My human interactions in this weekly cyber
Alexandre BLANC Cyber Security
Advisor - ISO/IEC 27001 and 27701 Lead Implementer - Named security expert to follow on LinkedIn in 2024 - MCNA - MITRE ATT&CK - LinkedIn Top Voice 2020 in Technology - All my content is sponsored
Hi everybody, while you all know you need to keep your infrastructures, systems etc updated, you are already done with this, and therefore, all the exploits that had a patch are not affecting you.
So, let's focus on the human exchanges this week, and none of them are aware I would take this angle, but we can make a difference :P
Vamshika Peddi from Australia reached out, she's Comptia Security+ certified, and got some blue team training as well, she's looking for an internship or job opportunity. You may want to reach out to her.
A massive indirect cloud leak, but that's not only ChatGPT, that's happening for long in any online platform !
The report reveals an unprecedented number of hard-coded secrets in new GitHub commits over the year 2022. And much more.
David Heinemeier Hansson (CEO and Co-Owner at Hey) shared this week an update about his company experience moving out of the cloud and saving millions. I reached out, he replied, very nice.
One can see real human when busy people reply, I have to say, I'm kind of a fan, full cloud exit strategy, done and succeeded !
The cloud infinite leakage !
Between misconfiguration, cloud insider abuses mining your data to resell you stats you didn't ask for, and the continuous state of leak, on top of all of this :
Spoiler Alert: Organizations with 10,000 SaaS users that use M365 and Google Workspace average over 4,371 additional connected apps.
In the cyber snake oil world, some try to show their value, this is the case of Orenda Security, which this week got CREST Approved !
CREST state on their site : "CREST builds capability, capacity, consistency and collaboration in the global cyber security industry through services that nurture, measure and enhance the performance of individuals and organisations."
Wesley Diggs reached out, he working with NetThunder, a self hosted private cloud provider, as they have a lot of work going on, and this is exciting, because it shows that cloud exit strategy is getting traction as people realized they got deceived by cloud, and that cloud is not giving value for the money.
Parker Schmitt and I exchange for long now, on how to help companies recover their freedom and benefits by escaping the cloud trap.
Get It Started Get It Done, the Banyan Security podcast covering the security industry and beyond.
领英推荐
In this episode, the host and Banyan’s Chief Security Officer Den Jones speaks with Laura Whitt-Winyard, an experienced Chief Information Security Officer most recently at Malwarebytes.
I had a chance to connect with Laura Whitt-Winyard this week following her podcast, definitely inspiring !
Garett Moreau is fully active on here, like me I guess, trying to bring back common sense. He reached out sharing some topics of interest.
Isn't this all about attack surface management ?
This is very tight to?#riskmanagement?in the way that you can take compensation measure, only AFTER you identified all your exposed assets. It's all about inventory right ?
Bill Alderson did ping me, he shared about 25 year Wireshark analyzer history, and asked for support for this project. As you know, free open source do rely on donations to grow over time.
That might be of interest for you if you dev in Java or manage Java devs !
Are you doing it right ? Are you applying proper security in your leaky SAAS (cloud) platform so as at least you do a little effort to stop the cloud leak nightmare ?
Do it right or don't do it. The cloud is already a big nightmare by itself, having to give away all control, all your data, to your direct challenger is such a huge nonsense, that on top of this, you shouldn't fail on implementation !
A good reading for this rainy Saturday morning here in south Quebec (and yes, very happy to have rain)
Learn how your secrets management can affect your DevOps performance, measured by DORA metrics, as well as increase your risk as an organization.
ISO27001 is all about measurable, quantifiable, and documented indicators, so this is very aligned as well. On top of this, secrets are the key to the crown jewels of your organization.
On this very documented practical note, I wish you all an amazing weekend, and I hope you enjoyed the human element of this newsletter as well ! :)
B.Eng | M.S | CISSP
1 年Very informative.. Thanks
IT Manager / CyberSecurity / Software Dev / IT Engineering Manager: Science, Engineering and Manufacturing
1 年Superb Alexandre, the interactions that you've had bring a really nice interactive dimension to your weekly cyber. A newsletter is what you make it, meaning that you can evolve it into becoming the highlight of the business that you offer. I've found that including people, business connections, and what other businesses offer, within your customer base; can really improve on your connections businesses as well. This is definitely one way to get the word out. When people look forward to reading your news letter, it means that you've created something of a buzz. It means that your customers will start talking, which generally means that other people and businesses will want in, on what you're offering :}