Your Business...it's what's for lunch!
Take the time to review the very helpful training presentation below.
I specifically loved Slide #17, "...things people do that derail their Incident Response..."
Incident response planning, like Elvis said, "...a little less conversation, a bit more action...".
Some actually great assistance from DHS and US-Cert
US-Cert Presentation
Copyright © 2020 by"the Secret CISO"
All Rights Reserved.
Free book: Mitre's "Ten Strategies of a World-Class Cybersecurity Operations Center"
Not normally one to "re-tweet" something but this is too good not to (special thanks to CSO magazine).
Want
a 346-page deep dive into how to build a security operations center
(SOC)--or find out how to get hired by one?
Mitre's "Ten Strategies of a
World-Class Cybersecurity Operations Center" is a must-read free
resource by people who know what they are talking about.
Key
strategies the book emphasizes include "do a few things well," "favor
staff quality over quantity," and "exercise discrimination in the data
you gather." The author digs deep into the nuts and bolts of how to run a
modern enterprise SOC today.
While experts may quibble over the
details, this free book is an impressive resource with an irresistible
price tag.
10 Strategies of a World Class Security Operations Center - MITRE
Copyright © 2020 by"the Secret CISO"
All Rights Reserved.
Emotion vs. Science - why do many of us have such strong opinions about topics that we really know very little about?
A great question that begs for a well reasoned discussion.
It used to be illegal for the US Government to manipulate and lie to the American people, it is no longer...when did that happen? You might want to investigate...
Jack
Rhysider and the folks at "Darknet Diaries" as they are prone to do,
provide several unfiltered sources of clear information to allow all of
us to understand where these "...opinions..." may be originating and to
draw our own conclusions and if need be, ask more questions.
Give it a listen, think of it as Threat Hunting for your Monday.
It is truly fascinating.
Darknet Diaries - one of the best INFOSEC Podcasts
#threathunting #threatintelligence #cybersecurity
Copyright © 2020 by"the Secret CISO"
All Rights Reserved.
CISO's supplemental
guide to "lifelong learning".
What is the risk mitigation, "...true value..." of an Enterprise Password
Manager for business and personal use?
Glad you asked!
Michael Bazzell has kick-started a great project, a "back to the basic's" set of podcasts within
his always exceptional: Privacy, Security and OSINT podcast series.
For
the seasoned Cyber Security Professional and those breaking into the
field, Michael is unique, a wealth of information who freely and openly
shares all the details.
Give a listen! You'll be glad you did.
Privacy, Security & OSINT Blog
Copyright © 2020 by"the Secret CISO"
All Rights Reserved.
We all have bias's that we unconsciously cherish and nurture, we're just human.
Emotion vs. Science -
why do many of us have such strong opinions about topics that we really
know very little about?
A great question that begs for a well reasoned
answer.
Jack Rhysider and the folks at "Darknet Diaries" as
they are prone to do, provide several unfiltered sources of clear
information to allow all of us to understand where these
"...opinions..." may be originating and to draw our own conclusions and
if need be, ask more questions.
Give it a listen, think of it as Threat Hunting for your Monday.
It is truly fascinating.
Dark Net Diaries
#threathunting #threatintelligence #cybersecurity
Copyright © 2020 by"the Secret CISO"
All Rights Reserved.
When we open Pandor's Box and look inside at these horrific possibilities, we all wrap our arms around and hold tight to our bias's. Some might call it wishful thinking. In any case, it's disastrous. Resist the temptation.
In the event of a catastrophic ransomware attack how will you recover workstations? Do you have the capability to manufacture and deploy CD's or DVD's with critical business software applications and links to business critical applications? Where will you get them?
PRO TIP: The big box stores will not function as your supply chain for this.
Do you have a Mimikatz defense plan? An enterprise password manager could be a massive risk mitigation play for Mimikatz defense planning. It's no silver bullet but it's cost effective and provides real risk mitigation value.
Great Mimikatz Info
Do you have a few trusted technical folks, maintaining an offline Domain Controller on a laptop? Synchronizing at random (never any two on the network at one time), storing in a secured location? This will be an absolute lifesaver - and talk about cost effective.
Do you have a plan to migrate from your current SIEM to a SOAR?
PRO TIP: Integrate this into your Network Access Control [802.1x] planning.
Do you have a DNS Firewall capability that is monitoring the trusted interfaces on all points of egress from your Enterprise Network?
No time like the present!
Copyright © 2020 by"the Secret CISO"
All Rights Reserved.
Our biggest adversary will, unfortunately be ourselves: our preconceived notions, our sacred cows, human weakness, our misunderstood biases.
Robert Greene, wrote a fascinating book, "The Rules of Human Nature".
If you are a serious Cyber Security Practitioner on the way to the "C Suite" you owe it to yourself to read and heed the advise in this seminal work.
Excellent Executive Summary