7MS #531: Interview with Christopher Fielder and Eugene Grant of Arctic Wolf
7 Minute Security1 Aug 2022

7MS #531: Interview with Christopher Fielder and Eugene Grant of Arctic Wolf

Today we're joined by some of our friends at Arctic Wolf - Eugene Grant and Christopher Fielder - to talk about compliance. Now hold on - don't leave yet! I know for many folks, compliance makes them want to bleach their eyeballs. But compliance is super important - especially because it is not the same as being secure. So we discuss the differences between security and compliance, and practical work we can do to actually be more compliant and secure, including:

  • Knowing what you have (assets, installed software, etc.) - Rumble is a cheap/free way to find out!
  • Creating core policies and procedures that you will actually follow
  • Learning about security frameworks that will help you build a security program from scratch
  • Preparing for your first (or next) pentest. Tools like PingCastle and BloodHound can help find hacker low-hanging fruit!
  • Knowing where your crown jewels are - be that data, a database, a key system, etc.
  • Writing critical documentation - especially backup/restore procedures.
  • Forming a security "dream team" to help drive your program
  • Asking the right security maturity questions at your next job interview (so you don't get hired into a dumpster fire!)

P.S. this is Christopher's sixth time on the program. Be sure to check out his first, second, third, fourth and fifth interviews with 7MS.

Episoder(683)

7MS #11: Overtraining your iPhone Touch ID (video)

7MS #11: Overtraining your iPhone Touch ID (video)

In this episode I totally throw my subscribers for a loop and do a VIDEO podcast about overtraining your Touch ID on your iPhone. Download: 7MS #11: Overtraining your iPhone Touch ID (video) Show notes: I first read about this from Steve Gibson of GRC at https://www.grc.com/sn/sn-440.htm. But I was listening to the audio-only version…

12 Apr 20143min

7MS #10: Information Security for the Whole Family – part 2 (audio)

7MS #10: Information Security for the Whole Family – part 2 (audio)

In this episode I talk more about some infosec-y things I’m doing on the home front to nurture a security culture (if you will) with my wife and kids. Download: Episode 10: Information Security for the Whole Family – part 2 (audio) Show notes: If you have kids and are considering a tablet for them,…

5 Apr 20147min

7MS #9: Information Security for the Whole Family (audio)

7MS #9: Information Security for the Whole Family (audio)

In this episode I talk about how being an infosec guy has ruined my family’s life (well, not really) Download: Episode 9: Information Security for the Whole Family (audio) Show notes: To keep peace in your household, I’d recommend making sweeping network changes when your family members aren’t around (i.e. changing the wifi password :-)…

29 Mar 20147min

7MS #8: CISSP – Is That the Cert for Me? (audio)

7MS #8: CISSP – Is That the Cert for Me? (audio)

In this episode I talk about my experience prepping for the CISSP exam. Download: Episode 8: CISSP – Is That the Cert for Me? (audio) Show notes: I used this book as my primary study tool. It comes with a whole slew of companion materials like a pre-assessment test, flashcards and 3 full practice exams.…

22 Mar 20147min

7MS #7: External Vulnerabilities that Byte (audio)

7MS #7: External Vulnerabilities that Byte (audio)

Episode lucky #7!!! In this episode I talk about external network vulnerabilities that we see in many of our assessments – some of which are pretty easy to clear up. Download: Episode 7: External Vulnerabilities that Byte (audio) Show notes: RC4 – a risk that we find just about anywhere SSL is used, but in…

15 Mar 20147min

7MS #6: Fun Firewall Rules – part 2 (audio)

7MS #6: Fun Firewall Rules – part 2 (audio)

In this episode I continue talking about some basic firewall rules that many organizations don’t have in place. Download: Episode 6: Fun Firewall Rules – part 2 (audio) Show notes: Limit outbound DNS requests to just the ISP servers (or whatever external servers you use). Anytime a firewall rule is changed, perform a vulnerability scan…

8 Mar 20147min

7MS #5: Fun Firewall Rules – part 1 (audio)

7MS #5: Fun Firewall Rules – part 1 (audio)

In this episode I talk about some basic firewall rules that many organizations don’t have in place. Download: Episode 5: Fun Firewall Rules – part 1 (audio) Show notes: Block outbound port TCP 25 for all devices except your mail server(s). If you use a third party mail filter like Postini or Securence, ensure that…

1 Mar 20147min

7MS #4: Patch Strategies: Part Deux (audio)

7MS #4: Patch Strategies: Part Deux (audio)

In this episode I continue talking about some dos and donts of patch strategies – this time talking about enterprise level gear. Download: Episode 4: Patch Strategies: Part Deux (audio) Show notes: There are often two trains of thought in regards to enterprise gear patching (like routers, switches, firewalls). 1. If it ain’t broke, don’t…

22 Feb 20146min

Populært innen Politikk og nyheter

giver-og-gjengen-vg
aftenpodden
aftenpodden-usa
forklart
stopp-verden
popradet
nokon-ma-ga
dine-penger-pengeradet
fotballpodden-2
det-store-bildet
aftenbla-bla
e24-podden
unitedno
rss-penger-polser-og-politikk
rss-ness
rss-fredrik-og-zahid-loser-ingenting
bt-dokumentar-2
rss-borsmorgen-okonominyhetene
oppdatert
skartveit