Draft of Chapter 7 of my book “Cybersecurity Arm Wrestling – Winning the perpetual fight against crime by building a modern Security Operations Center” is complete and available for download. This chapter is about “Operate” part of the “Plan-Design-Build-Operate” strategy and … Continue reading
Historically Security Operations Centers (SOC) have been a combination of people, processes, and technology designed to protect information systems, detect and respond to incidents to minimize damage. Many times SOC were built to meet fundamental needs for log collection and … Continue reading
With digital economy taking a foothold, the CISO’s work is just getting more complex as new technologies are adopted by businesses, strict privacy laws are enacted globally, and attack surface is expanding by each day. Networks are no longer confined to data centers or corporate offices, and older ideas of managing security operations are obsolete. Continue reading
With COVID19 and expected budget cuts across the board, cybersecurity leaders must prepare for a shrinking slice of their share in 2021. While hoping for the best, it is still a prudent idea to take a more critical look at … Continue reading
SOC staff is dealing with threats and investigations on regular basis every day. In many cases these threats are repetitive. Dealing with continuous onslaught of Cyber threats makes SOC staff stressed. Stress and burnout are real problem. What is stress? … Continue reading
I am not telling you anything new when I say that an essential part of a CISO’s job is to build a Cybersecurity program, communicate it to stakeholders, and continuously tweak it based upon continuously changing threat landscape. Job of … Continue reading
Many CISOs and Infosec leaders I meet face continuous challenge to communicate their strategy that is simple and others in their organization can understand and relate to. I have created a simple model for CISOs to explain it on a single page and have found it to be an effective tool. Continue reading
Many organizations with mature Cybersecurity program have implemented controls to safeguard their digital assets. However, controls can give a false sense of security as many times mere existence of a control does not mean that it is (a) adequate and/or (b) effective. Protecting crown jewels requires continuous monitoring and evaluating controls. This article describes a 5-step threat modeling process to improve resiliency of your program, identify gaps and close these gaps. Continue reading
Verizon security recently published a white paper titled “CISO’s Guide to Cloud Security: What to know and what to ask before you buy” that points out five steps to help decision making on purchasing Cloud products and services. For each step, the white paper also provides recommendations to consider. This is a summary of this white paper. Continue reading
Collecting and processing security logs is one of the primary function of any SOC. Log sources vary widely, starting from security device logs, network components, applications, servers and many others. Continue reading