7MS #464: Interview with Christopher Fielder of Arctic Wolf
7 Minute Security22 Apr 2021

7MS #464: Interview with Christopher Fielder of Arctic Wolf

Today our friend Christopher Fielder of Arctic Wolf joins us on the show again (check out his first appearance in episode #444 - this time to talk about the security journey, and how to start out in your "security diapers" and mature towards a stronger infosec program. Specifically, we talk about:

  • When the company has one person in charge of IT/security, how can you start taking security seriously without burning this person out? First, it's probably a good idea to take note of what you have as far as people, tools and technology to help you meet your security goals.

  • Early in this process, you should inventory what you have (see CIS controls) so you know what you need to protect. A few tools to help you get started:

  • As you go about any phase of your security journey, don't ever think "I'm good, I'm secure!"

  • Quarterly/yearly vulnerability scans just won't cut it in today's threat landscape - especially your external network. Consider scanning it nightly to catch show-stoppers like Hafnium early)

  • Limiting administrative privileges is SUPER important - but don't take our word for it, check out this report from Beyond Trust for some important stats like "...enforcing least privilege and removing admin rights eliminates 56% of critical Microsoft vulnerabilities."

  • Install LAPS, because if an attacker gets local admin access everywhere, that's in many ways just as good as Domain Admin!

  • Train your users on relevant security topics. Then train them again. Then....again. And after that? Again.

  • There are many ways to conduct tabletop exercises. They don't have to be crazy technical. Start with the internal tech teams, practice some scenarios and get everybody loosened up. Then add the executives to those meetings so that everybody is more at ease.

  • How do you know when it's time to ask for help from an outside security resource?

  • Not sure what kind of shape your company's security posture is in? Check out Arctic Wolf's free security maturity assessment.

Avsnitt(683)

7MS #130: Sqlmap and Sqlninja FTW

7MS #130: Sqlmap and Sqlninja FTW

This episode talks about some fun I had using sqlmap, and how using it in conjunction with Sqlninja makes me happy to be alive.

29 Dec 20157min

7MS #129: Embarrassing Stories

7MS #129: Embarrassing Stories

In this episode I talk about face-planting in my office at the first job I had out of college.

27 Dec 20158min

7MS #128: Transparency is King

7MS #128: Transparency is King

In this episode, I talk about a restaurant infosec assessment I did, and how the recommendations coming out of that assessment didn't fit the standard "mold." I also talk about how being transparent and helpful - and NOT billing clients for every tiny little thing - is king.

27 Dec 20159min

7MS #127: Intro to HIPAA Assessments

7MS #127: Intro to HIPAA Assessments

This episode covers a few HIPAA tidbits I picked up while preparing for - and executing - a HIPAA security assessment.

27 Dec 20159min

7MS #126: Get Your Name Out There

7MS #126: Get Your Name Out There

This episode isn't about infosec exactly, but it talks about how using public resources like LinkedIn, Twitter and blogs to boost your "brand" (though I hate that word) and help you get more connected to the infosec community, job leads and more!

24 Dec 20158min

7MS #125: Securing Your Life-Part 2

7MS #125: Securing Your Life-Part 2

Way back in episode #93, I talked about things you can do to secure your life (mortgage review, adequate insurance, estate planning, investments, etc.). This episode continues that train of thought and covers: getting the right amount of life insurance, getting the right home/auto coverage, as well as estate planning.

23 Dec 20157min

7MS #124: Sprinkles

7MS #124: Sprinkles

This episode is 90% a rant about how annoying carry-on luggage and air travel can be, and a 10% sprinkling of security sauce mixed in. Hence: sprinkles.

23 Dec 20158min

7MS #123: Doing a Redo Assessment

7MS #123: Doing a Redo Assessment

This episode talks about my experience in doing a "redo" security assessment, during which I struggled with the following questions: what's the best way to efficiently correct the erroneous information and make the customer happy without asking ALL the original questions over again? Especially when I have little to no time to prepare for the "redo" interview?

22 Dec 20159min

Populärt inom Politik & nyheter

p3-krim
svd-dokumentara-berattelser-2
rss-krimstad
flashback-forever
rss-vad-fan-hande
aftonbladet-daily
rss-viva-fotboll
olyckan-inifran
rss-sanning-konsekvens
svenska-fall
krimmagasinet
fordomspodden
motiv
rss-expressen-dok
rss-frandfors-horna
dagens-eko
blenda-2
svd-nyhetsartiklar
spar
spotlight