Stuck in Traffic – Cloud Asset Inventory

Security begins with an inventory. Our organization uses a thousand cloud apps. Our CIO thinks we use fifty. So that’s a thing.

Watch more videos on my YouTube channel.

Suppose we engage a vendor in a proof of concept. It’s for anti-spam, perhaps, or for intrusion detection. We put it in-line with our existing solution. And, shock! It finds something risky. Always. Why is this?

Watch more videos on my YouTube channel.

The pros and cons of black box and white box penetration testing.

Watch more videos on my YouTube channel.

Take two of everything. But still. The criminals break in. Why? Because defense in depth isn’t geared towards the criminal’s objectives and tactics.

Watch more videos on my YouTube channel.

A case study in phishing, using fake emails from Delta, fake receipts in Word documents with Macros, PowerShell exploits, and keylogging money-stealing malware.

Watch more videos on my YouTube channel.

Paintball without bullets is a lot like securing IT without products. There’s things we can do to succeed.

Watch more videos on my YouTube channel.

What does application development, manufacturing, and physical security have in common? They are easier to secure by following one of the Seven Habits.

Watch more videos on my YouTube channel.

When and how to define security requirements for logging.

Watch more videos on my YouTube channel.

The Columbia Sportswear security incident surprises hackers and hikers alike. Today, we’ll talk thru the attack path. Monitoring and alerting on non-owner mailbox access, the way to detect this incident, will also be discussed. After all, few people hike and even fewer people monitor mailbox access.

Watch more videos on my YouTube channel.

https://youtu.be/-9uO2_CZuwE

Some ideas on rule naming have been percolating, and here are my current thoughts.

Watch more videos on my YouTube channel.