7MS #464: Interview with Christopher Fielder of Arctic Wolf
7 Minute Security22 Apr 2021

7MS #464: Interview with Christopher Fielder of Arctic Wolf

Today our friend Christopher Fielder of Arctic Wolf joins us on the show again (check out his first appearance in episode #444 - this time to talk about the security journey, and how to start out in your "security diapers" and mature towards a stronger infosec program. Specifically, we talk about:

  • When the company has one person in charge of IT/security, how can you start taking security seriously without burning this person out? First, it's probably a good idea to take note of what you have as far as people, tools and technology to help you meet your security goals.

  • Early in this process, you should inventory what you have (see CIS controls) so you know what you need to protect. A few tools to help you get started:

  • As you go about any phase of your security journey, don't ever think "I'm good, I'm secure!"

  • Quarterly/yearly vulnerability scans just won't cut it in today's threat landscape - especially your external network. Consider scanning it nightly to catch show-stoppers like Hafnium early)

  • Limiting administrative privileges is SUPER important - but don't take our word for it, check out this report from Beyond Trust for some important stats like "...enforcing least privilege and removing admin rights eliminates 56% of critical Microsoft vulnerabilities."

  • Install LAPS, because if an attacker gets local admin access everywhere, that's in many ways just as good as Domain Admin!

  • Train your users on relevant security topics. Then train them again. Then....again. And after that? Again.

  • There are many ways to conduct tabletop exercises. They don't have to be crazy technical. Start with the internal tech teams, practice some scenarios and get everybody loosened up. Then add the executives to those meetings so that everybody is more at ease.

  • How do you know when it's time to ask for help from an outside security resource?

  • Not sure what kind of shape your company's security posture is in? Check out Arctic Wolf's free security maturity assessment.

Avsnitt(684)

7MS #155: Million Dollar Pentest Idea, Notepad Tricks and LL Bean Jackets for Dogs

7MS #155: Million Dollar Pentest Idea, Notepad Tricks and LL Bean Jackets for Dogs

Here are the show notes for today: https://7ms.us/7ms-155-million-dollar-pentest-idea-notepad-tricks-and-ll-bean-jackets-for-dogs/

16 Feb 20169min

7MS #154: Friday Infosec News and Links Roundup

7MS #154: Friday Infosec News and Links Roundup

Episode show notes are here: https://7ms.us/7ms-154-friday-infosec-news-and-links-roundup/.

12 Feb 201613min

7MS #153: OFF-TOPIC - Ex Machina (and special musical guest)

7MS #153: OFF-TOPIC - Ex Machina (and special musical guest)

Today's episode is a movie review of Ex Machina (how the FRICK do you pronounce that?) and closes out with special musical guest, Sweet Surrender!

10 Feb 201611min

7MS #152: Review of the Almond 2015 Wireless Router

7MS #152: Review of the Almond 2015 Wireless Router

This is a mini-review of the Almond 2015 router by Securifi. This is NOT a paid advertisement or endorsement. I just happen to REALLY like this little router.

8 Feb 201610min

7MS #151: Friday Infosec News and Links Roundup

7MS #151: Friday Infosec News and Links Roundup

Here are some of my favorite stories and links for this week! Training opportunities NMAP course from Udemy - $24 for a limited time (I think) How to handle the the thoughtless compliance zombie hordes - by BHIS is coming up Tuesday February 16th from 2-3 ET. The price is free! Pivot Project touts itself as "a portfolio of interesting, practical, enlightening, and often challenging hands-on exercises for people who are trying to improve their mastery of important cybersecurity skills. News It is absurdly easy for attackers to destroy your Web site in 10 minutes. Secure your home network better using advice from the SANS Ouch! newsletter. Chromodo (part of Comodo's Internet Security)disables same-origin policy which basically disables Web security. Wha?! Virus total now looks at firmware images as well. We can soon wave goodbye to Java in the browser forever!. Kinda. Tools Here's a nice SSL/TLS-checking checklist for pentesters. Kali is moving to a rolling release configuration pretty soon. Update yours before April 15!

5 Feb 201611min

7MS #150: OFF-TOPIC-Bone Tomahawk / Goodnight Mommy / Comedy Loves Misery

7MS #150: OFF-TOPIC-Bone Tomahawk / Goodnight Mommy / Comedy Loves Misery

Preview16 wordsIn today's off-topic episode I review the following movies: Bone Tomahawk Goodnight Mommy Misery Loves Comedy

3 Feb 201610min

7MS #149: Securing Your Life - Part 3

7MS #149: Securing Your Life - Part 3

This episode continues the series on securing your life - making sure all the security stuff related to your life is in order. Today we're particularly focusing on preparing to travel. What if (God forbid) the plane goes down? Who has access to your money, passwords, etc.?

1 Feb 20168min

7MS #148: OFF-TOPIC - Apple Watch Review

7MS #148: OFF-TOPIC - Apple Watch Review

Yep, there are tons of people/blogs/magazines/children/pets who have provided reviews of the Apple Watch. This is mine.

28 Jan 20169min

Populärt inom Politik & nyheter

p3-krim
svd-dokumentara-berattelser-2
rss-krimstad
flashback-forever
olyckan-inifran
rss-viva-fotboll
aftonbladet-daily
rss-vad-fan-hande
svenska-fall
rss-sanning-konsekvens
krimmagasinet
rss-expressen-dok
motiv
fordomspodden
svd-nyhetsartiklar
dagens-eko
rss-frandfors-horna
blenda-2
spar
spotlight