As a company we do not struggle with on boarding new talent. We are actually really good at bringing folks in, making them feel welcome, and emphasizing how they are now a part of the team. Their first day they … Continue reading On Boarding Challenges
CVEDetails says that there is currently over 14,000 vulnerabilities that have a CVE score of 9.0 or higher. The average CVE score is a 6.6, and the total number of CVE’s is over 103,000. You are responsible for every single one of them. If you’re a small shop, that is in addition to your monitoring load, your incident response load, your asset management load, your policies and procedures load, your documentation load, your event investigation load, your… You get it. The never ending load of infosec.Continue reading “Vulnerability Management Fatigue”
An incident response plan is the cornerstone to preparing for what is coming: an incident (a bit obvious, really). Incidents are those little things that tear businesses up. At it’s core, the Equifax breach was an incident. The Yahoo email scandal was… an incident. The Shadow Broker’s ‘hack’: an incident. Your data center just went down because of an air conditioning malfunction, guess what? Incident! They are everywhere, and cause disruption everywhere they go.
Is hard. That’s it. Asset management is hard. Fucking hard is probably a more apt term. I have been brainstorming a better way to do this, but there really isn’t one. Every day new assets appear on the network: laptops, … Continue reading Asset Management