I had the opportunity to have a run in with an old colleague (he’s not old, we’ve just haven’t seen each out in a while) and we got to talking about everything that has been going on in our lives since we’ve parted and talk eventually made its way into the problems with not being […]
When Security Architecture Depends on Tribal Knowledge
There is a moment in almost every organization when someone says a phrase that sounds reassuring on the surface but I hope should make security leaders just a little uncomfortable: “Don’t worry, Mike knows how that works.” (no real Mike’s are used in today’s example). Mike I’m sure is a great guy, he’s been with […]
The Security Implications of Over-Automation
Not long ago I was in a conversation with a few other security leaders about automation. It started the way these conversations often do, someone mentioned how much faster their team was able to respond to alerts since implementing automated workflows. Another person talked about automatically isolating compromised endpoints upon alerts and someone else described […]
The Silent Risk of Inconsistent Time Synchronization
If you’ve been in any level of incident response, there is a moment in the conversation when someone asks a deceptively simple question: “When did this start?” It sounds like a straightforward request…after all, security teams collect logs, alerts, and telemetry from systems across the organization. We have dashboards, SIEMs and sometimes monitoring platforms that […]
Recent Comments