Cloud tech first floor recommendations
Adversary Ops, Coalfire
I hate to say it, but I’m an old, curmudgeonly guy that’s been in the industry more than 20 years. And after a while, things just start to wear on you. In fact, there was a point in my career that I swore if I had to counsel just one more company on the importance of having strong passwords and password policies, I would jump out a window. And yet here I am, still dealing with these issues many, many years later. Thank goodness my recommendations were always delivered on the first floor. Read more
Coalfire and HITRUST – 9 years, 1,000 engagements and counting
Zach Shales, Senior Director, Cloud Infrastructure, Coalfire
Since 2007, HITRUST® has offered programs that protect sensitive information and allow organizations to manage information risk globally across all industries and throughout the supply chain. In collaboration with information security, privacy, and risk management leaders from public and private sectors, they develop, maintain, and provide access to comprehensive risk and compliance management frameworks, and related assessment and assurance methodologies.
Mining Splunk's Internal Logs
Matt Alshab, IT Security Consultant, Technical Cyber Services, Coalfire Federal
Splunk is great about logging its warnings and errors, but it won’t tell you about them – you have to ask!
As the leading machine-generated data analysis software, it’s not surprising that Splunk excels at creating robust logs. The current version of Splunk Enterprise (v 8.05) generates 22 different logs (for a complete current list see: What Splunk logs about itself). These logs don't consume license usage, so other than disk space, there is no downside to all this logging, and the information the logs provide can be eye opening. The challenge for the Splunk administrator is getting a handle on these logs and using them to troubleshoot issues, find unknown errors, and improve performance.
Using Azure Blueprints to Control Azure Compliance
Doug Francis, Senior Consultant, Cloud Solutions Engineering, Coalfire
As Peter Parker says, with great power comes great responsibility. And so it goes with public cloud: With cloud scale and agility come cloud-scale problems and compliance nightmares. Every day, IT professionals balance the need to act quickly—often leveraging cloud speed of execution to implement resources—with the need to control resource deployments in their efforts to maintain proper organizational compliance and security posture.
Getting around the cybersecurity talent shortage
Bob Post, Managing Principal, Strategy, Privacy, Risk
More remote workers mean larger attack surfaces, and as cyber criminals take advantage of the rush to provision a remote workforce, the pain of the cybersecurity professionals’ shortage has become acute. Last year, the ISC(2) Workforce Study identified a shortage of 561,000 cybersecurity professionals in North America. Globally, that number is over 4,000,000 professionals. In April of this year, another ISC(2) survey found that 47 percent of the cybersecurity professionals surveyed were reassigned to other IT support activities while companies were ramping up to deal with the requirements of a newly remote workforce. As we move to “what’s next?”, how do enterprises obtain the needed resources and expertise to better address cyber risk in the new environment? Read more