john streamDec 3, 2022
@cirriustech @alyssam_infosec @SwiftOnSecurity I like this train of thought too. I have an “and” and a “but” comment. …but for those that struggle with getting started, “the basics” is a term that is an easy entry point to better protection, foundational sounds hard. ….and… once you have the foundation built, you can start to mature your program. This principle applies to so many things. Relationships, anxiety, exercise…the foundation starts with you and what you focus on first.
Show threadJim SykoraDec 3, 2022

@streamsthoughts @cirriustech @alyssam_infosec @SwiftOnSecurity

I do like the way you frame "the basics" as where to get started or as an entry point.

I've started to consciously refer to the steps most often missed in security as foundational because they aren't often simple, easy, or basic. But yet I think it's a great analogy because it's straightforward to understand in the same manner that you don't start building a house without first getting the foundation ready and done correctly otherwise the rest of the house won't be stable, secure, or around for the long haul.

Show threadJake Hildreth (acorn) Dec 4, 2022

@JimSycurity @streamsthoughts @cirriustech @alyssam_infosec @SwiftOnSecurity @horse

“Foundational” is such a good description. What do you consider the most missed foundational aspect(s) of security?

Show threadJim Sykora

@horse @streamsthoughts @cirriustech @alyssam_infosec @SwiftOnSecurity

Not knowing what you have that is worth securing and where it is.

Dec 4, 2022 at 4:24amWeb
Show threadjohn streamDec 4, 2022
@JimSycurity @horse @cirriustech @alyssam_infosec @SwiftOnSecurity Tay did a thread on it that detailed the basics. 1) Patch your perimeter. You’ve got to know what will be exploited first. 2) Back up important stuff 3) Maintain good AV practices on all endpoints. 4) Patch everything inside 5) call it a day and come back tomorrow to do it all over again. If you’ve found everything you can uncover - follow #trimarc security hardening guides for AD, ESX, and AxureAD/M365. Fantastic resources. https://www.hub.trimarcsecurity.com/
Enterprise Security | Trimarc Hub

Trimarc Security and the Trimarc Content Hub helps organizations better secure their environment. Trimarc provides Enterprise Security methods to better secure Active Directory, Microsoft Office 365, Windows, Powershell, VMWare, Azure and the Enterprise as a whole.

Trimarc Content Hub
Show threadJake Hildreth (acorn) Dec 4, 2022
@streamsthoughts @JimSycurity @cirriustech @alyssam_infosec @SwiftOnSecurity I do like those Trimarc folks.
Show threadLesDec 4, 2022
@streamsthoughts @JimSycurity @horse @cirriustech @alyssam_infosec @SwiftOnSecurity Backup, patching, antivirus, reviewed firewall rules, DMZ, password policy, split of admin and workstation accounts for the admins, MFA. These are the basics for me. Next level is IDS, IPS...
What am I missing?