Category Archives: InfoSec

Perspectives on Information Security Architecture

There are few things that every architect should do but most forget. As you know, there is no shortage of technology architecture frameworks and standards. You may have come across TOGAF for enterprise architecture and SABSA (Sherwood Applied Business Security … Continue reading →

Posted in InfoSec | Tagged architecture, Information Security Architecture | Comments Off

Six Essential Ingredients for Building a Successful Security Operations Center (SOC)

Over years of my professional work and research, I found six ingredients absolutely necessary for success of any SOC, big or small. When you combine these ingredients with continuous improvement activities, you will get excellent business results. On the other … Continue reading →

View post to subscribe to site newsletter.

Posted in InfoSec, SOC | Tagged ciso, governance, SOC, threat intelligence | Comments Off

Achieving Excellence in SOC Operations and Incident Response

Draft of Chapter 7 of my book “Cybersecurity Arm Wrestling – Winning the perpetual fight against crime by building a modern Security Operations Center” is complete and available for download. This chapter is about “Operate” part of the “Plan-Design-Build-Operate” strategy and … Continue reading →

View post to subscribe to site newsletter.

Posted in InfoSec, SOC | Tagged Book, ciso, cybersecurity, SOC | Comments Off

What is a Next Generation SOC and does it Cost More?

Historically Security Operations Centers (SOC) have been a combination of people, processes, and technology designed to protect information systems, detect and respond to incidents to minimize damage. Many times SOC were built to meet fundamental needs for log collection and … Continue reading →

Posted in InfoSec, SOC | Tagged API, infosec, IoT, MTTR, SIEM, SOAR, SOC, UEBA | Comments Off

The Case for a SOC Conference

With digital economy taking a foothold, the CISO’s work is just getting more complex as new technologies are adopted by businesses, strict privacy laws are enacted globally, and attack surface is expanding by each day. Networks are no longer confined to data centers or corporate offices, and older ideas of managing security operations are obsolete. Continue reading →

Posted in InfoSec, SOC | Tagged API, automation, cloud, containers, DFIR, forensic, IoT, Open Source, serverless, SOC, SOC conference | Comments Off

Managing Cybersecurity Program Cost

With COVID19 and expected budget cuts across the board, cybersecurity leaders must prepare for a shrinking slice of their share in 2021. While hoping for the best, it is still a prudent idea to take a more critical look at … Continue reading →

Posted in InfoSec | Tagged budget, ciso, infosec, strategy | Comments Off

Stress and SOC Staff Burnout

SOC staff is dealing with threats and investigations on regular basis every day. In many cases these threats are repetitive. Dealing with continuous onslaught of Cyber threats makes SOC staff stressed. Stress and burnout are real problem. What is stress? … Continue reading →

Posted in InfoSec | Tagged ciso, SOC | Comments Off

CISO Tools to Build (or Tweak) a Cybersecurity Roadmap, Create Business Case and Request Funding

I am not telling you anything new when I say that an essential part of a CISO’s job is to build a Cybersecurity program, communicate it to stakeholders, and continuously tweak it based upon continuously changing threat landscape. Job of … Continue reading →

Posted in InfoSec, Leadership | Tagged awareness program, business case, CISO MindMap, cybersecurity, information framework, information security programs, information security roadmap, information security strategy | Comments Off

A 3-3-4-5 Model for CISO Strategy

Many CISOs and Infosec leaders I meet face continuous challenge to communicate their strategy that is simple and others in their organization can understand and relate to. I have created a simple model for CISOs to explain it on a single page and have found it to be an effective tool. Continue reading →

Posted in InfoSec, Leadership | Tagged ciso, model, strategy | Comments Off

A Threat Modeling Process to Improve Resiliency of Cybersecurity Program

Many organizations with mature Cybersecurity program have implemented controls to safeguard their digital assets. However, controls can give a false sense of security as many times mere existence of a control does not mean that it is (a) adequate and/or (b) effective. Protecting crown jewels requires continuous monitoring and evaluating controls. This article describes a 5-step threat modeling process to improve resiliency of your program, identify gaps and close these gaps. Continue reading →

View post to subscribe to site newsletter.

Posted in Digital Transformation, InfoSec, Leadership | Tagged cybersecurity, threat modeling | Comments Off

Rafeeq Rehman | Cyber | Automation | Digital

Rafeeq Rehman – Personal Blog

Category Archives: InfoSec

Perspectives on Information Security Architecture

Like this:

Six Essential Ingredients for Building a Successful Security Operations Center (SOC)

Like this:

Achieving Excellence in SOC Operations and Incident Response

Like this:

What is a Next Generation SOC and does it Cost More?

Like this:

Managing Cybersecurity Program Cost

Like this:

Stress and SOC Staff Burnout

Like this:

CISO Tools to Build (or Tweak) a Cybersecurity Roadmap, Create Business Case and Request Funding

Like this:

A 3-3-4-5 Model for CISO Strategy

Like this:

A Threat Modeling Process to Improve Resiliency of Cybersecurity Program

Like this:

Subscribe to Blog via Email

Follow me on Twitter

Recent Posts

Top Posts & Pages

Subscribe to Blog via Email

Recent Posts

Category Archives: InfoSec

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Subscribe to Blog via Email

Follow me on Twitter

Recent Posts

Top Posts & Pages

Subscribe to Blog via Email

Recent Posts