Security Operations

Keeping the status quo was a mistake. I was building a SOC, in-housing all the outsourced capabilities from a Managed Security Services Provider (MSSP), and I had been asked to provide some specific metrics for an internal governance board. The same metrics the MSSP had been reporting. I provided them without questioning whether they were still appropriate, or whether they’d be the right ones for us going forward. They were not. ...

What the world doesn’t need right now is another CrowdStrike hot take… so here’s mine. I’m not here to throw any more at CrowdStrike. They’ve had enough. There was a mistake with big impact.1 It happens. There is a lesson to be learnt though: every security control carries a tradeoff, and in this case it’s operational risk. But this recent event serves to remind us. We cannot just blindly push security controls; there are tradeoffs which must be understood. ...