“Dear Lesley, I’ve been in a MSSP Security Operations Center (SOC) for a few months as my first cybersecurity job. The work is monotonous, I have access to only a few SIEM tools, and most of what I do is handle repetitive tickets for a ton of customers all by myself on awkward shifts. I… Read More Ask Lesley: How Much Should SOC Work Suck?
I recently ran across a tweet by the very insightful Fernando Montenegro in which he makes an interesting point about a phenomenon we occasionally run into while examining social media profiles associated with a business: Do people also find it creepy/sleazy coming across fake LinkedIn profiles when researching a company/vendor? Makes me question the ethics… Read More Human Honeypots: I Make Friends (and So Should You)
Be sure and check out (and subscribe to) all of the episodes of the excellent Brakeing Down Security podcasts! Thank you for having me as a guest, Brian and Michael!
Topic of the Day:
The Incident Response Process, – Program, Plan, Policy, Process, Playbooks, and roles.… Read More Lesley on Brakeing Down Incident Response Podcast – All About Playbooks
Our personal financial identities are exposed, and we’re mad. A sick, visceral, exhausted anger that hits us in the pit of our stomachs and makes us feel powerless. People are understandably furious about the Equifax breach- to a degree that makes it tough to have a rational discussion about what happened. Unfortunately for information security… Read More Whose Fault Is It? (A brief discussion on misconceptions about Equifax)
A common practice of researchers studying a piece of malware is to seize control of its malicious command and control domains, then redirect traffic to them to benign research servers for analysis and victim notification. I always highly recommend monitoring for traffic to these sinkholes – it is frequently indicative of infection. I’ve found no… Read More Consolidated Malware Sinkhole List
Much like open offices and outsourcing in business, information security is subject to trends. One you probably saw in your vendor spam folder over the past couple of years is phishing awareness exercises. The premise sounds simple – phish your employees before the bad guys do, monitor how they respond, and react accordingly. In reality,… Read More Phishing Exercises, without the “Ish”
Threat intelligence is currently the trendy thing in information security, and as with many new security trends, frequently misunderstood and misused. I want to take the time to discuss some common misunderstandings about what threat intelligence is and isn’t, where it can be beneficial, and where it’s wasting your (and your analysts’) time and money.… Read More The $5 Vendor-Free Crash Course: Cyber Threat Intel
I had the honor and pleasure of being asked to teach a four hour incident response class at last month’s Circle City Con in Indianapolis, IN (you can watch a recording, here). The subject was preestablished based on attendee interest: building an incident response program in small, medium, and large enterprises. Granted, most of the… Read More The Gamemaster’s Guide to Incident Response
. I tweeted these out of frustration quite some time ago and I’ve since been repeatedly asked for a blog post condensing and elaborating on them. So, without further ado, here are Lesley’s Rules of SOC, in their unabridged form.… Read More Lesley’s Rules of SOC