Cyber Y'all

Welcome to Part 4 in our discussion about working smarter not harder in cybersecurity. Let's talk more about perfectionism and how it neglects the immediate issues.  This thinking must be broken and we must avoid “worst-case” and “just-in-case” thinking.  All of these are detrimental to achieving security as soon as it should be achieved.  There is some urgency to achieve things in the immediate. Pursuit of perfection fallacy and neglecting the immediate At the heart of older ways of thinking is “pursuing the perfect, at the expense of the good”.  Compare this also to “a good plan today is better than a perfect plan tomorrow”.  Speed and time are of the essence in cybersecurity.   Pursuing perfection hinders progress to address today’s immediate threats in favor of trying to do things perfectly for tomorrow.  Focus on today just as much as tomorrow, because Ransomware could come suddenly and massively. Some companies pursue 10 projects simultaneously, and complete none of them.  So

Welcome to Part 3 in this series about keys to working smarter not harder in cybersecurity. In this article we'll look at unrealistic tendencies, how MITRE ATT&CK can help if used correctly, and how the nature of cyberspace has evolved from a prevention-centric approach. Unrealistic tendencies  Older ways of thinking about cybersecurity and the nature of cyber fail to understand how interconnected threats and attack chains work.  Prevention items are often looked at in isolation rather than as links in an attack chain.   As it has been said, defenders often think in lists, and attackers think in graphs.  Defenders like to believe doing all things on a checklist will achieve success.  But everything on the checklist has a potential bypass.   All it takes is the weakest link in the chain - and there are many - for an attacker to achieve success.  This is where defense in depth – the right way – must be achieved.  There are some errors of judgment that can be made in this area as

Welcome to part 2   in this series about keys to working smarter not harder in cybersecurity.   In case you missed it, in part 1 I talked about about the importance of  understanding the nature of cyber and how to start focusing on what's most important.     Let's look at some other key points here: Things get worse - and they always will - what you need to do about this starting now How cybersecurity is not a static process or journey but a dynamic and continuous one The fallacy of views such as "once and done" Who has the time for so much today? Why would anyone, knowing the true nature of cyber, write 100 pages of cybersecurity guidance that alone takes years to update, and is practically obsolete by the time it’s completed?  Many long policy documents by government organizations are written this way still.  They are not focused on speed of implementation or precision. I believe it is because those writing such lengthy documents still believe that thoroughness is k

This is a 5-part series raises critical points regarding crucial modern strategies in cybersecurity.  This involves working smarter not harder and escaping older ways of thinking and doing.  The time has come to stop hitting a brick wall in cyber defense.   I'll present you with some wisdom based on many years in the field, to help you be more effective in cybersecurity.  This starts with thinking about things in the right way.  It includes things such as the futility of "doubling efforts" and "spending more time" on things - despite what others might tell you and despite hundreds of checklist items that entice you to do so.  Less in more. The old and out-dated approaches to cybersecurity might have worked for 1999 and maybe even 2009, but they absolutely no longer scale today.  Worse, they will not ever scale in the future, so things much change right now.  Let's first look at: The fallacy of only working hard and how it can now get us into trouble How cybe

Slay the Log4Shell Dragon Playbook TEAM 2 – Hunt and Respond Playbook Struggling with how to tackle the Log4J / Log4Shell Dragon and low on resources? First, as I've said before, start with my “ RAPID LOG4SHELL RESPONSE 1-PAGE CHECKLIST ” to begin immediate actions to tackle this issue.  In that 1-pager, I provide concise guidance to get started quickly.   However, for medium and larger sized companies, this approach might not be enough , although it is a great and immediate start.   Simply patching alone will likely not meet the expectations in the case of the Log4J / Log4Shell vulnerabilities, if there is a breach.  A more comprehensive approach is required to reduce risk.  I’ve therefore put this playbook together to help go above and beyond just a patching-based approach and hope it proves useful.   My goal was to provide something that would help ensure a high enough level of due diligence for risk reduction of this issue.   In this article I’ll provide a TEAM 2 PLAYBOOK o

Slay the Log4Shell Dragon Part 2A - TEAM 1 -  Immediate Protection and Detection Struggling with how to tackle the Log4J / Log4Shell Dragon and low on resources? First, start with my “ RAPID LOG4SHELL RESPONSE 1-PAGER - 8 STEP CHECKLIST ” to begin immediate actions to tackle this issue.  In that 1-pager, I provide concise guidance to get started quickly.  However, for medium and larger sized companies, this approach might not be enough, although it is a great and immediate start.   Simply patching alone will likely not meet the expectations in the case of the Log4J / Log4Shell vulnerabilities, if there is a breach.  A more comprehensive approach is required to reduce risk.  I’ve therefore put this playbook together to help go above and beyond just a patching-based approach and hope it proves useful.   My goal was to provide something that would help ensure a high enough level of due diligence for risk reduction of this issue.   In this article I’ll provide a TEAM 1 PLAYBOOK of recomm