_gaq.push(['_setAccount', 'UA-35754314-2']); _gaq.push(['_setDomainName', 'securityeverafter.com']); _gaq.push(['_trackPageview']); Security Ever After: June 2018 var _gaq = _gaq || []; (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })();

Friday, June 22, 2018

Creative Hiring From Non-Traditional Places

The lead story in the SANS NewsBites from today was "White House/DHS Announce New Cyber Skills Pipeline Initiative.” The two statements below caught my attention.
1 - “The Federal Government struggles to recruit and retain cybersecurity professionals due to a shortage of talent along with growing demand for these employees across the public and private sectors.”
2 - “As agencies prioritize their cyber workforce needs, they will likely need to adopt innovative hiring techniques to ensure the best and brightest cyber talent can seamlessly enter the Federal Government.”
With the cybersecurity talent shortage, we must get creative in where we look to fill our open cybersecurity positions. Many years ago a good friend in the Human Resources department gave me the advice to hire character and train skills. For many years I have experienced success in finding team members from non-traditional areas and then sending them to learn our craft. A couple of examples include Fraud and Abuse, Help Desk and Network Operations. I found it interesting to learn from them how their former departments operate as well as learning firsthand how their department viewed the information security program. Yes, it pays to have thick skin.
From what non-traditional areas have you found talented members to join your information security team?

Saturday, June 9, 2018

What Systems Keep You Effective?

I recently posted the below on the SANS Internet Storm Center.

Previously I discussed What’s On Your Not To Do List as a means to remain focused on priorities. I never fear running out of work in cybersecurity. Instead, I worry that our focus does not always stay on the most critical issues. Today I want to highlight several techniques I use to help remain effective.

Saying no
    Over and over again
    No can be a complete sentence
    Opportunity cost associated with time spent on other items

Calendar Margin
    Create space for unexpected tasks
    Make appointments for what matters most
Goal tracking system
    As an achiever, I enjoy checking items off my "to do” list
    Evernote as a repository to hold ideas for future research
    Keep from cluttering up my brain

    Found tremendous value in weekly reviews
    Focus on what I accomplished
    And what needs even more focus

Each of these tactics serves to help keep me focused on what matters most. What hacks do you use to stay effective throughout your busy day? Let us know in the comments section!

Russell Eubanks

Saturday, June 2, 2018

Is Your SOC Flying Blind?

I recently posted the below on the SANS Internet Storm Center.

Can you imagine being pleased to learn that the pilot of your next flight had anything less than full visibility into the operation of the next airplane you board? Why would you settle for anything less for your Security Operations Center (SOC)? How long can your you stand for your SOC team to not know there is a problem in your environment? 
When building a SOC several years ago, I recall making screens ready in the event of an unexpected, yet necessary VIP tour. The intent of these is to impress those dignitaries by displaying cool things that are happening on your network. After you have finished impressing your VIPs, what actionable information should be displayed in your SOC to help them respond to threats in your environment?
Consider spending time this week ensuring your SOC wall is populated with meaningful screens that add value to your SOC by asking these questions.
  • Which security controls are not sending data to your SOC?
  • Would your SOC know when your most critical systems stopped sending their logs?
  • What is the baseline of traffic volume in and out of your sensitive network zones?
  • What is the health status of your security agents?
Share what you find valuable on your SOC wall!

Russell Eubanks

Learn more at the upcoming SOC Summit!