submitted by /u/Seekersec [visit reddit] [comments ..read more

As the first SOC analyst in a new information security department at a bank, I've learned the critical role of documentation and network segmentation before deploying security solutions like antivirus, SIEM, PAM, and XDR. In the absence of existing policies and procedures, these practices became foundational for establishing a strong security posture. Comprehensive Documentation: * Maintain a detailed record of all systems within your infrastructure, including access permissions (who, where, and how). * Establish a clear and consistent naming system for users, groups, and devices for better o ..read more

A lot of companies face a cybersecurity problem: their Security Information and Event Management (SIEM) and log management are scattered across different places. This often happens because companies use several Managed Security Service Providers (MSSPs), causing logs to be spread out. When this happens, security teams have a hard time getting the information they need because they have to search through multiple systems to find it. This fragmentation causes two big problems. First, it slows down the security team’s ability to respond to threats because they're busy jumping between different p ..read more

With encryption and eavesdropping from Gov agencies, and other unwanted people, could you encrypt the actual words being sent? Like the ASKII standard would have a certain letter represented by a set ampoint of 1's and 0's. But what if for encryption sake when signal Is transmitted each 2 devices communicating set up their own encrypted standard instead of traditional ASCII. No 2 devices conversations would hold the same common character binary bits, making it impossible to understand whats actually being sent? I don't know cyber that well, I just didn't know if thus was something viable. Tha ..read more

submitted by /u/General_Potential_42 [visit reddit] [comments ..read more

New Article on how to quickly get Syslog/AuditD logs to Microsoft Sentinel for threat hunting and detection building using AuditD. https://medium.com/@truvis.thornton/how-to-install-and-setup-azure-arc-ama-azure-monitor-agent-and-dcr-data-collection-rules-for-47381ee9d312 submitted by /u/thattechkitten [visit reddit] [comments ..read more

submitted by /u/anynamewillbefine [visit reddit] [comments ..read more

Hey blue/purple team professionals, how do you handle development and versioning of your correlation rules? Do you prefer using a git repository of some kind of database? I'm asking this because I'm struggling to find an appropriate tool to match my change auditing and versioning needs. submitted by /u/toolateSnake [visit reddit] [comments ..read more

Hi Security Folks! I have been doing TPRM for past 5 years now. During my tenure I have also worked in Issue Management - working on reviewing & approving remediation action plan/Security Policy Exceptions. I am CISA and CRISC certified. I am confused as to what should I be doing next ? My goal is to gain grow with good experience within Information Security and increase my marketability to ensure job stability. Please guide. submitted by /u/Ok_Pain_6130 [visit reddit] [comments ..read more

Hey all, I have 8 years in IT support with some exposure to network and server administration, and a year in management (I hated it). I want to move into cybersecurity, and I’m wondering how far I should go with certifications before I try to make that jump. I have Sec+ and I’m working on CySa+ and I’d like to do BTL1. I like doing certs, but I’m also kinda killing time while the job market sucks. But at some point it’s going to be weird if I have a bunch of certifications and no practical experience, right? So where should you draw that line? submitted by /u/AwkwardVoicemail [visit reddit ..read more