I retired as CISO from a public higher ed in Pennsyltucky. Now I'm working in private industry doing GRC/vCISO consulting for a local InfoSec company.
Hash Potatoes: #singleDad #minecrafter #sciFiFan #infosec #WindowsGeek #HITRUST #CISSP
| Opinions | I have some and they are all mine. |
| Force | Light Side |
| Pronouns | He/Him/His |
| https://twitter.com/CompuWatcher |
@accidentalciso Not sure if it helps anyone, but this is my current readiness checklist for applications.
Privileged Access Management
โ Privileged access approvers list (group or individuals)
โ Data access approvers list (group or individuals)
โ Roles identified for PAM
โ Targets identified for PAM
โ Service accounts identified
โ Secret inventory completed
โ Secret rotation procedures written
โ Access review strategy and schedule written
โ MFA implemented
โ Break-glass accounts created
Secure Configuration Management
โ Unnecessary features/ports/services disabled
โ Patch/update strategy defined
โ Inventory added to CMDB with owners
โ Baseline Configurations documented/exported
Detection Engineering
โ Authentication logs sent to SIEM
โ Administrative activity logs sent to SIEM
โ Logging levels configured to capture security events
โ Special IOC development
โ Special rule development
Incident Response
โ Determine SOAR necessity
โ Endpoint isolation strategy
โ Identity isolation strategy
โ Downtime procedures documented
Incident Recovery
โ Application operational/functional check procedure
โ Service/system restart dependencies document
โ Backup & Recovery test schedule
So, I seem to be making a fence between social media tools. I find myself gravitating to Mastodon for Infosec and IT stuff, and Threads for more personal/non-work. Of course the streams do cross sometimes, and that's ok. That's just like life.
I'm using Twitter less and less. Insta is still more personal, but it is also more photo oriented. So, I still go there. And Reddit is Reddit.
SIEM Shady