7MS #464: Interview with Christopher Fielder of Arctic Wolf
7 Minute Security22 Huhti 2021

7MS #464: Interview with Christopher Fielder of Arctic Wolf

Today our friend Christopher Fielder of Arctic Wolf joins us on the show again (check out his first appearance in episode #444 - this time to talk about the security journey, and how to start out in your "security diapers" and mature towards a stronger infosec program. Specifically, we talk about:

  • When the company has one person in charge of IT/security, how can you start taking security seriously without burning this person out? First, it's probably a good idea to take note of what you have as far as people, tools and technology to help you meet your security goals.

  • Early in this process, you should inventory what you have (see CIS controls) so you know what you need to protect. A few tools to help you get started:

  • As you go about any phase of your security journey, don't ever think "I'm good, I'm secure!"

  • Quarterly/yearly vulnerability scans just won't cut it in today's threat landscape - especially your external network. Consider scanning it nightly to catch show-stoppers like Hafnium early)

  • Limiting administrative privileges is SUPER important - but don't take our word for it, check out this report from Beyond Trust for some important stats like "...enforcing least privilege and removing admin rights eliminates 56% of critical Microsoft vulnerabilities."

  • Install LAPS, because if an attacker gets local admin access everywhere, that's in many ways just as good as Domain Admin!

  • Train your users on relevant security topics. Then train them again. Then....again. And after that? Again.

  • There are many ways to conduct tabletop exercises. They don't have to be crazy technical. Start with the internal tech teams, practice some scenarios and get everybody loosened up. Then add the executives to those meetings so that everybody is more at ease.

  • How do you know when it's time to ask for help from an outside security resource?

  • Not sure what kind of shape your company's security posture is in? Check out Arctic Wolf's free security maturity assessment.

Jaksot(718)

7MS #301: CredDefense

7MS #301: CredDefense

Intro CredDefense is a freakin' sweet tool from the fine folks at Black Hills Information Security that does some really nifty things: Password filter Lets say you use the out-of-the-box password poli...

15 Maalis 201815min

7MS #300: Windows System Forensics 101 - Part 2

7MS #300: Windows System Forensics 101 - Part 2

In today's continuation of last week's episode I'm continuing a discussion on using free tools to triage Windows systems - be they infected or just acting suspicious. Specifically, those tools include...

9 Maalis 201816min

7MS #299: Windows System Forensics 101

7MS #299: Windows System Forensics 101

I had the privilege of creating a Windows System Forensics 101 course/presentation for a customer. The good/bad news is there is so much good information out there, it's hard to boil things down to ju...

28 Helmi 201810min

7MS #298: How to Succeed in Business Without Really Crying - Part 2

7MS #298: How to Succeed in Business Without Really Crying - Part 2

Last week I talked about how business has been going with the LLC. Today I answer some additional questions that I didn't have time to address: How I'm finding leads/projects to work on (TLDR: I'm N...

15 Helmi 201817min

7MS #297: How to Succeed in Business Without Really Crying

7MS #297: How to Succeed in Business Without Really Crying

Intro Here's some of the "juice" that has helped 7MS have a successful start: Support system Ok so I think if you're going to have a successful business, you need an awesome support system. Mine consi...

8 Helmi 201816min

7MS #296: WEFFLES - Windows Event Logging Forensic Logging Enhancement Services

7MS #296: WEFFLES - Windows Event Logging Forensic Logging Enhancement Services

WEFFLES are delicious! WEFFLES stands for Windows Event Logging Forensic Logging Enhancement Services and is Microsoft's cool (and free!) console for responding to incidents and hunting threats. I had...

1 Helmi 201814min

7MS #295: Interview with Kevin Keane

7MS #295: Interview with Kevin Keane

Today I'm excited to be joined by my friend and advisor Kevin Keane (Twitter / LinkedIn) who is a lawyer, blogger, keynote speaker, business advisor, and just all around great guy. Kevin and I sit dow...

25 Tammi 201859min

7MS #294: GDPR Me ASAP

7MS #294: GDPR Me ASAP

GDPR in a nutshell GDPR, in a nutshell, is a set of legal regulations focused on the privacy of personal information for EU citizens - no matter where they are. Entities that store and/or process pers...

18 Tammi 201811min

Suosittua kategoriassa Politiikka ja uutiset

uutiscast
aikalisa
ootsa-kuullut-tasta-2
politiikan-puskaradio
rss-ootsa-kuullut-tasta
rss-pinnalla
tervo-halme
rss-podme-livebox
rss-asiastudio
aihe
rss-vaalirankkurit-podcast
otetaan-yhdet
et-sa-noin-voi-sanoo-esittaa
rss-girls-finish-f1rst
the-ulkopolitist
radio-antro
rss-mina-ukkola
rss-ulkopoditiikkaa
rss-pallo-keskelle-2
viisupodi