Since I don’t have a single topic to write about I figure some thoughts, ideas and endorsements/suggestions would be a nice change of pace.
I have to wonder at what point we reach oversaturation on data breaches (if we haven’t already) to the point where people shrug their shoulders and go meh. I have to think we are close, especially in a month where we have had Equifax, Deloitte, and Whole Foods announcing they have been popped. I also have to wonder when we will stop jumping the gun on attribution, as it tends to make the whole industry look like we do not know what we are talking about. Wait till we have enough facts to do things proper.
Along the same lines as the attribution situation, I have really started to notice how many people bitch about a problem, say passwords, but offer no ideas on how to fix the problem. Passwords for example, I will hear MFA(or 2FA) as the solution, but what are the multiple factors then? Again, it is easy to bitch about something, but much harder to offer a viable solution, especially one that can be adopted by the every day person.
I want to give a great shout out to the Brakeing Down Security Podcast and Slack for it. I had done a 6 week Powershell for DFIR training class through the group, and found it awesome (they got Mick Douglas to teach it). The Slack has many channels in it for chatting about different aspects of the infosec Community including a Jobs Board, career advice area, powershell, Malware, and much more. Bryan Brake, Amanda Berlin, and Brian Boettcher put out a fantastic security focused podcast. I highly recommend listening to it. Also there is the Book Club in the Slack which right now is covering “Cyber Operations: Building, Defending, and Attacking Modern Computer Networks”. We do a live voice chat every other week on the chapter(s) decided on prior. The live chat this week made me realize how much about Active Directory I actually do know, and how much I still have left to learn (Azure, Federated Services and more).
Those in the Chicago area or those visiting, Burbsec is still going strong. 4 different locations, a different one each week. Burbsec East just changed where it is being located and the first night at the new venue went fantastic. Come on out and be social with us!
That covers this randomness, have a great day!