| https://www.linkedin.com/in/mikevj/ | |
| Shadowserver | https://shadowserver.org |
| Podcast | https://cisoseries.com |
In the first report, we analyzed 25 security practices against 11 outcomes to see which ones had the strongest statistical correlations.
Last year, we took the top five most correlated practices and looked more deeply at WHY they seemed to have the most impact across the board.
This year, we focused on security resilience. What do practitioners think it means? What outcomes do they associate with resilience? And which practices are most strongly correlated with resilience outcomes?
As usual, the data holds some surprises in store. Check out the report when it launches on December 6th.
I just wrote a post about the current state of growth in infosec.exchange at the one month mark post E-day here: https://blog.infosec.exchange/2022/11/27/an-update-on-growth-of-infosec-exchange/
Note: I installed a plugin that will allow you to follow blog posts there by following @[email protected]
You are never too important or too advanced to lend a helping hand. It's just that simple.
Sleepy, ill-advised rant: to all of the folks who mock the "we take the security of your data very seriously" part of a breach notification, have you ever had to write a security notification? Actually admitting to a security issue (breach/vulnerability/etc) is a huge step for a company. Those notices have to cover a broad range of audiences, not just security experts, but all customers of a service (and also the press, too, BTW). This isn't easy.
Frankly, even publishing them in the first place is a triumph for most companies. If adding platitudes that annoy the security field but make the company feel a little more open to posting the notification, then I welcome the platitudes and will simply scroll right past them.
Mastodon is going through growing pains just. like. every. other. social network did. Every network that spins up goes through a period of "new net, who dis" while the humans try to figure what they want to get out of the network. There's moderation issues (over/under moderation), assholes and trolls, and general discussions of acceptability that eventually converges on a concept of acceptable content. Brands eventually showed up and participated, government representatives eventually saw social networks as a way of interacting with the people they serve. In the early days of social networks, government regulation wasn't a thing - Mastodon might be allowed some runway why they try and figure it out.
Sorting through all of these took /years/. I know people are excited right now about Mastodon, but this is going to take time to sort out. Make sure you participate, post the things you want to post, follow the people you want to follow, boost the content you enjoy. Put. in. the. work. to make this what you want to to be. But know that it's going to take time and if you don't stay here and participate, Mastodon will not rise into something that can continue on its own momentum.
Twas the night before the breach, when all through the cloud, not a creature was stirring, not even those sourced through the crowd.
The policies and procedures were hung by the chimney with care, in hopes that the auditor soon would leave there.
The SecOps team were nestled all snug in their beds, while visions of SIEM solutions danced in their heads.
And CEO in her ‘kerchief, and CISO in her cap, had just settled their brains for a long winter’s nap.
When out on the IDS there arose such a clatter, I sprang from the bed to see what was the matter.
Away to the computer I flew like a flash, logged into my VPN to avoid a backlash.
The alerts on the screen gave me little on which to go, was this a threat, or someone just using IT in the shadow?
When, what to my wondering eyes should appear, but a series of SSH connections to the country formally known as Zaire.
With a trojan horse, so lively and quick, I knew it was planted by an ill informed mouse click.
More rapid than eagles the connections they came, I picked up the phone to the incident response team and called them by name!
“Now Frank! now, Peter! now, Jacob and Ian! Oh, Patrick! Oh, Ahmed! oh, and oh Sheehan! To the list of the alerts! to the top of the firewall! Now dash them away! Dash them away! Dash them away all!”
As dry leaves that before the wild hurricane fly, when they meet with an obstacle, a new tool they will buy.
So up to the value added reseller they flew, in the hope of a corporate gift, and Seahawks tickets too.
And then, in a twinkling, I heard on the phone bridge, one of my engineers was listening to Melissa Etheridge.
As I drew in my head, I told them to mute, I imagined the disclosure briefing, the CEO in a pantsuit.
She was giving a prepared statement, about our security being great. But that didn’t matter as this was a threat we couldn’t negate.
A bundle of compliance certificates she had flung on her back, but ultimately she was just trying to avoid getting the sack.
Her eyes-how they starred! her face how angry! Her cheeks were like roses, her attention on her Blackberry!
Her droll little mouth was drawn up like a bow, and her blonde hair was turning white as the snow.
The budgetary asks she held in her teeth, I told her I wanted to hire a consultant called Keith.
Keith had a broad face and a little round belly, that shook when he laughed, like a bowlful of jelly!
He was chubby and plump, but he had a CISSP and was working towards a couple of other certs which filled me with glee.
A wink of his eye and a twist of his head, soon gave me to know I had nothing to dread.
He spoke not a word, but went straight to his work, and found all the vulnerable machines, then turned with a jerk.
And laying his finger aside of his nose, and giving a nod, up the boardroom he rose!
He sprang to his Prius, to my team gave a whistle, and away they all flew like the down of a thistle.
But I heard him exclaim we were now secure, ‘ere he drove out of sight, “Happy incident free Christmas to all, and to all a good-night!”
Wendy Nather
Jerry 🦙💝🦙
Alyssa Miller 🛩️ 
Cat 🐈🥗 (D.Burch) 
f00f/eris/continuum/etc
Evelyn 
Mike Sheward