The Infosec Archives 12.23.2021 - V3
?? Brendon Rod ??
IAM Resilience Evangelist ?? | Startup Afficionado ?? | Go-to-market Architect ??
#Hey friends,
Welcome back to another Infosec Archives week in review.
Hope everyone is doing well and looking forward to spending some time with family over the coming holidays. (Without any table fights ????)
Perhaps some dad jokes can help keep things fun, here’s one to carry in your pocket or purse.
??Dad Joke Alert ??
Where do Santa's reindeer stop for coffee?
??????
Star-bucks! ???
And now... Let's?dive in?as they say. ??
----------------------------------
News:??
CISA, Five Eyes issue guidance meant to slow Log4Shell attacks
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency released Wednesday?an advisory offering vendors and affected organizations a detailed guide?on how to deal with potential risks to IT and cloud services posed by an exploit in Apache Log4j’s software library.
Career Advice: ??
“Getting into security and IT is tough but once you’ve gotten your first opportunity, you’ll quickly realize that it was worth every bit of effort that you put into it.
Making the decision to become a Security Engineer was one of the best decisions that I ever made but it was also one of the toughest things that I’ve ever done.
There were countless hours of study and research, hundreds of rejections and embarrassing interviews, and an insane amount of hours networking and figuring out how to stand out amongst the crowd.
Nothing great ever comes easy.”
Infosec Wisdom: ??
Brian Blakley: Information Security Leadership
?Keep information security simple (KISS)
?Never done an incident response tabletop exercise? …keep reading…
If you’re a pro, keep scrolling… this post isn’t for you…
?A simple first-time incident response tabletop scenario to consider is a “lost or stolen IT asset”.
?Why? – the scenario is simple, tangible, and easy for everybody to understand and relate to.
?Scenario: “Jane Doe stopped at a Starbucks for coffee. When Jane got back to her car, she realized there was broken glass on the ground, and her laptop backpack was stolen. Smash & grab.”
?
Draft a playbook and simply think through the logical steps of the scenario.
?Consider the following:
- Is there a policy that is applicable to this scenario?
- Is there a process already established?
- Who does Jane contact first? Second?
- What does Jane’s manager do?
- What does IT do and in what order?
- What if the drive wasn’t encrypted?
- What else was in the backpack – work papers, USB drives, something else?
?
Note: This isn't a comprehensive list, just a few top-level considerations.
?Document the steps, then coordinate a group meeting with all the people who have a role in the playbook.
?Share the scenario and step through the draft playbook.
?If you’re doing the tabletop correctly, there will be significant gaps in the playbook.
- Wrong or missing people.
- Roles and responsibilities aren’t defined or clear.
- Lack of policy. Meaning, no established rules.
- Incomplete contact lists and wrong contact info.
- Lots of missing steps.
- Steps are in the wrong order.
- Lack of contingencies.
- Many more…
?Gaps are exactly what you want at this phase.
?Address the gaps, add content to the playbook, and continue to exercise the playbook until the steps from one to done are complete.
?Then, simply test the playbook at least annually.
Keep information security simple (KISS)
----------------
#2 *Bonus*
Amy Stokes-Waters: Helping organisations improve their cyber security | Co-Founder
Seen so many people explaining Log4j to “normies” so here’s my attempt…
It’s pretty shit. Like you find out you’re allergic to some sequins and your entire wardrobe resembles Ru Paul’s. And now you gotta go through it and meticulously and check every sequin.
Did that work? Tell me that worked?
Mentorship: ????
John Petrie: C-Level Executive, Board Member and Cybersecurity Professional
“Whether people want to admit it or not, every executive, every manager has a list of people that they work with, that they respect or that they would love to have work for them or that they worked for, that they want to work for.
Again, there's always a list floating around. You have to get your name on that list. And I have a list of a lot of people. There's probably, I don't know, 40 or 50 people on a list that I just remember that, Hey, this would be a good fit. I happen to have a position open. Hey, do you want to put in an application for this position?
The younger people who have not been around yet, or haven't been able to achieve that, the best way is starting to build your network. Introduce yourself, go to meetings of local associations that are related to cybersecurity, get involved. And people will remember hardworking folks that want to achieve a certain goal or objective.
Always keep your resume up to date. And make decisions based on a plan. And so the younger people need to introduce themselves, to talk to people, to get on webcasts, to listen to podcasts like this, to understand who's out there, who are the leaders in our field today and try to get introduced to them. LinkedIn is a perfect example.”
#Cybersecurity Heroes Podcast: ???
Build A Legacy That Fulfils The Soul
Struggling with doubt, anxiety and stress? Feeling overwhelmed?
If you know there’s something bigger in your plan and you’re not sure how to execute it?
Then meet Gaia Ferreira, a mentor, coach, speaker and author.
Gaia's personal and professional journey has been almost as non-traditional as you can get.
In this episode, she shares her insights about building your own legacy and reminds us of the importance of integrating ourselves.
She also believes in the importance of living your legacy on purpose so that the world may become a better place that is led from the heart (not from a spreadsheet).
Links to the podcast episode: ??
??Apple:?
??Spotify:?
Meme of The Week ??
--------------------
That's a wrap for this week's Infosec Archives, see you again next week. ??
Happy Holidays and Stay safe out there. ?????
Brendon
p.s
Don’t’ know what to gift your infosec friends with this year?
Share this FREE newsletter subscription ??
30+ years of experience in Executive level Engineering, Operations, Sales, Business Development & Client Relations within the IT & Cybersecurity industry
2 年??Brendon Rod?? - berry nice mr!