I retired as CISO from a public higher ed in Pennsyltucky. Now I'm working in private industry doing GRC/vCISO consulting for a local InfoSec company.
Hash Potatoes: #singleDad #minecrafter #sciFiFan #infosec #WindowsGeek #HITRUST #CISSP
| Opinions | I have some and they are all mine. |
| Force | Light Side |
| Pronouns | He/Him/His |
| https://twitter.com/CompuWatcher |
@accidentalciso Not sure if it helps anyone, but this is my current readiness checklist for applications.
Privileged Access Management
โ Privileged access approvers list (group or individuals)
โ Data access approvers list (group or individuals)
โ Roles identified for PAM
โ Targets identified for PAM
โ Service accounts identified
โ Secret inventory completed
โ Secret rotation procedures written
โ Access review strategy and schedule written
โ MFA implemented
โ Break-glass accounts created
Secure Configuration Management
โ Unnecessary features/ports/services disabled
โ Patch/update strategy defined
โ Inventory added to CMDB with owners
โ Baseline Configurations documented/exported
Detection Engineering
โ Authentication logs sent to SIEM
โ Administrative activity logs sent to SIEM
โ Logging levels configured to capture security events
โ Special IOC development
โ Special rule development
Incident Response
โ Determine SOAR necessity
โ Endpoint isolation strategy
โ Identity isolation strategy
โ Downtime procedures documented
Incident Recovery
โ Application operational/functional check procedure
โ Service/system restart dependencies document
โ Backup & Recovery test schedule
So, I seem to be making a fence between social media tools. I find myself gravitating to Mastodon for Infosec and IT stuff, and Threads for more personal/non-work. Of course the streams do cross sometimes, and that's ok. That's just like life.
I'm using Twitter less and less. Insta is still more personal, but it is also more photo oriented. So, I still go there. And Reddit is Reddit.
Well, my general thought on these Social apps is that Mastodon seems the most relevant to me (not even just the infoSec group).
Threads was interesting to peek at, but doesn't hold my attention yet.
Twitter is still a place for real-time trends because some bots are actually useful.
Facebook is still where my friends/family live.
Oh and Reddit is useful but still reminds me of the old BBS days with postings and replies. But makes for great rabbit-hole timekills.
So here's a wild thought. What if...
CISO reports to CIO. Since the CIO tends to still have the ear of the board, run with it. The CIO would have 3 pillars: IT Ops, Security/risk, accountability.
InfoSec sets the rules based on risks and vulnerabilities, IT does IT, accounting checks the work. CIO is the referee, sets priorities, and reports.
SIEM Shady
Venty ๐จ๐ญ๐ซ
MicheleV_AK