SecurityWeek: CISA Hires ‘Mudge’ to Work on Security-by-Design Principles https://www.securityweek.com/cisa-hires-mudge/ #NationalCybersecurityStrategy #SecurityArchitecture #CISOStrategy #Government #Twitter #Mudge #CISA
#nationalcybersecuritystrategy #securityarchitecture #cisostrategy #government #twitter #mudge #cisa
SecurityWeek: CISA Hires ‘Mudge’ to Work on Security-by-Design Principles https://www.securityweek.com/cisa-hires-mudge/ #NationalCybersecurityStrategy #SecurityArchitecture #CISOStrategy #Government #Twitter #Mudge #CISA
#nationalcybersecuritystrategy #securityarchitecture #cisostrategy #government #twitter #mudge #cisa
SecurityWeek: US Government Publishes Guidance on Migrating to Post-Quantum Cryptography https://www.securityweek.com/us-government-publishes-guidance-on-migrating-to-post-quantum-cryptography/ #SecurityArchitecture #Management&Strategy
#securityarchitecture #management
SecurityWeek: NSA, CISA Issue Guidance on 5G Network Slicing Security https://www.securityweek.com/nsa-cisa-issue-guidance-on-securing-5g-network-slicing/ #SecurityArchitecture #NetworkSecurity #guidance #5G
#securityarchitecture #networksecurity #guidance #5g
SecurityWeek: NSA, CISA Issue Guidance on Securing 5G Network Slicing https://www.securityweek.com/nsa-cisa-issue-guidance-on-securing-5g-network-slicing/ #SecurityArchitecture #NetworkSecurity #guidance #5G
#securityarchitecture #networksecurity #guidance #5g
Understaffed security teams are facing increasing pressure to do more with less. Here's how adopting a multilayered #securityarchitecture is the #recession-proof approach to weathering the #cybersecurity storms of today and tomorrow: https://venturebeat.com/security/for-recession-proof-security-spending-embrace-the-value-of-multi-layered-integrations/ #press
#securityarchitecture #recession #cybersecurity #press
Vendor management is operations for security architects.
#infosec #securityarchitecture #vendormanagement
One of the most accurate large enterprise architecture diagram sets I’ve seen .
Artist: @manu
Would You Accept an Inconvenience To Prevent a Data Breach?
Addressing the rise in credential and session compromise
~~~~~~
by Teri Radichel | Jan, 2023
#cloudsecurity #iam #mfa #separationofduties #securityarchitecture #circleci #oktapus
#cloudsecurity #iam #mfa #separationofduties #securityarchitecture #circleci #oktapus
Make it easier to find malware targeting your users: If you’re designing (or redesigning) your web presence and it includes login or authentication functionality of some sort, consider making your authentication cookie names unique to your system.
For example, instead of calling your authentication cookie “auth” or “session,” maybe call it “blue_tiger_cub” (completely contrived example). Now, if you’re hunting for credtheft or infostealing malware targeting your brand, your searches just got a whole lot more targeted.
This does have me thinking though…could you rotate the authentication cookie name on a regular basis?
Or maybe we could just move away from cookies for session management and use an extended version of something like #webauthn to sign every single request, but I digress…
#malware #webauthentication #cookies #securityarchitecture #threathunting #yara
#webauthn #malware #webauthentication #cookies #securityarchitecture #threathunting #yara
Make it easier to find malware targeting your users: If you’re designing (or redesigning) your web presence and it includes login or authentication functionality of some sort, consider making your authentication cookie names unique to your system.
For example, instead of calling your authentication cookie “auth” or “session,” maybe call it “blue_tiger_cub” (completely contrived example). Now, if you’re hunting for credtheft or infostealing malware targeting your brand, your searches just got a whole lot more targeted.
This does have me thinking though…could you rotate the authentication cookie name on a regular basis?
Or maybe we could just move away from cookies for session management and use an extended version of something like #webauthn to sign every single request, but I digress…
#malware #webauthentication #cookies #securityarchitecture #threathunting #yara
#webauthn #malware #webauthentication #cookies #securityarchitecture #threathunting #yara
I spent waaaay too much time creating secure administrative scheduled tasks in #Windows. So I made a blog post to walk others through the process. Check it out!
https://cybergladius.com/secure-windows-scheduled-tasks-with-managed-service-accounts/
Also, doing the same thing in Linux is so much easier! ugh... Windows...
#windowssecurity #securityarchitecture #cybersecurity
#windows #windowssecurity #securityarchitecture #cybersecurity
In light of the recent breaches of LastPass’ infrastructure systems, I've been thinking:
What would happen if the data in my password manager were successfully breached?
And what can I do right now to reduce the impact of such a breach?
If you've ever wondered the same thing but have never come across a satisfying answer, well, do I have some Thought Leadership™ for you!
https://justinpagano.substack.com/p/protecting-against-a-password-manager
#passwordsecurity #passwordmanager #passwordvault #lastpass #1password #bitwarden #authy #yubikey #passkey #yubico #mfa #2fa #multifactorauthentication #twofactorauthentication #securityarchitecture
#passwordsecurity #passwordmanager #passwordvault #lastpass #1password #bitwarden #authy #yubikey #Passkey #yubico #mfa #2fa #multifactorauthentication #twofactorauthentication #securityarchitecture
A few #introductions:
I run Systems Structure Ltd., a US consultancy that provides fractional CISO services for pre-A to post-C round #startups, along with #threatmodeling training and #securityarchitecture reviews.
I've been working in #security since 2003 and did a spell in NGOland from ~2011 to 2016, working with NGOs and news organizations targeted by states and on tools they use, including the #briar messaging app. The field work I did then fundamentally reshaped my approach to security, and I recommend that everyone in the field learn about the reality of being a high-risk user.
I live in #Helsinki the days, although in the before times (and hopefully soon again) I spent a fair bit of time in #NYC and #London. I run a #queer performance space out of my home, along with my partner, called The Attic (@theatticfi on insta), where we make space for #drag, #burlesque, #performanceart, and music, along other things. Before I moved here, I spent six or so years traveling full time.
I have written various essays over the years, which you can see on dymaxion.org, and I'm slowly writing a book. While security pays the bills, I spend a lot of my time thinking about #complexsystems, and in particular how the human and technical bits mesh, how they fail, and how to redesign them to fail better. In practice, this has meant everything from consulting on a constitution to thinking about what comes after the #climate apocalypse. The "recruiting barbarians" in my bio refers to being more comfortable outside of institutions, but I'm starting to think more about community and infrastructure building now that I live somewhere.
I'm also an #artist; I paint and am slowly learning my way around a #synthesizer, and I've been accused of being an #architect. I'm active in the #nordiclarp scene, where we take larp serious as a dramatic form and do everything from a reworking of Hamlet played at the actual Elsinore castle to a larp about the early days of the HIV crisis. I'm primarily a theorist and critic there, as well as player, and I've edited two books and written a number of essays. Nordic larp has the best toolkit I've seen anywhere for analyzing the human parts of complex systems and especially for building new systems; it's heavily influenced my security work, along with my #designfutures thinking.
#introductions #startups #threatmodeling #securityarchitecture #security #briar #helsinki #nyc #london #queer #drag #burlesque #performanceart #complexsystems #climate #artist #synthesizer #architect #nordiclarp #designfutures
Happy #twittermigration
New to mastodon, but hoping to find the friendly infosec community that I know and love.
#hacking #securityarchitecture #purpleteam #reverseengineering #drones #hardware #bouldering #greatoutdoors
#twittermigration #hacking #securityarchitecture #purpleteam #reverseengineering #drones #hardware #bouldering #greatoutdoors
Happy #twittermigration
New to mastodon, but hoping to find the friendly infosec community that I know and love.
#hacking #securityarchitecture #purpleteam #reverseengineering #drones #hardware #bouldering #greatoutdoors
#twittermigration #hacking #securityarchitecture #purpleteam #reverseengineering #drones #hardware #bouldering #greatoutdoors
Having learned #introductions are a thing, here goes.
I've worked in tech for >25 years, starting in support and writing apps amd basic games on my.own time.
A fairly winding road took me through systems engineering, technical architecture, solution architecture,. enterprise architecture and now cybersecurity consultanccy and architecture.
I write books on cloud computing, content for security websites, and.spend my days offering security consultancy to those needing it. I'm pretty heavily into #azure #aws #networksecurity #govtech #fintech #healthtech and #saas and in my spare time I'm a Trustworthy AI Researcher.
Also a married father of three, a pretty tidy guitar player, an enthusiastic gamer (halo), and a shitty but enthusiastic skateboarder.
Good to meet you 🍺
#introduction #securityArchitect #securityarchitecture #securityconsultant #CyberWriter
#introductions #azure #aws #networksecurity #govtech #fintech #healthtech #saas #introduction #securityArchitect #securityarchitecture #securityconsultant #CyberWriter
A few of my favorite things:
#cybersec #securityarchitecture #vinyl #whiskey #bourbon #scotch #mcu #jazz #classicrock #punchingnazis
#cybersec #securityarchitecture #vinyl #whiskey #bourbon #scotch #mcu #jazz #classicrock #punchingnazis
Time to secure hybrid work for 2022, not 2002 - By Nick Biasini, with contributions from Vitor Ventura.
The cyber world today is chaotic... http://blog.talosintelligence.com/2022/02/securing-hybrid-work.html #securityarchitecture #ciscotalos #hybridwork #security
#security #hybridwork #ciscotalos #securityarchitecture