Not feeling super confident -
Been studying since I completed the class in April (Great class by the way, if you are in the field and need to build or solidify some foundational knowledge I highly recommend it), but the more I study the stupider I am feeling. I really think this is going to be a write off exam and I will end up retaking it in a couple months. Hopefully not, but that's the way it is feeling
In other news -
I did up a nice little table that compares the CIS Top 20 Security Controls (actually the top 5 plus 1) to the ASD Mandatory Top 4 and the NSA IAD Top 10 (top 4) and correlated that to the NIST 800-53 controls. I tried to put it in blogger in table format but it wont take. I am going to reformat a little bit and I will post a .jpg later today. I know this may seem pointless, but I actually do have a point with it - The Australian Security Directorate (ASD) did an analysis and found that 85% of the incidents they respond to could be prevented by implementation of their top 4 controls. SANS made similar claims about their top 5 (now controlled by CIS). Finally, the recent WannaCry ransomware epidemic could have been largely prevented by a good vulnerability/patch management program and guess what figure heavily in those sets of controls. My point being that a base level of security is relatively easy to obtain and everything after that is gravy. (Don't interpret this as "Oh, we only have to do this stuff!" I am making the point that laying a good base to build on is an achievable proposition)
DefCon - ICS Village: Grid Insecurity and How to Really Fix This Shit - I tried to see this talk while at DefCon, but the room they ...
Next week will be 25% of the planned 52 week run. I'll let you guys decide, stop or keep going?
So again today I am seeing all sorts of tweets about how great Mad Max - Fury Road is. Most revolving around the fact that Furiousa was a k...
4 T-Shirts, Gloves, Skull Coffee Cup, and a Knife.