CISO Tradecraft®

After bad actors gain an initial foothold into an organization, they often use active directory attacks to gain administrative privileges.  On this episode of CISO Tradecraft, we discuss Active Directory.  You can learn what it is, how it works, common attacks used against it, and ways you can secure it.   References: Stealthbits Active Directory Attacks Wikipedia Active Directory Wikipedia Directory Service Wired Story on Not Petya CIS Hardened Images MS Domain Services  Mimikatz Kerberos Indeed Active Directory Job Listing Infographics:

You just got the news that the Cyber Organization is going to be audited.  Do you know what an audit is, how best to prepare for it, and how to respond to audit findings?  On this episode of CISO Tradecraft, we help you understand key auditing concepts such as: Audit Subject Audit Objective Vulnerability Threat Risk & Impact Audit Scope with Goals & Objectives Audit Plan Audit Response

Have you ever heard someone say our firewalls block this type of attack?  In this episode, you can increase your understanding of firewalls so it won’t just be another buzzword.  6 Basic categories of firewalls that we discuss on the show include:   Packet Filters focus on IP and port blocking  Stateful Inspection Firewall looks at active connections and consider context Network Address Translation Firewalls tools that allow private networks to connect to public ones and create secure enclaves Proxy Servers classify web traffic into topics that might be allowed or not allowed Web Application Firewalls block Web Application Attacks (SQL Injection,Cross Site Scripting, …) Next Generation Firewalls that try to do everything. References - sitereview.bluecoat.com Infographics:

On this episode of CISO Tradecraft you can learn all about Software Agents.  Specifically we discuss: What does an Agent do, Why is an Agent helpful, and the 7 common types of Software Agents you would expect to find in large IT organizations.  Also, if you stick to the end you can also learn about Secret Agents (ie Agentless).   7 Common Software Agents are: Endpoint Configuration Agents - Tools like Microsoft Endpoint Manager or SCCM Mobile Device Managers - Tools like Microsoft Intune or Google Endpoint Management Vulnerability Agents - Tools like Qualys or Nessus Antivirus Agents - Tools like McAfee or Symantec Endpoint Detection & Response Agents - Tools like Crowdstrike or Carbon Black Data Loss Prevention Agents - Tools like Forcepoint or GTB Technologies Privilege Access Management Agents - Tools like BeyondTrust or CyberArk

The Great Resignation is upon us, and if some of your top talent hasn't given you their notice, it may be happening soon.  Or not, depending on what you choose to do.  With plenty of time to contemplate options, people are quitting jobs at a record pace.  But wise leaders learn how to listen to their people's needs and desires, create a sense of purpose that motivates far beyond a paycheck, and creates a safe working space by allowing people to be human and make the occasional mistake.  Keep your IT Security team intact with these concepts and much more. For more great CISO content please subscribe to our LinkedIn Page Thank you for listening to CISO Tradecraft References: https://www.bls.gov/news.release/archives/jolts_06082021.pdf https://info.workinstitute.com/hubfs/2020%20Retention%20Report/Work%20Institutes%202020%20Retention%20Report.pdf https://www.npr.org/2021/10/22/1048332481/the-great-resignation-why-people-are-leaving-their-jobs-in-growing-numbers https://blog.trello.com/enterprise/how-to-retain-employees https://hbr.org/2016/09/why-people-quit-their-jobs https://www.mckinsey.com/business-functions/people-and-organizational-performance/our-insights/great-attrition-or-great-attraction-the-choice-is-yours https://blog.trello.com/supportive-company-culture https://www.statista.com/chart/19064/number-of-unused-vacation-days/ https://www.glassdoor.com/blog/vacation-realities-2017/ https://hbr.org/2016/03/two-thirds-of-managers-are-uncomfortable-communicating-with-employees https://www.mckinsey.com/business-functions/people-and-organizational-performance/our-insights/igniting-individual-purpose-in-times-of-crisis https://allthatsinteresting.com/myers-briggs-test https://cybersecurityventures.com/jobs

In this episode, you can hear from Dr. Neal Krawetz, creator of Hacker Factor and FotoForensics. Neal's a long-time security practitioner who shares some fascinating insights in terms of how to identify potential bad actors early on (think reconnaissance interception), techniques for detecting bots and malicious entities, and ways to protect your team members from misattributed fake blog entries.

Special Thanks to our podcast Sponsor, Prevailion. Some of the best C-level executives start in the technical ranks.  This episode features Nate Warfield, CTO of Prevailion, who differentiated himself by creating the CTI-League.com to assist healthcare companies with ransomware.  We'll cover some of that organization, how Nate got his first C-level job, and some lessons learned you might appreciate in your own CISO journey. To learn more about Cyber Adversary Intelligence, please check out Prevailion who sponsored this episode.

When you first start a cybersecurity job, or hire someone into a cybersecurity job, there is a window of opportunity to see things with a new perspective.  In this episode, we’re privileged to share ideas with Rebecca Mossman, a successful cybersecurity leader who has led successfully a number of teams in her career.  We’ll examine relationships, stakeholders, setting priorities, communication, and knowing when to call something “done” and move on to the next task.

A Border Gateway Protocol (BGP) misconfiguration is what took out Facebook on 4 October.  Most IT folks don't understand how BGP works.  This episode helps you gain a better understanding of the protocol that creates routing tables to move information from one end of the Internet to the other.  We'll explain how Autonomous Systems (AS) share BGP route information, what should happen when things go right, and then examine what likely went wrong at Facebook and how you might be able to prepare for potential problems in advance before they occur.

This is a special treat.  On this episode of CISO Tradecraft you can hear Mark D. Rasch, JD, discuss legal and security topics that he's encountered in his more than 30 years of experience in cybersecurity law.  We look into ransomware, reportable breaches, the appropriateness (or lack thereof) of certain legal statues, and finish with some actionable advice for CISOs and security leaders that you really need to hear.