Plan Do Check

The top of the page contains a ’tags’ feature to let you search the topics of the posts.

If you are looking to get started I suggest checking out Plan - Phase 1, Steps 1-6, Do - Phase 2, Steps 7-10 otherwise each article’s headline is clearly articulated with a sample of the body of the text.

About:

Security Professional and United States Army Veteran with over 15 years of experience in maintaining zero-fault environments at prestigious institutions such as the White House and the Pentagon. Demonstrated leadership skills in diverse, high-pressure team settings. Extensive expertise in information technology, computer security architecture, and development of security protocols through hands-on experience in domestic and international operations. Proven ability to effectively collaborate with individuals from diverse backgrounds and adeptly handle challenging customer interactions. Quick learner with a strong aptitude for building and nurturing key customer relationships, complemented by an Inactive Top-Security SCI and Critical Infrastructure Clearance.

Skill Category Skills/Competencies
Security Safeguards Security Protocols, Risk Mitigation, Access Control, Threat Analysis
Workflow Enhancement Process Automation, Efficiency Optimization, Process Streamlining
Operational Strategy Tactical Planning, Resource Allocation, Operational Optimization
Data Protection Data Encryption, Privacy Measures, Data Loss Prevention
Infrastructure Control Network Administration, System Monitoring, Redundancy Strategies
Technology Risk Control Risk Assessment, Security Safeguards, Threat Mitigation
Risk Governance Compliance Oversight, Risk Policies, Regulatory Adherence
Compliance Management Regulatory Compliance, Policy Enforcement, Audit Preparation
Client Relations Customer Support, Client Satisfaction, Relationship Management
Technical Competencies
Cloud and Virtualization: AWS, EC2, Route53, VMware, Proxmox, Azure
Linux and DevOps: Linux, NGINX, Puppet, Git, Docker
Security Tools: Splunk, Nessus, OWASP, Burp Suite, Cyber Chef, Kali
Programming and Scripting: JavaScript, Python, LaTeX
Networking and Load Balancing: NetScaler, F5
Threat Detection and Analysis: Checkmark, OSINT, SIGINT, ELINT, HUMINT
Practices: Agile, Waterfall
Frameworks: NIST 800-53, ISO 27000:1, MITRE, ATT&CK, FFIEC, NCUA, NERC, FERC, CIP
Transmission System: Ku/KA Band, HF/VHF/SHV, COAXIAL
Domains: Hybrid-multi cloud, Virtualization, Containerization, Hyper-scaling, ITIL/ITSM, Systems Administration
Databases Experience with NoSQL DBs, Relational DBs, Object Store architectures across globally replicated cloud instances

Consequence Analysis

In the process of setting goals and making decisions, it is essential to prepare and thoroughly assess the potential consequences of these choices. This comprehensive examination should encompass both short-term and long-term outcomes, with the ultimate aim of avoiding unintended negative repercussions. Effective leaders understand the importance of due diligence in decision-making, which involves minimizing risks while maximizing benefits.

These experiences provided invaluable insights into the dynamics of an organization, shedding light on the intricate web of relationships and the multifaceted nature of behaviors within it. They underscored how impactful the actions of leadership can be, as these actions profoundly convey the values of the organization and, by extension, impact the broader community.

Dynamic Goal Development

In all endeavors, our goals serve as guiding beacons and protective guardrails, ensuring that we stay on course and maintain a close watch on our performance metrics. This site should provide you with those resources.

Github

Calendar

Linkedin

YouTube

Secure Host Principles

A secure host is a critical component of a robust cybersecurity strategy. It should adhere to specific principles that prioritize security and minimize potential vulnerabilities.

Principle Description
Time-Tested and Reliable Services A secure host runs network services, including its operating system, that are known for their reliability and have withstood the test of time. These services should have a proven track record of security and stability.
Strong Administrator Authentication Access to a secure host is limited to administrators who are strongly authenticated. This means that only authorized personnel with the highest level of authentication should have access. Physical access may also be required for added security.
Avoid Weak User Access To maintain a secure environment, minimizing the number of users who have access to the host is essential. Weak users or unnecessary access points should be avoided whenever possible.
Limited Access from Specific Hosts General access to a secure host should be allowed from a very restricted number of secure hosts within the same community. These trusted hosts should communicate over private links or employ strong encryption methods.
Access Restriction Access to the secure host from other hosts must be carefully controlled and limited to equally secure hosts. This restriction ensures that only trusted and secure connections are permitted.

Tyranny of the Urgent

I. Introduction A. Definition of the Tyranny of the Urgent Urgency often leads to prioritizing tasks that seem most pressing, which may not always align with our long-term goals. - Understanding the concept of urgency - How it affects our priorities and decision-making - Highlighting the distortion of priorities B. Importance of managing time effectively Effective time management is not just about being busy but about being productive. Setting priorities, delegating tasks, and ensuring that efforts are directed towards goals that bring the most value.

Guidelines for Detection Engineering in Dynamic Systems

Guidelines for Detection Engineering in Dynamic Systems Hello, detection engineering does not have to be overcomplicated. This article will help you and your team build detection engineering considerations. Find the tools to establish these values and create a table-top exercise game for your team here. Understand the System System Understanding: Begin by gaining a deep understanding of the dynamic system you’re responsible for detecting anomalies in. This involves learning how the system operates, the significance of control actions, the impact of system noise, and the expected behavior under normal conditions.

5 Domains for a sense of place.

This article discusses five different decision-making domains, each with its unique characteristics and approaches: Decision-Making Domain Problem-Solving Method Description Clear Domain Sense–Categorize–Respond Well-understood situations with established rules and clear cause-and-effect relationships. Complicated Domain Sense–Analyze–Respond Complex situations where expertise is needed, and multiple valid approaches are possible. Complex Domain Probe–Sense–Respond Dealing with “unknown unknowns,” where cause and effect are unpredictable. Chaotic Domain Act–Sense–Respond Highly unpredictable situations demanding immediate action to restore order.

Best Practices for Administering Microsoft 365 and Related Services

There is no warranty of this information. Make changes after consulting with your organizations leadership and change management process. Changes you make here will impact your organizations security posture Microsoft 365 admin center Step 1 - Ensure a policy and procedure is in place at the organization: In order for accounts to be effectively used in a break-glass situation, the proper policies and procedures must be authorized and distributed by senior management.

Exploring Attack Patterns: Exploiting Software Weaknesses Beyond Expectations

Exploring Attack Patterns: Exploiting Software Weaknesses Beyond Expectations Quality Assurance efforts usually focus on testing that the feature works as expected. In the security world, we examine the software functions in ways never imagined to give us more access to resources and data. Key Questions for Understanding the Technology To understand a technology or system, consider the following key questions: How does the technology work? What are the data inputs? What are the data outputs?

Sensible Approaches to Passwords

Authentication and Password Strength Guidelines Authentication Solution and Sensitive Accounts Do NOT allow login with sensitive accounts (used internally within the solution) to any front-end user-interface. Do NOT use the same authentication solution (e.g., IDP / AD) for unsecured access (e.g., public access / DMZ) as used internally. Proper Password Strength Controls A critical aspect of authentication is password strength. A strong password policy is essential to protect against unauthorized access.

Understanding the "Account Operators" Group in Active Directory

Active Directory Privileged Access Introduction The challenge of understanding the access privileges of various groups in Active Directory. Often, the full impact of a group’s access is not fully comprehended by the organization. Attackers frequently exploit access, even if it’s not always privileged access, to compromise Active Directory. Components of Access Rights Active Directory group membership. AD groups with privileged rights on computers. Delegated rights to AD objects through modifications of default permissions (for security principals, both direct and indirect).

Living Off The land

Threat Assessment and PowerShell Introduction In a structured approach to threat assessments, defenders turn to multiple reliable sources to provide prioritized best practices for defending against the top five most common attacks observed across the community. Additionally, they focus on threats posed by Cyber Threat Actors (CTAs) who utilize Living off the Land (LotL) attacks. PowerShell and Its Benefits Automation: Administrators can automate tasks using PowerShell cmdlets, reducing the need for manual configurations, especially for tedious tasks.

Disaster Recovery CI-CD

Enhanced Disaster Recovery Plan for Systems Administrators Change Control Considerations before you begin this project Change Control and Implementation Plan Change Control Record A Change Control Record is a crucial component of the change management process. It contains the following key details: Change Request Number: A unique identifier for tracking changes. Change Request Date: The date when the change request was initiated. Requested by - Name and Position: Identify the individual responsible for the change.

How attackers operate

Methods of Gaining Initial Access in Cybersecurity Cyber attackers, like “Octo Tempest,” employ various methods to gain initial access to organizations. These methods include: Social Engineering: Deceptive tactics to manipulate employees. Phone-Based Social Engineering: Tricking users into taking actions like installing malicious software or revealing information. Installing a Remote Monitoring and Management (RMM) utility. Navigating to fake login portals. Removing a FIDO2 token. Manipulating the help desk to reset passwords or change/add multi-factor authentication.

Detection Engineering

Detection Engineering Building an effective detection engineering system requires time, a scope and an understanding of the signals analysis you desire to perform. You should conduct training and assessments of your detection engineering environment focusing on understanding the threat model for your organization. When you consider how you will calcuate ‘risk’ I suggest that you use accessible language, this tool is focused on providing quantification and qualification of risk and even includes a random number generator to roll your chances based on 10,000 roles.

Functions

Functions Functions Overview In the context of a structured process, various functions are performed to ensure the efficient execution of tasks. These functions are organized into different blocks representing specific phases. The following sections provide an overview of these functions within each block. Block: Problem Identification and Change Initiation Function 1 (F1): Identify and Document the Problem User (A) identifies and documents the problem (C) or the need for change (D).

Blocks

Blocks Block: Problem Identification and Change Initiation Task 1: User (A) identifies and documents the problem (C) or the need for change (D). Task 2: Work Role (B) reviews the problem (C) or change (D) request initiated by the User (A) and validates its significance and impact. Block: Change Control Record Creation Task 3: Work Role (B) creates a Change Control Record (F) and fills in the necessary details, including the problem (C) or change (D) description and the affected systems or processes.

User Guide for Graphical Representation

User Guide for Graphical Representation This user guide provides an overview of a graphical representation created using the Mermaid library. The diagram visualizes the relationships and connections between various elements within a system, including an Active Directory structure, a Trouble Ticket Mapping System, Primary Work Role ID Mapping, and Relationship Mapping. Active Directory The “Active Directory” is represented as a subgraph and contains a hierarchy of elements within it: Root (A) is the top-level element.

Act

This is where the rubber hits the road, and it’s your opprotunity to shine. Book a free no obligation call click here

Do

Evaluation/Improvement Phase (Steps 7-10) Step 7: Process Evaluation - Collect and analyze data on the execution of prevention activities. Step 8: Outcome Evaluation - Measure the impact of prevention activities on desired outcomes. Step 9: Continuous Quality Improvement (CQI) - Review data and past decisions to enhance prevention activities. Step 10: Sustainability for a Prevention Activity - Plan for the long-term sustainability of successful prevention activities. Follow these steps to effectively plan, implement, evaluate, and improve your prevention initiatives.

Plan

Planning Phase (Steps 1 -6) Step 1: Assessing Problems and Resources - Identify and select priority problems for your prevention activity. - Understand the available resources. Step 2: Setting Goals and Desired Outcomes - Define a vision, goals, and specific outcomes for your prevention activity. Step 3: Evidence -Based and Promising Practices - Select prevention activities with evidence of effectiveness. Step 4: Assessing Fit for a Prevention Activity - Evaluate how well selected activities fit the target population, community, and mission.

Trouble Ticket

Guide to System Engineering Process Introduction As a systems engineer, your role is crucial in ensuring the stability and reliability of complex systems. This guide will help you understand and navigate the system engineering process using the provided diagram as a reference. 1. Increasing the Time Between Failures The primary goal of a systems engineer is to increase the time between system failures. This can be achieved through the following strategies:

Control Families NIST and ISO

Control Families Control families in information security standards like NIST SP 800-53 and ISO 27001 represent a structured approach to safeguarding critical assets and ensuring the confidentiality, integrity, and availability of sensitive information. These control families are essential for establishing and maintaining robust security practices within an organization. NIST SP 800-53 Control Families Control Family Core Functions Cybersecurity Framework Components Access Control (AC) Manage and restrict access to information systems. Identification and Authentication (IA), System and Communications Protection (SC) Audit and Accountability (AU) Audit system activities and retain audit logs.

External Resources

SKF Framework OWASP SAMM Binary Risk Analysis Security Rat Free Dev tools Analyze Malicious Software HoneyPots Cybersecurity and Tools: Untitled Goose Tool for Azure, Azure Active Directory, and Microsoft 365 Python Cheat Sheet Linux Command Line Cheat Sheet Quick Reference for ChatGPT Deep Learning Cheat Sheet Data Sources and Visualization: 6. Makeover Monday - Data 7. BFI Statistical Yearbook 8. Data.gov 9. Maven Analytics Data Playground 10. Knoema Infographics 11. Sons of Hierarchies - Real-World Fake Data

Meeting Agenda

This page serves as the template for technical meeting agendas, limit meeting sessions to 45 minutes, and technical conversations to not more than 3 per 45 minute period. Meeting Agenda I. Introduction A. Welcome and introductions B. Purpose and goals of the meeting C. Agenda overview II. Review of Previous Action Items A. Recap of action items from the previous meeting B. Update on the progress of each action item C.

Improving Detection and Visibility: A Blue Teaming Approach Agenda Introduction Brief overview of the importance of detection and visibility. Data Source Quality Assessment Administer and score data sources. Evaluate the reliability and accuracy of each source. Endpoint Visibility Gain insights into endpoint visibility. Map your current understanding of endpoint activities. Detection Coverage Mapping Evaluate the coverage of your detection mechanisms. Identify gaps in your detection capabilities. Agenda (contd.) Threat Actor Behaviors Understand common threat actor behaviors.

Mitigations

ACTIONS TO TAKE TODAY TO MITIGATE MALICIOUS CYBER ACTIVITY: Continuously remove and disable accounts and groups from the enterprise that are no longer needed, especially privileged accounts. Enable and enforce multifactor authentication with strong passwords. Store credentials in a secure manner, such as with a credential manager, vault, or other privilege account management solution. Understanding and Mitigating LDAP Query Threats in Active Directory Environments LDAP (Lightweight Directory Access Protocol) is a widely used protocol for accessing and managing directory information services.