Democracy of Cybersecurity Ideas

Cybersecurity teams often require abstract approaches to complex problems in order to achieve solutions. Encouraging a democracy of ideas on the cybersecurity team is a critical approach to surfacing the best ideas and solutions. Formalizing a policy around the democracy of ideas not only supports diversity and inclusion, but also reaching business goals. Read more

Threat Intel Feeds Suck

Traditional cyber threat intelligence feeds offer incredibly limited value and reflect an outdated approach to intelligence in general. The industry needs to consider new approaches to operationally focused threat intelligence to derive true value from the investment. Read more

Ransomware Guidance

Ransomware events can be devastating to organizations. There are best practices and solid advice that can benefit response and recovery efforts. This article aims to lay out some of the strategies you can use to limit the impact of ransomware. Read more

Next Gen Blue Team

By following a four step process teams are can liberate themselves from the industry devotion to "traditional approaches" and begin to tackle, and overcome, the security challenges that matter to them. Each organization is different and using proscriptive frameworks that ignore differentiators and individuality is a recipe for failure. A team that follows this simple fours step cycle can not only ensure scale and effectiveness, they can also become transparent to leadership, stakeholders, and themselves. Read more

Blue Team Challenge

There are a number of extremely difficult challenges in running a successful Blue Team, or security operations defensive team. These range in magnitude from simply keeping track of everything that is going on to building better soft skills and relationships with interdependent teams (think networking, infrastructure, etc.) all the way to the fact that one missed clue could lead to a serious breach. Added to these challenges are the fact that most blue teams are designed to be comprised of zombie console jockeys with "eyeballs on glass" staring at mind numbing alerts for their entire shift. These twin factors combine to create a toxic soup of stress, ineffectiveness, and ultimately failure. Read more

Doing SecOps Right - Runbooks

Rather than rely on an ad hoc process or concede that all security events are different and have to be addressed individually, mature organizations develop written procedures for how to handle security event in the same way that they have procedures for IT operational procedures. By having a written procedure it becomes possible to leverage the power of a checklist to ensure that process is consistent. Read more