7 Minute Security

Aug 1, 2022

Today we're joined by some of our friends at Arctic Wolf - Eugene Grant and Christopher Fielder - to talk about compliance. Now hold on - don't leave yet! I know for many folks, compliance makes them want to bleach their eyeballs. But compliance is super important - especially because it is not the same as being secure. So we discuss the differences between security and compliance, and practical work we can do to actually be more compliant and secure, including:

• Knowing what you have (assets, installed software, etc.) - Rumble is a cheap/free way to find out!
• Creating core policies and procedures that you will actually follow
• Learning about security frameworks that will help you build a security program from scratch
• Preparing for your first (or next) pentest. Tools like PingCastle and BloodHound can help find hacker low-hanging fruit!
• Knowing where your crown jewels are - be that data, a database, a key system, etc.
• Writing critical documentation - especially backup/restore procedures.
• Forming a security "dream team" to help drive your program
• Asking the right security maturity questions at your next job interview (so you don't get hired into a dumpster fire!)

P.S. this is Christopher's sixth time on the program. Be sure to check out his first, second, third, fourth and fifth interviews with 7MS.