Tales from a Security Professional

The importance of having a data scientist team in Cyber Security Center

Numerous parallels exist between the strategic board game ‘Stratego’ and the operation of a Cyber Operation Center. In ‘Stratego,’ you engage in one-on-one gameplay, but within the Cyber Security Center, you’re navigating multiple games simultaneously. Your objective remains steadfast: safeguard the flag for as long as possible, while adversaries relentlessly pursue its conquest. The distinguishing factor lies in the dynamics of these engagements. While you’re simultaneously managing multiple fronts, your adversaries can opt to focus on one game at a time. At first glance, this might appear unequal, almost like an unfair contest. However, it shouldn’t be.

October 16, 2023

Data Science

AI and Security: A Perfect Union?

Artificial Intelligence, commonly referred to as AI, has undeniably become the prevailing marketing buzzword in recent times. The excitement surrounding AI is palpable, and it has captured the imagination of industries and individuals alike. However, the crucial question is whether AI can truly live up to these soaring expectations. In my view, the answer is a cautious one; the current state of AI, though promising, still carries certain limitations due to its emerging and relatively immature nature.

October 15, 2023

Management

Death by SLA

In every organization that has embraced the ITIL framework, the emergence of the term SLA is an inevitable milestone, and it often marks the beginning of a challenging journey. The process of crafting a well-defined SLA that is comprehensible and agreeable to all involved parties can be an arduous undertaking, particularly when attempting to articulate it in a language that is not your native tongue.

October 1, 2023

Management

The 98%-rule

Initiating a project to implement a security control is a critical undertaking in any organization’s cybersecurity strategy. However, it often raises a fundamental and seemingly straightforward question: “When can we consider this security control fully implemented?” This query, though seemingly simple, is anything but, as it entails a multifaceted evaluation that requires careful consideration of various elements.

September 24, 2023

Architecture / Security Operation Center / Vulnerability Management

Do you really need a dedicated SOC for the OT-environment?

By adhering strictly to the Purdue model, your OT environment will exclusively consist of essential devices required for seamless factory operations, effectively mitigating IT-related threats. However, as is often the case, theory and practice diverge. In reality, the situation is more intricate. Let’s delve into the myriad facets of this issue to help you determine the optimal approach for your environment.

September 17, 2023

Management

MTTC – The only KPI that matters

MTTC is the critical KPI that holds immense significance in the constantly shifting landscape of cybersecurity. This metric essentially functions as a litmus test, providing an insightful measure of an organization’s prowess in promptly identifying and efficiently mitigating cybersecurity incidents or breaches once they have successfully bypassed the organization’s digital defenses. The significance of MTTC is underscored by the relentless proliferation and escalating sophistication of cyber threats, which have collectively conspired to make achieving this KPI an increasingly formidable endeavor.

September 3, 2023

Management / Security Operation Center / SOAR / Threat Intelligence

The question is not if but when

In today’s interconnected and digitized landscape, the inevitability of cyberattacks has transformed the question from a matter of ‘if’ to a matter of ‘when’. This paradigm shift underscores the critical importance of cybersecurity preparedness in the modern world. The notion that organizations and individuals will eventually experience a breach has compelled a shift from a reactive approach to a proactive and strategic stance in safeguarding digital assets.

August 27, 2023

Vulnerability Management

How to provide more value as a vulnerability specialist to the business?

As a vulnerability specialist, it is your job to discover all known vulnerabilities. And on its own, that is already challenging. You can wonder if you merely provide a report with discovered known vulnerabilities including steps on how to remediate them if you indeed provide value to the business. Remember, if you have set up the rights processes and configured the technology correctly, you are sitting on a pot of gold (high-value data). Therefore, the logical question is what should you be doing as a vulnerability specialist to deliver true value to the business?

June 11, 2023

Management

When was the last time you have validated and/or updated the information security policy documents?

Yes, true for some this is a boring topic. However, most people will try to use the excuse that as long as it is not stated in the information security policy it is allowed whatever they are doing. But then they forget the intent of the information security policy. Therefore, the question is what do you need to think about when validating and/or updating the information security policy documents?

May 29, 2023

Threat Intelligence

Phishing emails – The one thing you don’t want to receive, but you can’t avoid it. So, now what?

A phishing email is a fraudulent attempt by scammers or cybercriminals to deceive recipients into revealing sensitive information, such as passwords, usernames, credit card details, or personal identification information. These emails are designed to appear as if they are sent by legitimate organizations, such as banks, social media platforms, or e-commerce websites, in order to trick individuals into providing their confidential data. And as phishing emails as a technique has proven to be effective, the adversaries will continue dispatching them. So, the question is what can you do to protect yourself? In this article, I give some tips on how to deal with phishing emails.

May 21, 2023