What do you do if you want to learn from security breaches as a network security professional?

To learn from security breaches as a network security professional, it is essential to conduct a thorough analysis of the incident. Identify the root cause, assess the impact, and implement necessary measures to prevent future occurrences. Stay updated on the latest security trends and technologies to enhance your skills. Continuous learning and sharing knowledge with peers in the industry are crucial for professional growth.

O aprendizado contínuo na área de seguran?a, faz parte do processo de sobrevivência do profissional desta área. A todo momento s?o publicados novas vulnerabilidades, novos tipos de ataques, novas solu??es tecnológicas de seguran?a, novas normativas e frameworks que alimentam este ecossistema. O compartilhamento de experiências através do networking com diversos profissionais é uma das formas mais importantes para se manter atualizado.

"It's not a failure until it's a failure to learn" Cyber security incindents, more often than not, occur at the end of a years-long process of rational decisions made by reasonable people. There will always be infinite work, but pre-mortem/near-miss/post-mortem lessons are the hardest-earned and most valuable. Advertise them and incorporate into your forward-looking estimates of potential risk. Each new identified failure mode has an opportunity to re-frame assumptions and risks. See how people work normally in ways that create conditions for crisis. What controls or guidance make this more likely? Do you still need that? What systems can be deprecated?

There will always be infinite work. Do you really need to add something new? New controls create new failure modes and additional assumed complexity over time. Can you remove components, systems, and processes before you add them? Each new alert becomes camouflage for the next ttp. Smaller, more defensible, and more observable components that generate usable diagnostics will win out over adding security components, analytics, or processes.

Como sugest?o, as solu??es de detec??o e resposta de rede (NDR), s?o ferramentas interessantes para detectar incidentes em redes, usando inteligência artificial (IA), aprendizado de máquina (ML) e análise de dados. Além das solu??es tecnológicas de seguran?a de redes, n?o podemos deixar de esquecer dos processos e fator humano. Assim, considero o Centro de Opera??es de Seguran?a (SOC) um importante aliado para a monitora??o continua. Um SOC bem estruturado é que contém todos os elementos necessários para obter o sucesso.

Alerts should reference governance scope, control IDs, infrastructure resources, and resolved identity information where possible. Scope validation should be a key part of surface monitoring and governance-related inventory management. Signal dropouts, unexpected changes to scope-level observabilty, and analytical errors should be tracked on a separate queue compared to security/activity alerts.

Grow your talent from personnel with a naturally-unsatisfiable curiosity. Adversary mindset can be taught. Value analytical talent that can flip between layers of abstraction to see how system activity might be represented from different observable surfaces. Provide a gentle gradient for investigative work and lots of pointers to how to get to the next more detailed/more abstract level of information as an investigation progresses. Plan high churn for early-career talent if you are lucky and can provide increasing levels of autonomy and interesting work. Talent has a way of finding a good challenge and a handsome paycheck. Theres' always something interesting to look at. keep analysts engaged with rewarding work that worth talking about.