Conversation

Notices

Embed this notice
SwiftOnSecurity (swiftonsecurity@infosec.exchange)'s status on Sunday, 04-Dec-2022 09:17:14 JST SwiftOnSecurity

I consciously talk about things that seem "simple," because doing so can seem counter-intuitive to people trying to make their way up the ladder. Make a name for themselves. That's absolutely valid no problem.
But the basics matter. Organizations fail at basics. The basics not being done drive this entire industry across the planet. Not the latest post on HackerNews or compromise intrigue.
So I talk about the basics. I have a certain amount of privilege where my competency doesn't get questioned for doing so. You should be more cognizant of your biases on people talking about the basics.
The basics not being done pay your cyber salary. Which very very few organizations in the entire planet can afford a dedicated person for. Everybody else, it's purely from their professional passion to get things "right." They have no real investment in the security of their organization. They try anyway. That's most of the world we need on our side.
I know because I was that person.
In conversation Sunday, 04-Dec-2022 09:17:14 JST from infosec.exchange permalink
Attachments
1. Untitled attachment
- Embed this notice
  Jim Sykora (jimsycurity@infosec.exchange)'s status on Sunday, 04-Dec-2022 09:17:02 JST Jim Sykora
  in reply to
  @streamsthoughts @cirriustech @alyssam_infosec @SwiftOnSecurity
  I do like the way you frame "the basics" as where to get started or as an entry point.
  I've started to consciously refer to the steps most often missed in security as foundational because they aren't often simple, easy, or basic. But yet I think it's a great analogy because it's straightforward to understand in the same manner that you don't start building a house without first getting the foundation ready and done correctly otherwise the rest of the house won't be stable, secure, or around for the long haul.
  
  In conversation Sunday, 04-Dec-2022 09:17:02 JST permalink
- Embed this notice
  john stream (streamsthoughts@infosec.exchange)'s status on Sunday, 04-Dec-2022 09:17:11 JST john stream
  in reply to
  - G :donor: :Tick:
  - Alyssa Miller ?️ :nyancat_rainbow: :donor:
  @cirriustech @alyssam_infosec @SwiftOnSecurity I like this train of thought too. I have an “and” and a “but” comment. …but for those that struggle with getting started, “the basics” is a term that is an easy entry point to better protection, foundational sounds hard. ….and… once you have the foundation built, you can start to mature your program. This principle applies to so many things. Relationships, anxiety, exercise…the foundation starts with you and what you focus on first.
  
  In conversation Sunday, 04-Dec-2022 09:17:11 JST permalink
  
  Jake Hildreth (acorn) :blacker_heart_outline: repeated this.
- Embed this notice
  G :donor: :Tick: (cirriustech@infosec.exchange)'s status on Sunday, 04-Dec-2022 09:17:12 JST G :donor: :Tick:
  in reply to
  - Alyssa Miller ?️ :nyancat_rainbow: :donor:
  @alyssam_infosec @SwiftOnSecurity I also think we need to stop calling them the basics or 101 and instead refer to them as foundational. Might sound silly, but some of them are not necessarily simple, but they are the foundations of a strong security posture. Basics/101 can downplay their value.
  
  In conversation Sunday, 04-Dec-2022 09:17:12 JST permalink
- Embed this notice
  Alyssa Miller ?️ :nyancat_rainbow: :donor: (alyssam_infosec@infosec.exchange)'s status on Sunday, 04-Dec-2022 09:17:13 JST Alyssa Miller ?️ :nyancat_rainbow: :donor:
  in reply to
  
  @SwiftOnSecurity whether we want to admit it or not, most of us were that person.
  That said, we need to be better at communicating the basics. It's not always that the orgs don't care, we (i.e. #infosec) don't give them the proper information to be able to understand, to be able to prioritize, and to be able to react. What seems so basic and simple to us isn't so simple and basic to a CFO. Much like the inner workings of our finance departments are pretty much foreign to most security people.
  
  In conversation Sunday, 04-Dec-2022 09:17:13 JST permalink
- Embed this notice
  Jake Hildreth (acorn) :blacker_heart_outline: (horse@infosec.exchange)'s status on Sunday, 04-Dec-2022 11:12:13 JST Jake Hildreth (acorn) :blacker_heart_outline:
  in reply to
  @JimSycurity @streamsthoughts @cirriustech @alyssam_infosec @SwiftOnSecurity @horse
  “Foundational” is such a good description. What do you consider the most missed foundational aspect(s) of security?
  
  In conversation Sunday, 04-Dec-2022 11:12:13 JST permalink
- Embed this notice
  Jim Sykora (jimsycurity@infosec.exchange)'s status on Sunday, 04-Dec-2022 13:24:01 JST Jim Sykora
  in reply to
  @horse @streamsthoughts @cirriustech @alyssam_infosec @SwiftOnSecurity
  Not knowing what you have that is worth securing and where it is.
  
  In conversation Sunday, 04-Dec-2022 13:24:01 JST permalink
- Embed this notice
  Jake Hildreth (acorn) :blacker_heart_outline: (horse@infosec.exchange)'s status on Sunday, 04-Dec-2022 13:43:04 JST Jake Hildreth (acorn) :blacker_heart_outline:
  in reply to
  @streamsthoughts @JimSycurity @cirriustech @alyssam_infosec @SwiftOnSecurity I do like those Trimarc folks.
  
  In conversation Sunday, 04-Dec-2022 13:43:04 JST permalink
- Embed this notice
  john stream (streamsthoughts@infosec.exchange)'s status on Sunday, 04-Dec-2022 13:43:05 JST john stream
  in reply to
  @JimSycurity @horse @cirriustech @alyssam_infosec @SwiftOnSecurity Tay did a thread on it that detailed the basics. 1) Patch your perimeter. You’ve got to know what will be exploited first. 2) Back up important stuff 3) Maintain good AV practices on all endpoints. 4) Patch everything inside 5) call it a day and come back tomorrow to do it all over again. If you’ve found everything you can uncover - follow #trimarc security hardening guides for AD, ESX, and AxureAD/M365. Fantastic resources. https://www.hub.trimarcsecurity.com/
  In conversation Sunday, 04-Dec-2022 13:43:05 JST permalink
  Attachments
  1. No result found on File_thumbnail lookup.
    
    Enterprise Security | Trimarc Hub
    
    Trimarc Security and the Trimarc Content Hub helps organizations better secure their environment. Trimarc provides Enterprise Security methods to better secure Active Directory, Microsoft Office 365, Windows, Powershell, VMWare, Azure and the Enterprise as a whole.

Public

Conversation

Notices

Feeds