers in networking, cybersecurity, and IT support. https://t.co/aNXCeXKZRK Remember: Certifications alone will not get you a cybersecurity job. So it’s important you pair them with hands-on labs, home projects, cloud skills, and consistent learning.

COMMON PORTS EVERY CYBERSECURITY BEGINNER SHOULD KNOW 🔐 Ports are logical communication endpoints used in networking to identify specific services or applications on a device. They help direct network traffic to the right service running on a system. For example, when you open a website, your device uses port 443 (HTTPS) to reach the web server securely. If an IP address is a building address, then ports are specific rooms inside that building. Here are some common ports you’ll see regularly and the services they provide: 🔹 20/21 – FTP (File Transfer) 🔹 22 – SSH (Secure Remote Access) 🔹 25 – SMTP (Sending Email) 🔹 53 – DNS (Name Resolution) 🔹 80 – HTTP (Web Traffic) 🔹 110 – POP3 (Email Retrieval) 🔹 143 – IMAP (Email Access) 🔹 443 – HTTPS (Secure Web Traffic) 🔹 445 – SMB (File Sharing) 🔹 3389 – RDP (Remote Desktop) If you’re new to cybersecurity, these are the ports worth knowing first. You don’t need to memorize hundreds of ports. Start with the common ones and understand what they do. That’s how you build a strong foundation. 🚀

This is so true, and I see it many times. Many startups focus so much on growth, users, and revenue, while security gets pushed down the priority list and treated as something to address later. But unfortunately, attackers don’t wait for startups to mature before targeting them. Start ups need to start adopting the culture of security by design

If I’m being honest, money got me in. I saw cybersecurity as a career with strong demand, good pay, and plenty of opportunities. But after getting into it, I stayed because I genuinely enjoyed the challenge. There’s always something new to learn, and the field never stays still. What started as a career move became something I actually enjoy doing.

OSI Model vs TCP/IP Model You must’ve probably heard these terms during networking discussions. But what do they actually mean, and how are they different? The OSI and TCP/IP models are both network reference models, meaning they are frameworks used to explain how data moves across a network from one device to another. LETS BREAK THEM DOWN 🧠 OSI Model The OSI model is a conceptual framework designed to help you understand networking in a structured way. It breaks communication into 7 layers: Physical → Data Link → Network → Transport → Session → Presentation → Application It’s like a step-by-step guide to how networking should work in an ideal world. 🌐 TCP/IP Model Was designed as a practical protocol suite to run the internet. It is what actually powers the internet today. It simplifies everything into 4 practical layers: Link → Internet → Transport → Application This is the model behind real-world communications like web browsing, emails, streaming, and everything. 🔥 The Key Difference OSI model explains networking in a structured way While The TCP/IP model is the actual architecture the internet is built on So you need to master OSI model for clarity, and understand TCP/IP for real world applications.

🚨 FREE AI Security Governance Certificate If you’re in cybersecurity, compliance, risk, or tech in general, this is worth checking out. You’ll learn: • AI governance frameworks • Ethical AI principles • AI risk & compliance essentials • Best practices for responsible AI deployment This is not just another certificate to stack on your CV. AI is already reshaping cybersecurity, governance, and compliance. And understanding how to secure and govern AI systems is quickly becoming a valuable skill for the future. This can help you position yourself for where cybersecurity is headed https://t.co/G16jSnuHOr

Frequently Asked Questions I Get from Cybersecurity Beginners 1. “Do I need to be a hacker to work in cybersecurity?” No. Cybersecurity is much bigger than hacking. Many roles focus on risk, compliance, auditing, monitoring, and governance. 2. “What should I learn first as a beginner?” Start with the basics: networking, security fundamentals, and how systems work. Then move into areas like GRC, SOC, or cloud security depending on your interest. 3. “Can I get into cybersecurity without a tech background?” Yes. Many people transition from business, law, administration, and other fields. What matters is learning the fundamentals and staying consistent. 4. “Are certifications necessary?” They are helpful, especially for structure and credibility, but they don’t replace real understanding or practical knowledge. 5. “How long does it take to get a job in cybersecurity?” It depends on your pace, strategy, and consistency. For some, a few months of focused learning is enough to start entry-level roles or internships.