-
Continue reading →: ASIS Article – Preparing for OT Incident Responsehttps://www.asisonline.org/security-management-magazine/monthly-issues/security-technology/archive/2022/october/Your-Cyber-Response-Plan-Needs-These-6-Components/ Cybersecurity incidents are no longer a matter of if, but when. Building a good strategy and architecture to deter intrusions is incredibly important in reducing the frequency and severity of incidents, but there is no scenario where any organization is totally immune. That means that every organization must have…
-
Continue reading →: Ask Lesley: How Much Should SOC Work Suck?
“Dear Lesley, I’ve been in a MSSP Security Operations Center (SOC) for a few months as my first cybersecurity job. The work is monotonous, I have access to only a few SIEM tools, and most of what I do is handle repetitive tickets for a ton of customers all by…
-
Continue reading →: Reasonable IR Team Expectations
With the surplus of ransomware attacks consistently increasing, I have unfortunately witnessed another increase – in shoddy and predatory cybersecurity incident response firms with good SEO taking advantage of victims. In some cases this may be opportunistic, and in others simply a side effect of the shortage of senior and…
-
Ask Lesley: From Ops to DFIR, a Tough Transition
Published by
on
Continue reading →: Ask Lesley: From Ops to DFIR, a Tough TransitionLesley, I am having the hardest time getting my foot in the door in an investigative role. I have spent almost 4 years at the same job, in the same role, and cannot find a way to transition out of the operations side of the house. I went into operations…
-
Continue reading →: PancakesCon 2!
I’m thrilled to announce that PancakesCon 2 will be Sunday, March 21, 2021. It will once again be 100% free and virtual. Call for volunteers (logistics, CFP review) are LIVE. Follow pancakescon.com or @pancakescon on Twitter for updates.
-
Continue reading →: Uh oh, Orion.
Just a few brief thoughts on the initial reports of a SolarWinds Orion supply chain attack allegedly impacting a multitude of high profile government and corporate targets. We’re still waiting on quite a few important details; some great initial IOCs have been graciously provided by cybersecurity firm and attack victim…
-
Continue reading →: Ask Lesley: “I want to hire more diverse senior people”Dear Lesley, Do you have any tips on how an org can encourage a more diverse candidate pool for a senior and specialized infosec position? We are located in a mid-sized city and we want to do a better job at reaching a good cross-section of candidates. Thanks,Hiring Today Dear…
-
Continue reading →: VetSecCon – All About Securing ICS
I spoke to the veteran’s group VetSec about Industrial Control System (ICS) cybersecurity careers.
-
Continue reading →: SC Media: Here’s a five-step security plan for industrial environments
I covered the current state of industrial cybersecurity for SC Media.
-
About Cybersecurity Management and Expectations
Published by
on
Continue reading →: About Cybersecurity Management and ExpectationsFor the past decade, I have listened to a number of stories from a minority of cybersecurity professionals I talk to about unbelievably hostile and abusive workplaces. More insidious to me, are the workplaces that “pass” as okay on paper, but are continually undermining, failing, and gaslighting their junior employees.…
Hello,
I’m Lesley, aka Hacks4Pancakes
Nice to meet you. I’m a long-time digital forensics and incident response professional, specializing in industrial control and critical infrastructure environments. I teach, lecture, speak, and write about cybersecurity.
I’m from Chicago, living in Melbourne.
Follow Me on Social!
ai career careers certification cfp challenge coins conferences cybersecurity cybersecurity careers dfir digital forensics education featured ff giac hacking health and wellness ics incident response information security infosec infosec education iot management mastodon mentoring nation state attacks off topic osint phishing podcast privacy security security education security operations self study social media talks technology threat attribution threat intelligence university video volatility women in tech
Recent posts
Join the fun!
Stay up-to-date with my recent posts, podcasts, and blogs!
Lesley Carhart's Cybersecurity Blog 