This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more.
Today we're joined by some of our friends at Arctic Wolf - Eugene Grant and Christopher Fielder - to talk about compliance. Now hold on - don't leave yet! I know for many folks, compliance makes them want to bleach their eyeballs. But compliance is super important - especially because it is not the same as being secure. So we discuss the differences between security and compliance, and practical work we can do to actually be more compliant and secure, including:
- Knowing what you have (assets, installed software, etc.) - Rumble is a cheap/free way to find out!
- Creating core policies and procedures that you will actually follow
- Learning about security frameworks that will help you build a security program from scratch
- Preparing for your first (or next) pentest. Tools like PingCastle and BloodHound can help find hacker low-hanging fruit!
- Knowing where your crown jewels are - be that data, a database, a key system, etc.
- Writing critical documentation - especially backup/restore procedures.
- Forming a security "dream team" to help drive your program
- Asking the right security maturity questions at your next job interview (so you don't get hired into a dumpster fire!)