Aug 1, 2022
Today we're joined by some of our friends at Arctic Wolf -
Eugene Grant and Christopher Fielder - to talk about compliance.
Now hold on - don't leave yet! I know for many folks, compliance
makes them want to bleach their eyeballs. But compliance is super
important - especially because it is not the
same as being secure. So we discuss the differences between
security and compliance, and practical work we can do to
actually be more compliant and secure,
- Knowing what you have (assets, installed software, etc.)
- Rumble is a
cheap/free way to find out!
- Creating core policies and procedures that you
will actually follow
- Learning about security frameworks that will help you build a
security program from scratch
- Preparing for your first (or next) pentest. Tools
like PingCastle and BloodHound can
help find hacker low-hanging fruit!
- Knowing where your crown jewels are - be that data, a database,
a key system, etc.
- Writing critical documentation - especially backup/restore
- Forming a security "dream team" to help drive your program
- Asking the right security maturity questions at your next job
interview (so you don't get hired into a dumpster fire!)
P.S. this is Christopher's sixth time on the
program. Be sure to check out his first, second, third, fourth and fifth interviews