Getting started with cybersecurity
#1
Greetz to all, it's nice to post again after a long time of inactivity Smile
Hope you all are fine and safe.

I'd like to ask some opinions regarding how to start a cybersec dept. @ work:

I was thinking to primarily focus on the most common threats faced by our clients (phishing, malware, bruteforcing of network devices , etc...), and then propose some solutions, like additional software, teaching courses for the workers and so on.
I was also thinking to implement some SIEM solution.

That's a vague description of what I want to do, but I'd like to hear some suggestion to improve my idea, maybe from someone who already has, or has worked, in a dept like this.
Reply
#2
Although I understand what you want to do I think it all depends on what your position is.
Are you proposing this idea to your boss? Or what is the real plan after knowing what you exactly want?
I think it all depends on who you want to convince to spend the money, imo it all depends on the vision which that person has on cybersecurity.

Also, I don't know if you are close with Cypher but I think he could give you some nice insight about this.
He visits the forum from time to time but in case he does not see this thread you can contact him on Twitter. If you don't know his twitter DM me and I'll share it.
Reply
#3
Cypher has some good insight on threat intel and all that scene, not sure if he's that active these days though Smile Otherwise I would summon dropzone who I believe has some experience as a security engineer.

Just starting out myself so wouldn't know much about a starting a whole dept. But I guess SOC for blue team with SIEM engineers, Soc analysts, incident response etc. Working closely together with sysadmins. Red team for the more agressive security. And have them work under an executive CISO. I guess I would look into the more organizational parts of infosec such as ISO 27001, ITIL and all that management jargon with IT management.

I've only worked with 1st line/2nd line support departments and shitty helpdesk callcenters myself so.
Reply
#4
(10-05-2020, 04:41 PM)enmafia2 Wrote: Although I understand what you want to do I think it all depends on what your position is.
Are you proposing this idea to your boss? Or what is the real plan after knowing what you exactly want?
I think it all depends on who you want to convince to spend the money, imo it all depends on the vision which that person has on cybersecurity.

Yes, sure I talked with my boss, I've got free rein, and that is the plan:

- analyze most common threats detected, for every customer
- risk analysis for each threat, in relation with customer's infrastructure and type of data managed ( I mean, it's useless to propose a SIEM dashboard to a 3 people's company who sells brooms, and the only data managed are not sensible)
- 360° vulnerability assessment, from weak user's password, to exposed services/ports without filtering, etc...
- report of everything and proposal of the solution (that's the hardest part as you have exposed all the critical parts, but now how to fix them???)


(10-05-2020, 04:41 PM)enmafia2 Wrote: Also, I don't know if you are close with Cypher but I think he could give you some nice insight about this.
He visits the forum from time to time but in case he does not see this thread you can contact him on Twitter. If you don't know his twitter DM me and I'll share it.

Ok that would be nice, if Cypher is not going to answer shortly, maybe I'll give a shout on Twitter.

Insider Wrote:Cypher has some good insight on threat intel and all that scene, not sure if he's that active these days though Smile Otherwise I would summon dropzone who I believe has some experience as a security engineer.

Thanks for the info Insider Big Grin I'll DM him
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [Link Collection] Getting Started in Infosec Insider 2 6,751 04-15-2018, 11:37 AM
Last Post: learnard