What Systems Keep You Effective? Previously I discussed What’s On Your Not To Do List as a means to remain focused on priorities. I never fear running out of work in cybersecurity. Instead, I worry that our focus does not always stay on the most critical issues. Today I want to highlight several techniques I use to help remain effective. […]
Version 7 of the CIS Controls Released
I recently posted the below on the SANS Internet Storm Center. The CIS Controls serve as a “prioritized set of actions to protect your organization and data from known cyber attack vectors.”. Embraced by several organizations as outlined in the Case Studies section, significant improvements to their cyber security programs are listed and can serve as an inspiration to consider this […]
What’s On Your Not To Do List?
I recently posted the below on the SANS Internet Storm Center. In our craft, there are more than ample opportunities to occupy our time. There are so many things you CAN do. How can you ensure focus on the things that actually make the biggest impact? I suggest that often times you take on more work than what you are able to complete. […]
Unauthorized Change Detected!
I recently posted the below on the SANS Internet Storm Center. How do you detect what has changed in your environment? Is it possible to think beyond the alerts you get from your tools and consider what changes that you absolutely need to know about when they occur? When systems in your environment move from “normal” to “abnormal”, would you […]
Applied Lessons Learned
Applied Lessons Learned What were the harsh and hopefully applied lessons learned that you would never forget and, more importantly, vowed never to repeat? Especially those of you who have been in information security for many years and perhaps a member of several different teams. Consider yourself encouraged to remember those “from now on I […]
Security Awareness for Security Professionals
I recently posted the below on the SANS Internet Storm Center. During Cyber Security Awareness Month (CSAM), we develop campaigns for our coworkers that attempt to encourage them to stop clicking on links and reusing their passwords. These are good reminders for us as information security professionals even though we focus on these topics during the other 11 months […]