Frustration is my fuel
Blog series looking at misconceptions surrounding cyber security, providing basic guidance on fundamentals and sometimes offering a different perspective.
What is this about I hear you shout!? Stick with me on this. We can all agree that cyber security is a complex, almost seemingly impossible problem to solve. Cyber security is a relatively new problem, so we should look to other more established sectors and see what lessons we can learn. I had decided …
Continue reading "Cyber Security is easy, right? – Say no to old, cheap microwaves."
Introduction Security Operations (SecOps) is a well established term, however depending where you look it's definition can vary slightly, but overall it's generally consistent. When we talk about Security Operations we are referring to "IT" Security Operations. SecOps is the combination of IT Operations and Security Operations (Cyber) to prevent silos and improve collaboration, reduce …
Continue reading "Cyber Security is easy, right? – What is SecOps?"
We're back with another blog, and this week we're looking at privileged access, explaining its importance, and some considerations for implementation. Why is privileged access so important? We need to look at this in a few ways. As cyber security professionals we need to not only consider the risk from a security standpoint, but also …
Continue reading "Cyber Security is easy, right? – Understanding Privileged Access."
Apart from being a great song by the Smiths, "How soon is now?" is also a question we should be asking ourselves daily. Cyber Security does not not stand still for a second, rarely is anything settled or constant yet we continually plan improvements based on the situation remaining constant, focusing on a point in …
Continue reading "Cyber Security is easy, right? – How Soon is Now?"
When looking to make improvements, or implement a new control, it’s common to want to do it “properly”, as we have the best intentions and want to do a good job. We can see the issues, have identified our opportunities for improvement, and certainly don’t want to do anything half baked. We’ve read up on …
Continue reading "Cyber Security is easy, right? – It’s time to walk upstream."
After the past few years Zero Trust has become known as more of a meme and a sales pitch, rather than an approach to improving our cyber security posture and reducing our attack surface. Zero Trust will not solve all our problems, it is not related to a specific technology, and it is not easy …
Continue reading "Cyber Security is easy, right? – What is “Zero Trust?”"
After years of neglect we're allocating finance to cyber security tools, we try and purchase a new system every year to keep progressing and improving, we try and stretch our budgets to afford the best, but things never seem to really get any better. Before identifying the next new system to procure, we should ask …
Continue reading "Cyber Security is easy, right? – Can we buy our way out of cyber security debt?"
I want to start off by saying I don’t believe compliance is a bad thing. It’s an important part of doing business and a way to provide assurance to customers and partners in the absence of any other method. We also need a way to evidence that we are meeting a law or regulation, and …
Continue reading "Cyber Security is easy, right? – Confusing compliance with security."
Patch Management. Yes it's a thankless and impossible task but that's not a reason to give up. Here in the UK, if you want to meet requirements of the NCSC backed Cyber Essentials Plus scheme you need to be using in-support operating system versions and patch critical and high rated vulnerabilities in applications and software …
Continue reading "Cyber Security is easy, right? – Patch Management"
Technology can only take you so far. So, you've done everything you were told to do. You understand you have blind spots and weaknesses, you want to improve your cyber security posture, and have assigned a realistic budget to finance the improvements. You watch demonstrations of all the latest products available, and you're convinced they …
Continue reading "Cyber Security is easy, right? – Tech can only take you so far."
@2codemonte 