Posts

Keys to Working Smarter Not Harder in Cybersecurity Part 5 of 5

Image
Welcome to the last in the series - part 5 of a  discussion about working smarter not harder in cybersecurity.   We'll look at: How to tackle the huge tasks with bite-sized chunks and baby steps  What to do instead of trying to defend everything despite competing priorities Baby Steps and less is more  It’s been said that a long journey begins with a single step.  It’s also been said that to eat a large steak, you have to do it one bite at a time.  Remember the movie “What About Bob?”  Baby steps folks.  Small incremental progress in important things like low-hanging fruit is key.   A “Less is More” philosophy should be a basis of a better approach in cybersecurity.  Also, “try softer” rather than “try harder” is another important strategy.  Trying too hard usually ends up backfiring and causes too much friction.  All of these things are behavioral patterns on the human and process side of things.   For example, why try to implement 30 items in a  STIG checklist  when the attack to

Keys to Working Smarter Not Harder in Cybersecurity Part 4 of 5

Welcome to Part 4 in our discussion about working smarter not harder in cybersecurity. Let's talk more about perfectionism and how it neglects the immediate issues.  This thinking must be broken and we must avoid “worst-case” and “just-in-case” thinking.  All of these are detrimental to achieving security as soon as it should be achieved.  There is some urgency to achieve things in the immediate. Pursuit of perfection fallacy and neglecting the immediate At the heart of older ways of thinking is “pursuing the perfect, at the expense of the good”.  Compare this also to “a good plan today is better than a perfect plan tomorrow”.  Speed and time are of the essence in cybersecurity.   Pursuing perfection hinders progress to address today’s immediate threats in favor of trying to do things perfectly for tomorrow.  Focus on today just as much as tomorrow, because Ransomware could come suddenly and massively. Some companies pursue 10 projects simultaneously, and complete none of them.  So

Keys to Working Smarter Not Harder in Cybersecurity Part 3 of 5

Welcome to Part 3 in this series about keys to working smarter not harder in cybersecurity. In this article we'll look at unrealistic tendencies, how MITRE ATT&CK can help if used correctly, and how the nature of cyberspace has evolved from a prevention-centric approach. Unrealistic tendencies  Older ways of thinking about cybersecurity and the nature of cyber fail to understand how interconnected threats and attack chains work.  Prevention items are often looked at in isolation rather than as links in an attack chain.   As it has been said, defenders often think in lists, and attackers think in graphs.  Defenders like to believe doing all things on a checklist will achieve success.  But everything on the checklist has a potential bypass.   All it takes is the weakest link in the chain - and there are many - for an attacker to achieve success.  This is where defense in depth – the right way – must be achieved.  There are some errors of judgment that can be made in this area as

Keys to Working Smarter Not Harder in Cybersecurity Part 2 of 5

Welcome to part 2   in this series about keys to working smarter not harder in cybersecurity.   In case you missed it, in part 1 I talked about about the importance of  understanding the nature of cyber and how to start focusing on what's most important.     Let's look at some other key points here: Things get worse - and they always will - what you need to do about this starting now How cybersecurity is not a static process or journey but a dynamic and continuous one The fallacy of views such as "once and done" Who has the time for so much today? Why would anyone, knowing the true nature of cyber, write 100 pages of cybersecurity guidance that alone takes years to update, and is practically obsolete by the time it’s completed?  Many long policy documents by government organizations are written this way still.  They are not focused on speed of implementation or precision. I believe it is because those writing such lengthy documents still believe that thoroughness is k

Keys to Working Smarter Not Harder in Cybersecurity Part 1 of 5

Image
This is a 5-part series raises critical points regarding crucial modern strategies in cybersecurity.  This involves working smarter not harder and escaping older ways of thinking and doing.  The time has come to stop hitting a brick wall in cyber defense.   I'll present you with some wisdom based on many years in the field, to help you be more effective in cybersecurity.  This starts with thinking about things in the right way.  It includes things such as the futility of "doubling efforts" and "spending more time" on things - despite what others might tell you and despite hundreds of checklist items that entice you to do so.  Less in more. The old and out-dated approaches to cybersecurity might have worked for 1999 and maybe even 2009, but they absolutely no longer scale today.  Worse, they will not ever scale in the future, so things much change right now.  Let's first look at: The fallacy of only working hard and how it can now get us into trouble How cybe

Slay the Log4Shell Dragon TEAM 2 - Hunt and Detect Attacks Playbook

Image
Slay the Log4Shell Dragon Playbook TEAM 2 – Hunt and Respond Playbook Struggling with how to tackle the Log4J / Log4Shell Dragon and low on resources? First, as I've said before, start with my “ RAPID LOG4SHELL RESPONSE 1-PAGE CHECKLIST ” to begin immediate actions to tackle this issue.  In that 1-pager, I provide concise guidance to get started quickly.   However, for medium and larger sized companies, this approach might not be enough , although it is a great and immediate start.   Simply patching alone will likely not meet the expectations in the case of the Log4J / Log4Shell vulnerabilities, if there is a breach.  A more comprehensive approach is required to reduce risk.  I’ve therefore put this playbook together to help go above and beyond just a patching-based approach and hope it proves useful.   My goal was to provide something that would help ensure a high enough level of due diligence for risk reduction of this issue.   In this article I’ll provide a TEAM 2 PLAYBOOK o

Slay the Log4Shell Dragon TEAM 1 - Protect and Detect Vulns Playbook

Image
Slay the Log4Shell Dragon Part 2A - TEAM 1 -  Immediate Protection and Detection Struggling with how to tackle the Log4J / Log4Shell Dragon and low on resources? First, start with my “ RAPID LOG4SHELL RESPONSE 1-PAGER - 8 STEP CHECKLIST ” to begin immediate actions to tackle this issue.  In that 1-pager, I provide concise guidance to get started quickly.  However, for medium and larger sized companies, this approach might not be enough, although it is a great and immediate start.   Simply patching alone will likely not meet the expectations in the case of the Log4J / Log4Shell vulnerabilities, if there is a breach.  A more comprehensive approach is required to reduce risk.  I’ve therefore put this playbook together to help go above and beyond just a patching-based approach and hope it proves useful.   My goal was to provide something that would help ensure a high enough level of due diligence for risk reduction of this issue.   In this article I’ll provide a TEAM 1 PLAYBOOK of recomm