mRr3b00t’s little blog about the Cyberz and getting into…

Where to start!

Everyone loves talking about how to get into Cyber! It’s like the cliché thing to talk about! Hell, there’s people who have been in jobs for minutes writing guides, It’s odd… my advice, gardening! Seriously you will see the outside, will learn skills that are useful and keep physically fit! Wait you still want to cyber? You sure? Ok there’s some super awesome fun parts of cyber, not going to lie, it sounds super cool! What do you do? I’m a CYBER! See cool AF!

Cyber Security in a business environment

“You will respect my authority” … is a sure fast way to be ignored in the business world!

Much like gatekeeping, excessive focus on policies, lack of engagement with the audience and generally mandating security policies and procedures that are not practical will likely not end with a robust, resilient security posture. Read more “Cyber Security in a business environment” →

Supplier Assurance Tools

Do they replace the need for OSINT and Supplier engagement?

I’ve been conducting sales and assurance-based activities for some while (I’m not counting it will make me feel old!) and I have started looked at a range of supplier management tools which leverage tool-based OSINT, attack surface mapping and manual data inputs and I have to say this:

Read more “Supplier Assurance Tools” →

Cyber Insurance: How would I decide to buy it…

Is Cyber Insurance right for you?

Wow a big question, right? I can’t answer this for you, obviously I’d recommend that you consider cyber insurance, however I’d also recommend that you:

Understand your business and it’s supply chain with regards to financials and linkages to cyber risk
Understand your current cyber asset, threat, vulnerability and therefore risk landscape
Ensure you have a good understanding to make informed decisions

I’m not going to write lots this evening on the subject, but I was reviewing a report and thought in line with some research that I started recently (but was side-tracked) and then have seen the report so purchased that instead! (Sometimes it’s easier to not do everything yourself right!)

Vulnerability Management Concerns by Role Type

Have you ever thought about what kind of data/intelligence you may need with regards to vulnerability management? It tends to vary at levels of abstraction based on the audiance, but don’t think the person doing the patching may not be considernig upwards or that someone in a C level position won’t care about the zeros and ones (life doesn’t work that way!)

Anyway I was talking to a friend and came up with these so thought I’d share them with the world. Have I done a decent job? can you think of others? How do you measure and report? What are your concerns?

Let’s take a look at what I came up with (this wasn’t a very long time in the making 😉 )

UK NCSC Active Cyber Defence (ACD)

Defending a single server is often far more complex than people apreciate, defending a single organisation is significantly harder than a single server, defending a country… a much more complex challenge than I think people actually realise.

What is ACD?

According to the NCSC:

The aim of ACD is to “Protect the majority of people in the UK from the majority of the harm caused by the majority of the cyber attacks the majority of the time.” We do this through a wide range of mechanisms, which at their core have the ability to provide protection at scale.
ACD is intended to tackle the high-volume commodity attacks that affect people’s everyday lives, rather than the highly sophisticated and targeted attacks, which NCSC deal with in other ways.
UK NCSC

NCSC Active Cyber Defence

What is included?

The UK NCSC offer and run a range of Active Cyber Defence capabilities which include the following:

Board Level Security Metrics

Everyone always asks what are the best security metrics to have? The answer is simple to me, use metrics that are valuable to your business governance and decision-making processes! Easy right.

Not so easy in real life right!

Pew Pew Maps – Cool graphics bro

Ever want to be MORE cyber? Need to impress the board? Want to look 1337 AF? Worry not we have your back! Here is a collection of CYBER MAPS to project on your wall mounted displays!

Cyber Leadership

Myth: you must be a “techie” to lead in the CYBERS

Ok so you might be sitting here going… but Dan you send pews and do “techy” stuff… do you not lead? Well, I mean I do all kinds of things, I write business cases, I play with spreadsheets (fun right!), I integrate systems and look at data and sometimes write really bad code! (hey, the pews aren’t going to send themselves!) but… I want to talk about some realities here.

CYBER CYBER CYBER – What cyber means for the…

I’m sitting here drinking a cup of tea and thought I’d jot down some of the things I tend to think about. I figured this might help people consider aspects of “cyber” that they might not have considered before.