Lessons Learned

General concepts

Summit Route - Iterative Defense and The Intruder's Dilemma

In this post I explain the concept of Iterative Defense and The Intruder's Dilemma (IDTID). You've probably heard the Defender's Dilemma, which is: "An attacker only needs to find one weakness while the defender needs to find every one." This is pessimistic thinking for the defender and makes it seem like a battle that's impossible for the defender to win.

summitroute.com

Perfect is the Enemy

At some point early in my career, I heard a phrase that has stuck with me over the years; "Perfect is the enemy of good." I'll be honest, at first, I didn't really understand what it meant (which is probably why I remembered it). How could this be the case?

posts.specterops.io

Incident handling reports and lessons learned

Incident Handling Quarterly Report

JPCERT/CC Incident Handling Report [April 1, 2020 - June 30, 2020]

www.jpcert.or.jp

Learning From A Year of Security Breaches

This year (2016) I accepted as much incident response work as I could. I spent about 300 hours responding to security incidents and data breaches this year as a consultant or volunteer. This included hands on work with an in-progress breach, or coordinating a response with victim engineering teams and incident responders.

medium.com

Learning From A Year of Security Breaches

Hexacorn | Blog How to become the best SOC Analyst E-V-E-R

Since I am getting a varied feedback on this article, I want to clarify a few bits: I tried to incorporate many things that I wish someone told me in the past when I started working tickets If it comes across as preachy or hierarchical it was not the intention - seriously...

www.hexacorn.com

Hexacorn | Blog How to become the best SOC Analyst E-V-E-R

Risk measurement

Estimating the $ of a Security Incident.

We can see that MRR can move by a couple thousand dollars in either direction on a typical day. The company is generally growing in MRR over the course of the month. This knowledge informs our baseline of what normal looks like.

medium.com

Estimating the $ of a Security Incident.

Simple Risk Measurement - Simple Risk Measurement documentation

Simple Risk Measurement is written to help you measure complicated risks using a process that's simple enough to work out on the back of a napkin and powerful enough to organize a rocket launch. If you are an engineer motivated by the reduction of risk and are frustrated by how to measure your progress, you may find this documentation useful.

magoo.github.io

On organization

Classifying types of "Security Work"

(Phoenix Project also calls this Business Projects) Business projects can be interpreted a few ways. It strictly includes the support of projects that generate revenue, or more liberally identifies how the business is changing in pursuit of success but requires collaboration from supporting organizations like a security team.

medium.com