_gaq.push(['_setAccount', 'UA-35754314-2']); _gaq.push(['_setDomainName', 'securityeverafter.com']); _gaq.push(['_trackPageview']); Security Ever After var _gaq = _gaq || []; (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })();

Sunday, February 17, 2019

Resolve to Be More Involved In Your Local Community - REVISITED

It has been five years since I published my first Diary at the SANS Internet Storm Center on the topic of getting more involved in your local community. Now that January is almost over and those new year resolutions you made last month may or may not still be in place, I want to give you a few ideas that can ease your guilt and also serve as a catalyst to help your local community as well.
I serve on the board of a local non-profit organization that has many opportunities to volunteer. I decided to help by offering my technology and information security knowledge to them. I found that this benefits me because it allows me to assess their technology and security needs and provide them with relevant advice. I found the organization benefits by being exposed to ideas and best practices that they might otherwise not be able to afford. I discovered that the act of adding an appointment on my calendar helps me to plan this work. It also helps me to look forward to my time by intentionally collecting questions and ideas in advance of our next meeting.
Why does this matter? I am confident that you will not only feel good about yourself but also stretch yourself by being just a little more comfortable at being uncomfortable. The beneficiary of your expertise will also benefit by learning from what you already know and considering what it would look like to level up their information security posture. You can become more engaged in their local security community by being intentional about scheduling time to serve them. Developing this habit will ensure you are not only a consumer but a participant as well.

What one thing can you add to your calendar right now that will help both you and another organization?

Friday, June 22, 2018

Creative Hiring From Non-Traditional Places

The lead story in the SANS NewsBites from today was "White House/DHS Announce New Cyber Skills Pipeline Initiative.” The two statements below caught my attention.
1 - “The Federal Government struggles to recruit and retain cybersecurity professionals due to a shortage of talent along with growing demand for these employees across the public and private sectors.”
2 - “As agencies prioritize their cyber workforce needs, they will likely need to adopt innovative hiring techniques to ensure the best and brightest cyber talent can seamlessly enter the Federal Government.”
With the cybersecurity talent shortage, we must get creative in where we look to fill our open cybersecurity positions. Many years ago a good friend in the Human Resources department gave me the advice to hire character and train skills. For many years I have experienced success in finding team members from non-traditional areas and then sending them to learn our craft. A couple of examples include Fraud and Abuse, Help Desk and Network Operations. I found it interesting to learn from them how their former departments operate as well as learning firsthand how their department viewed the information security program. Yes, it pays to have thick skin.
From what non-traditional areas have you found talented members to join your information security team?

Saturday, June 9, 2018

What Systems Keep You Effective?

I recently posted the below on the SANS Internet Storm Center.

Previously I discussed What’s On Your Not To Do List as a means to remain focused on priorities. I never fear running out of work in cybersecurity. Instead, I worry that our focus does not always stay on the most critical issues. Today I want to highlight several techniques I use to help remain effective.

Saying no
    Over and over again
    No can be a complete sentence
    Opportunity cost associated with time spent on other items

Calendar Margin
    Create space for unexpected tasks
    Make appointments for what matters most
Goal tracking system
    As an achiever, I enjoy checking items off my "to do” list
    Evernote as a repository to hold ideas for future research
    Keep from cluttering up my brain

    Found tremendous value in weekly reviews
    Focus on what I accomplished
    And what needs even more focus

Each of these tactics serves to help keep me focused on what matters most. What hacks do you use to stay effective throughout your busy day? Let us know in the comments section!

Russell Eubanks

Saturday, June 2, 2018

Is Your SOC Flying Blind?

I recently posted the below on the SANS Internet Storm Center.

Can you imagine being pleased to learn that the pilot of your next flight had anything less than full visibility into the operation of the next airplane you board? Why would you settle for anything less for your Security Operations Center (SOC)? How long can your you stand for your SOC team to not know there is a problem in your environment? 
When building a SOC several years ago, I recall making screens ready in the event of an unexpected, yet necessary VIP tour. The intent of these is to impress those dignitaries by displaying cool things that are happening on your network. After you have finished impressing your VIPs, what actionable information should be displayed in your SOC to help them respond to threats in your environment?
Consider spending time this week ensuring your SOC wall is populated with meaningful screens that add value to your SOC by asking these questions.
  • Which security controls are not sending data to your SOC?
  • Would your SOC know when your most critical systems stopped sending their logs?
  • What is the baseline of traffic volume in and out of your sensitive network zones?
  • What is the health status of your security agents?
Share what you find valuable on your SOC wall!

Russell Eubanks

Learn more at the upcoming SOC Summit!