Jonathan T. Cohen jcohen66

## cissp_what_ids_checks.txt
What IDS Checks In Each Packet

IP Header Fields
	- Validates source/dest IP, TTL, fragmentation fields
    - Drop packets with impossible TTL (eg TTL=0)

Port & Protocol
	- Looks for unusual ports or protocol misuse
    - HTTP on port 8080
    - SSH on port 22

## data_pipeline_standard.txt
Data Pipeline Master Template

Ingest -> Validate -> Clean -> Standardize -> Curate

Methods
	- Batch
    - Stream

Ingest
	- Authentication

## cissp_cwe.txt
Common Weakness and Enumeration

Program related to CVE (Common Vulnerablity and Exposure)
- Assigns standardized identifiers to software vulnerabilities
- Makes it easier for security researchers, vendors, and IT teams to communicate and prioritize fixes

CWE also catetorizes common coding errors that introduce those vulnerabilities in the first place

CVE + CWE form the connective tissue for a global ecosystem of security tooling and coordination
Will effect:

## cissp_openid_saml.txt
OpenID vs SAML Authentication

## SUMMARY
The content discusses the technical differences between SAML and OpenID Connect for Single Sign-On (SSO) implementation.

## IDEAS:
- SAML securely federates identity for authentication and authorization into web applications, ensuring user data security.
- Implementing SAML can be complex for service providers, sometimes leading to additional costs for setup.
- XML schemas are used in SAML to transmit user information, enhancing access control granularity but complicating implementation.
- OpenID offers a simpler implementation process for service providers due to its lightweight and high-performance nature.

## ai_prompt_problem_solving.txt


| Type                          | Framework                                                                | Prompt                                                                                                                                                                |
| ----------------------------- | ------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| SWOT Analysis                 | Analyze strengths, weaknesses, <br>opportunities and threats             | I am trying to evaluate a project but don't know how to assess its strengths, weaknesses, opportunities, and threats.  Can you explain how SWOT analysis can help me? |
| Scenario Planning             | Analyze future possibilities to make strategic decisions                 | I need to prepare for future uncertainties in my business.  Can you explain how Sc

## ai_prompt_engineering_bestpractice_google.txt
Prompt Engineering Best Practice (Google)

| Rule Of Thumb                                  | Description                                                                                                                                                                |
| ---------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Understand the tool.                           | A prompt is how you talk to a language model.  The better the input, the better the output.                                                                                |
| ---------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| You don't need to be a coder.                  | Anyone can write prompts.  But gre

## ai_google_a2a.txt
MmGoogle A2A Protocol

A2A focuses on enabling agents to collaborate in their natural, unstructured modalities (text, video streaming, audio) even when they don't share memory, tools and context.

Operates at a different level than MCP.  MCP is agent -> Tool.  A2A is agent -> agent.

Enable true multi-agent scenarios without limiting an agent to a tool.

Protocol is built with existing standards:
	- JSON-RPC

## mcp-landscape.txt

https://natesnewsletter.substack.com/p/how-i-think-about-mcp-a-practical?r=1z4sm5

Composio:  [https://composio.dev/](https://composio.dev/)

Giving AI the power to do things in the world.

The combination of MCP + A2A is very powerful.
- MCP has the ability to understand and use tools.
- A2A has the ability for agents to work together collaboratively to achieve user goals.

## cissp_dast.txt


Security testing method that examines web apps while they are running.  Simulates real-world attacks to identify vulnerabilities.

Evaluates the security of a web app during runtime.

How it works:
DAST tools interact with the app as a user would, sending various inputs and observing the application's responses to identify potential vulnerabilities.

What it tests for:

## fib.c
#include <stdio.h>

int main(void) {
	int x, y, z;

  	while (1) {
    	x = 0;
      	y = 1;

      	do {
	What IDS Checks In Each Packet

	IP Header Fields
	- Validates source/dest IP, TTL, fragmentation fields
	- Drop packets with impossible TTL (eg TTL=0)

	Port & Protocol
	- Looks for unusual ports or protocol misuse
	- HTTP on port 8080
	- SSH on port 22
	Data Pipeline Master Template

	Ingest -> Validate -> Clean -> Standardize -> Curate

	Methods
	- Batch
	- Stream

	Ingest
	- Authentication
	Common Weakness and Enumeration

	Program related to CVE (Common Vulnerablity and Exposure)
	- Assigns standardized identifiers to software vulnerabilities
	- Makes it easier for security researchers, vendors, and IT teams to communicate and prioritize fixes

	CWE also catetorizes common coding errors that introduce those vulnerabilities in the first place

	CVE + CWE form the connective tissue for a global ecosystem of security tooling and coordination
	Will effect:
	OpenID vs SAML Authentication

	## SUMMARY
	The content discusses the technical differences between SAML and OpenID Connect for Single Sign-On (SSO) implementation.

	## IDEAS:
	- SAML securely federates identity for authentication and authorization into web applications, ensuring user data security.
	- Implementing SAML can be complex for service providers, sometimes leading to additional costs for setup.
	- XML schemas are used in SAML to transmit user information, enhancing access control granularity but complicating implementation.
	- OpenID offers a simpler implementation process for service providers due to its lightweight and high-performance nature.


	\| Type \| Framework \| Prompt \|
	\| ----------------------------- \| ------------------------------------------------------------------------ \| --------------------------------------------------------------------------------------------------------------------------------------------------------------------- \|
	\| SWOT Analysis \| Analyze strengths, weaknesses, <br>opportunities and threats \| I am trying to evaluate a project but don't know how to assess its strengths, weaknesses, opportunities, and threats. Can you explain how SWOT analysis can help me? \|
	\| Scenario Planning \| Analyze future possibilities to make strategic decisions \| I need to prepare for future uncertainties in my business. Can you explain how Sc
	Prompt Engineering Best Practice (Google)

	\| Rule Of Thumb \| Description \|
	\| ---------------------------------------------- \| -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- \|
	\| Understand the tool. \| A prompt is how you talk to a language model. The better the input, the better the output. \|
	\| ---------------------------------------------- \| -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- \|
	\| You don't need to be a coder. \| Anyone can write prompts. But gre
	MmGoogle A2A Protocol

	A2A focuses on enabling agents to collaborate in their natural, unstructured modalities (text, video streaming, audio) even when they don't share memory, tools and context.

	Operates at a different level than MCP. MCP is agent -> Tool. A2A is agent -> agent.

	Enable true multi-agent scenarios without limiting an agent to a tool.

	Protocol is built with existing standards:
	- JSON-RPC

	https://natesnewsletter.substack.com/p/how-i-think-about-mcp-a-practical?r=1z4sm5

	Composio: [https://composio.dev/](https://composio.dev/)

	Giving AI the power to do things in the world.

	The combination of MCP + A2A is very powerful.
	- MCP has the ability to understand and use tools.
	- A2A has the ability for agents to work together collaboratively to achieve user goals.


	Security testing method that examines web apps while they are running. Simulates real-world attacks to identify vulnerabilities.

	Evaluates the security of a web app during runtime.

	How it works:
	DAST tools interact with the app as a user would, sending various inputs and observing the application's responses to identify potential vulnerabilities.

	What it tests for:
	#include <stdio.h>

	int main(void) {
	int x, y, z;

	while (1) {
	x = 0;
	y = 1;

	do {