Breaking into cybersecurity is undeniably challenging, largely due to the experience paradox where real-world skills are the most critical metric, yet are difficult to acquire without first stepping into the field. While the industry grapples with establishing common standards for evaluating talent, aspiring cybersecurity professionals must be creative and proactive in building a robust portfolio. Whether through leveraging current roles, participating in bug bounty programs, contributing to open source projects, or engaging with the cybersecurity community, there are many pathways to demonstrating your capability. With persistence and ingenuity, you can overcome the initial barriers and forge a successful career in cybersecurity.
Read more
OSSOCDOCS is a project designed to fill a need for robust, freely available, SOC documentation including runbooks and governance. After a decade of building and running Security Operations Centers (SOCs) for dozens of companies, I have encountered a recurring challenge: how to establish a solid foundation for SOC documentation. One of the biggest hurdles in standing up a new SOC, or refining an existing one, is creating a library of playbooks, runbooks, policies, and standard operating procedures (SOPs). Without these foundational documents, SOCs struggle with consistency, efficiency, and repeatability. The best SOC programs I have toured all shared two key traits: teamwork and documentation. I can not help with the first (and the topic is extremely well documented in literature) but the second is a gap that I believe needs to be filled.
Read more
Building a robust cybersecurity program requires more than just technical prowess, it also demands a structured, comprehensive approach to documentation. A well-documented cybersecurity environment ensures that processes are consistent, repeatable, and measurable. With clear documentation, teams can work more efficiently, newcomers can get up to speed quickly, and organizations can more easily demonstrate compliance with regulations and standards. By focusing on policy, process, and runbook documentation, cybersecurity programs can move toward operational maturity.
Read more
Establishing a successful purple team program requires more than tools and technology. Organizations need to devote time, attention, and resources to critical considerations such as program governance, leadership, and outcomes. Establishing a strong policy, process, reporting, and accountability model will lead to a more robust and resilient program. In this article we describe some of the common challenges associated with establishing a purple team testing program.
Read more
Cybersecurity teams often require abstract approaches to complex problems in order to achieve solutions. Encouraging a democracy of ideas on the cybersecurity team is a critical approach to surfacing the best ideas and solutions. Formalizing a policy around the democracy of ideas not only supports diversity and inclusion, but also reaching business goals.
Read more