There have been multiple accounts created with the sole purpose of posting advertisement posts or replies containing unsolicited advertising.

Accounts which solely post advertisements, or persistently post them may be terminated.

wop ,
@wop@infosec.pub avatar

So, let’s assume that you are in an international company and the first and only security person. What are your first steps and projects? It is like really vague, but I’d assume like a SIEM, inventory of the network and all devices, backup situation, maybe even honeypots?

What are your high-prio things that every company should have? Is there even a framework for it?

Feeling kinda lost and I hope you get some guidance in the right direction.

biptoot ,

t every company should have? Is there even a frame

I was the lone security person there for a bit. Now there’s 4 of us. I broke it down into two risks:

service / system outage data breach / loss

The way I approached shoring up defenses was with specific activities each week:

vulnerability remediation audit & compliance incident response governance & policy security awareness program

It might help to think of things in a maturity model. Putting in a SEIM is a big job, and maybe more appropriate for when the security program at your org has matured more. What you can do is spend time working on the other stuff - what’s your endpoint protection? What compliance requirements do you have? How’s your inventory & asset management? What’s policy look like? Do your AD accounts all make sense? What’s the password policy? Do you have any old service accounts?

Picking little stuff allows you to make progress, and gets you ready to move to the bigger things. A mentor once told me to use a checklist (for life in general, but applies to cyber):

1 Did they ask you for help 2 Do you have it to give 3 Have you done enough for now

Good luck!

shellsharks OP ,
@shellsharks@infosec.pub avatar

CIS Critical Security Controls and/or NIST CSF as frameworks to help put you in the right mindset. But so much of what you should do first depends on some variables imo.

  • What is your budget?
  • What already exists security-wise at your company?
  • What level of executive support do you have? Can you enact real change?
  • What is most important to the company? i.e. "Crown Jewels"
  • What does the network/infrastructure/endpoint environment look like?

Once you answer these questions then you can get a better idea of where to spend the limited time/money you have. The CSC will likely tell you to tap into an inventory and do some form of Vulnerability Management. This is a decent idea as you need to know what you are trying to protect and also catch low-hanging fruit via vuln scanning. Instrumenting endpoints (EDR) or gaining visibility into your infra is also important but which do you pick first? Crowdstrike is awesome but expensive. No one solution is a silver bullet.

Have a plan, create a reasonable roadmap, figure out your companies risk threshold, ask for more resources depending on what level of risk they’re willing to accept and how quickly they want things implemented.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • [email protected]
  • lifeLocal
  • goranko
  • All magazines
    •