Problem Solver | System Improver | Cyber Security | Tech Support
Which first? The Policy or Procedure? A Cyber Framework Conundrum.
A recent, and very new direction in my career, has seen me enter the universe that is Cyber Security Frameworks – by being tasked with laying the groundwork for adopting a cyber framework. Having come from 20 years of technical support and system administration, the operational side of security was familiar, however merging formal procedure and policy to day-to-day process was a brave new world for me.
The ‘Living off the Land’ cyber security problem
Given the recent high-profile news from the UK GVT regarding suspected state sponsored cyber attacks, as well as a raft of dramatic advisories from the likes of the NCSC centred around the ‘Living off the Land‘ (LOTL) attack technique, why does LOTL seem so hard for cyber security teams to handle?
Here are a few likely reasons…
Cyber Security – ‘Lateral Movement’
This article is designed to introduce you to the cyber security subject of Lateral Movement, and show some of the common cyber security methods used to tackle it.
Cyber Security – Brute Force vs Password Spray
In the world of cyber security, attackers have a multitude of tools at their disposal to breach user accounts. Two common methods of attack are Brute Force and Password Spray. While both leverage automation to gain unauthorised access, they differ in their approach.
This article covers both strategies and how to defend against them.
Cyber Security – Looking at Advanced Persistent Threats (APTs)
This article discusses the Advanced Persistent Threat (APT) cyber attack, and covers both the strategies used during an attack, and how to defend against them.
Cyber Security – Looking at System Hardening
This article discusses the concept of ‘System Hardening’ and looks at the thought process and a few common strategies behind hardening to combat attack surface.
Cyber Security – Looking at all things ‘Evil’
The world of cyber security can get a tad dry sometimes. Firewalls, encryption, vulnerabilities, patching – all super important of course, however there’s a hidden layer where creativity and drama reign supreme: and that’s naming conventions.
In the spirit of cyber mischief, let’s take a peek into the ‘evil‘ side of cyber security naming conventions.