Posts

What Makes a Good Threat Model?

Image
 In the realm of cybersecurity, threat modeling plays a pivotal role in safeguarding systems and applications against potential risks. A well-constructed threat model provides valuable insights into vulnerabilities, attack vectors, and mitigation strategies. Let’s delve into what distinguishes a good threat model from a subpar one. Selecting the approach 1. Picking the right tool:  Selecting an appropriate tool for threat modeling is crucial in ensuring effective security analysis. In this article we will use the Microsoft Threat Modeling tool. Key consideration including  a. Scope: Consider tools that align with your scope—some cater to web applications, while others cover broader infrastructure. b. Ease of Use: Opt for tools that strike a balance between robustness and simplicity. Complex tools may overwhelm users, hindering adoption. Look for intuitive interfaces and clear documentation. c. Methodology Compatibility: Different threat modeling methodologies exist (e.g., STRIDE,

What is the Security Threat Landscape in 2024?

Image
 I was working up a question that I thought would make a great blog. the question is in 2024 what is the the security threats landscape? Here's the key take aways that I considered. Proactive Mindset : Today’s threat landscape demands a proactive mindset. Organizations are moving away from reactive security measures and are instead focusing on identifying potential intrusion points and actors before an incident occurs . Cyber Threats evolving : Cyber threats are leveraging AI, exploiting vulnerabilities in mobile and cloud platforms, and targeting data breaches. The rise of connected cars has led to concerns about automotive hacking. Ransomware attacks have become more sophisticated, causing significant damage to organizations. The proliferation of IoT devices on a 5G network presents new security challenges. As systems become more integrated and automated, they also become more vulnerable to cyber threats.  Remote Work and Digitization : The rush to adapt to pandemic-inspired chan

ISC2 Seattle

Image
 This past January the new ISC2 Seattle chapter was officially sanctioned by ISC2. The work was a great accomplishment to myself, and the great team that reflect the chapters board of directors.  So today I wanted to share the vision, and purpose of the chapter, this text appears verbatim in our  formation application.  *Purpose – What is your reason for starting an (ISC)2 chapter in the proposed area?  The local geography has a considered short fall of young professionals entering the employment market. As a former ISSA board president and an advisory for CSA both lack the ability to 'certify' a candidate as a qualified expert in Cyber Security.  Finding and helping these new candidates as ISC2 members is essential to continue building the expertise desperately needed in the Seattle technology corridor.  As a hiring manager I respect applicants that produce their CISSP or like certification as proof of basic security knowledge. We consider it a gold standard. However, the

2021 Predictions in Technology

Image
Days after the beginning of 2021 and it’s time to update my annual technology prediction. As you’ll see some are a bit redux, while others look at possibilities that would be amazing. I’d note to my readers – thanks for taking time to read this rambling, and I look forward to your feedback and ideas for next year!.   2020 in review Four of my five 2020 predictions came abouts to some level. Either my predictions where spot on, or they where not as futuristic as I thought. 5G is now ubiquitous and most countries have rolled the capabilities out nationwide. In the USA all major providers have boasted the capability of 5G and in fact 5G made headlines as a cause for COVID-19 within some extremely paranoid. So 5G is available, and a great marketing gimmick – unfortunately for me, it’s a fizzle and fails to really make a difference in connection speeds over 3G. I’ve noted many say similar – that 5G over 3G is a cool idea – if it actually provided more connection speed. This year

0-Trust

In the past several blogs I introduced the work I've been doing associated with the Azure Secured Workstation. I note that this solution IS an ideal 0-trust protection model that any organization looking to protecting key roles and service administrators from compromise is a must. And as this Zdnet's article identifies attacking a weak link is still the most prevalent means to get into your network. In the article the Robin Hood ransomware was deployed using a targeted attack, and the installation a malicious driver. In this case the vulnerability in the Gigibyte driver makes the job of the hacker much simpler, but it's clear that if the targeted user (most likely an administrator) was using an isolated identity to manage their network, malware described in the article would fail to extend its foot hold in an organizations network. What should you do. First and foremost - create a new identity domain/forest. This can be pretty simple thanks to cloud compu

2020 predictions

Image
2020 is coming upon us, and it's time to reflect on my 2019 predictions I made, and look forward to this coming year with another technology prediction. So let's get started - first off - a lookback to see  progress in the areas I outlined, possibly no earth shattering results, but progress.  2019 retrospective - New UX - probably not as much evolution as I would have wanted to see in this area. For now, we use windows, android, IOS, and it's pretty much the same UX as it's been for a while. IoT the simple assistant - IoT continues to be the hot area of growth. I consider this more evolution than revolution. As we see IoT based technology being embedded into more and more devices. Cloud growth advances in   astonishing speeds - This past year all three cloud providers made strides in the cloud worth noticing.  AWS entered the quantum computing market with Bracket, introduced an in-house  S

Update to the Azure Secured Workstation

The update to the Secured Workstations Reference Architecture was released this week, and reflects the addition of several Key updates include - Here's the new content in summary: Setting up WAF blocking all outbound connections This is an interesting section that was provided by a colleague who helped define a set of white-listed URL's and by design block all other traffic. I'd note this is a benchmark of URL's you can use and block when managing Azure.   Improved conditional access Conditional access is also important to ensure that workstation is the only way you manage your Azure subscription. The addition addresses the limitation of managing your cloud from ONLY a secure workstation, and prevent legacy protocols that may not be as secure. Setting up ATP, sentinel for monitoring Detecting and monitoring your network with the newly minted Azure SIEM. Sentinel offers a great way to agriggate your detection platform. This also provides a good means to co