Tags:
Where can we take cybersecurity in the New Year?
Wondering what SANS instructors are resolving to better about their own cybersecurity practices in 2020? Fourteen offer their 2020 resolutions here - from dabbling in new technologies and techniques to changing personal habits, read what our experienced practitioners are planning to prioritize this year.
Justin Henderson: Share More, Mentor More
Justin is a SANS Certified Instructor and author of SEC555: SIEM with Tactical Analysis
Sharing is Caring
One thing I plan to do in 2020 is share more content. Historically, this has been me creating tools or projects on GitHub with little to no documentation. In my heart I believe that the more we share, the more we receive. So, I want to aid blue teamers in building multi-stage labs that mirror enterprise environments as closely as possible. Organizations and individuals have access to a lot of capabilities, but they’re either unaware they exist or don’t know how to use them. I want to solve this where possible via proper documentation, blogs, and webcasts.
Let Your Voice Be Heard
The longer I'm in the cyber defense community the more I know. Yet the more I know, the more I know that I do not know. Sometimes I feel intelligent. Sometimes I feel dumb. I'm not the only one. Unfortunately, this emotional response can push some individuals away -- not because of fear of being challenged but instead from a fear of how peers may perceive them. A true blue teamer never shuns or looks down upon someone willing to learn. Sharing content isn't the only way to progress our industry. A part of it must be acknowledging that the fear is real and that only by a spirit of camaraderie and mentorship can we truly move forward. Via podcasts, webcasts, social media, and blogs, I'd like to share and mentor more. Will you?
Micah Hoffman: Reclaim Privacy
Micah is a SANS Certified Instructor and author of SEC487: Open-Source Intelligence (OSINT) Gathering and Analysis
In the coming year, I’m focusing on reclaiming my privacy and decreasing the amount of personal, consumer, and social data I share on the internet. Since I live in the United States and there are many “People Search Engines” that contain and share my information, I’ll be systematically removing myself and my family from them.
Lenny Zeltser: Track Security Controls
Lenny is a SANS Senior Instructor, primary author of FOR610: Reverse-Engineering Malware, and author of SEC402: Cybersecurity Writing
As the CISO at Axonius, I'm using the NIST Cybersecurity Framework as the basis for our security program, and I appreciate the listing of controls and the associated guidance NIST offers. In 2020, I'm looking forward to increasing the granularity of how I track the evolution of the controls. This might involve relying on the framework's notion of “Implementation Tiers” or on embracing the maturity model published by the CMMI Institute -- though I'm still researching the approach that will work best for us.
When it comes to my personal projects, I'm eager to spend more time with Ghidra when reverse engineering malicious software, so I can bring this expertise into the malware analysis class FOR610 that I teach at SANS. Along these lines, I'll continue to refresh my REMnux distro for malware analysis, so I can release the new version› in the first half of the year.
David Hazar: Fix Vulnerability Management, Dabble in Automation & Integration
David is a SANS Instructor
As an independent contractor, I’m working to help client organizations solve a number of problems, and some patterns have begun to emerge in the kind of issues they are regularly facing. Therefore, I’d like to offer a few resolutions that will likely be valuable for any security organization to take on in 2020.
Solve Your Vulnerability Management Problem
- Identify why your vulnerability management program is failing and create a plan to fix it.
- Stop spending so much time prioritizing vulnerabilities in your environment and dedicate more time to actually fixing the root causes.
- Stop reporting vulnerabilities which cannot be resolved by remediation owners to remediation owners (still report to management).
Automate
- Pick three painful or error-prone processes and automate them out of existence.
- Don’t be afraid to contribute code to help solve complex or recurring problems even if they are not necessarily our problems.
Integrate
- Replace two or three security-specific technologies, which have not yet been purchased or have failed to gain traction, with technologies already used by the business.
- Integrate your current security dashboards into the reporting platform most used by your business stakeholders (or recreate them).
And to close out my suggested resolutions, I have a bit of advice to offer security managers: Stop trying to find cloud security, application security, or DevSecOps experts; instead, identify the people you already have on staff who can code and are willing to learn.
John Hubbard: Improve Coding Skills, Contribute to Open-Source Tools
John is a SANS Certified Instructor and author of SEC455: SIEM Design & Implementation and SEC450: Blue Team Fundamentals
The blue team is leaning more heavily into automation each day, and behind all automation are lines and lines of wonderous code. Python, PowerShell, bash, etc. are useful in numerous daily tasks, and with DevOps and containerization, code is increasingly defining our infrastructure as well. I was never formally trained in computer science, so coding is one of those things I've always figured out when necessary but was never my strongest skill -- and I think 2020 is a great year to work on that. Being fluent in at least one of the languages popular in InfoSec is indispensable for making and contributing to the wealth of open-source tools, as well as connecting the tools together that make a SOC efficient. Therefore, in 2020, it's time to dive in and start writing… this year I plan to contribute to and create open-source projects that can be shared with the cyber defense community!
Keith Palmgren: Focus on Better Passwords
Keith is a SANS Senior Instructor and author of SEC301: Introduction to Cyber Security
All my resolutions circle around improving account security with better passwords:
- Get more people using passphrases instead of passwords
- Get more people to stop using the same passwords at multiple sites
- Get more people to start using Two-Factor Authentication (2FA)
- Get more people using a password manager
Alissa Torres: Dissolve Silos by Building Relationships
Alissa is is a SANS Principal Instructor and co-author of FOR526: Advanced Memory Forensics & Threat Detection
An organizational problem I have recently taken on is universally identified as one of the biggest obstacles to successful incident response: Organizational Silos. While it is true that teams within IT/security have individual micro-missions, we all support the same shared goal of protecting an organization and hardening its security posture. Despite this, cross-team efforts tend to fail due to lack of information sharing or strained communications. Real change typically requires collaboration from several key teams and can be achieved when each team's unique goals and constraints are identified, understood, and respected. So, Cyber Resolution for 2020: Dissolve Silos by Building Relationships.
Chris Dale: Learn Mitre ATT&CK Matrix
Chris is a SANS Certified Instructor
I’ve got three cybersecurity-related resolutions for 2020:
- I'll commit to learning the ATT&CK matrix from Mitre -- each week a new concept!
- I will treat my servers as cattle, not as pets -- infrastructure as code and redundancy for easy patching during production.
- I will climb a few ranks on the CTF/wargame aggregate platform wechall.net.
Stephen Sims: Bring Education to the Marginalized
Steve is a SANS Fellow, Penetration Testing curriculum lead, Cyber Defense Essentials curriculum lead, and author of SEC760: Advanced Exploit Development for Penetration Testers
My cyber resolution for 2020 is to follow through on my goal to bring cyber-related education and resources to marginalized communities and high schools in the United States. SANS has many great programs already and I know that we can do even better!
[Learn about the SANS CyberTalent Immersion Academies programs.]
Matthew Toussain: Lower the Cyber Barrier to Entry
Matthew is a SANS Certified Instructor
I take time to think on this every year. I generally come up with a goal, mantra, and quote. Here they are for 2020:
Personal Goal: This year I'd like to focus on doing my part toward lowering the barrier to entry to cybersecurity education. Every bit helps, from being available to sharing information. This year I'd like to focus on making that easy to come by. Joining the cybersecurity community shouldn't be reserved for the elite.
Mantra: All paths are paths
Quote: “Talent and genius operate outside the rules, and theory conflicts with practice.” -- Carl von Clausewitz
Ovie Carroll: Refresh Passwords, Cut Down on Paper
Ovie is a SANS Principal Instructor and co-author of FOR500 Windows Forensic Analysis
I’m going to completely revamp all my passwords in January, with the first step being to ensure two-factor authentication is turned on with every service that offers it. More importantly, I will ensure all my passwords are complex and don’t repeat across sites.
While I’ve already gone mostly digital by this point, in 2020 I’m dedicated to going the last mile. I’ll systematically work to remove myself from lists that might send paper mail. I’ll start by opting out of all telemarketer calls, digital marketing mail, and prescreened credit and insurance offers. I’m committing myself to accomplishing this by the end of January, and here’s how you can do the same:
- To stop most telemarketers, register your phone numbers at www.donotcall.gov, or call 1-888-382-1222 from the phone number you wish to register.
- To stop receiving mail from consumer reporting companies, you can opt out permanently or for a five year period by visiting www.optoutprescreen.com, or call 1-888-5-OPT-OUT.
- To stop direct marketing mail and email for a period of 10 years, you can register at the Direct Marketing Association’s consumer website, www.DMAchoice.org ($2 processing fee applies).
Jonathan Risto: Help Family, Help Organizations
Jonathan is a SANS Instructor
In relation to my family, in the new year I want to better educate my children with respect to the dangers and the problems that can occur online -- to help them be more cyber aware of all the problems that are out there and, appropriate for their ages, how they can better protect themselves. While I have discussed items with them over the years, I feel we can always do better, so I want to help them better protect themselves.
In relation to my SANS course instruction, in 2020 I want to continue to provide information on vulnerability management to a much broader audience. We have created the MGT516 course, and I will continue to teach that as often as I can. I want to continue to show how we are getting the information out to everyone. From webcasts to blogs to presentations to SANS Summits to whatever we can do, I want to help ensure organizations are better equipped to deal with the problems we face.
Chad Tilbury: Spread the Word on Threat Hunting Techniques
Chad is a SANS Senior Instructor and co-author of both FOR500: Windows Forensic Analysis and FOR508: Advanced Digital Forensics, Incident Response, and Threat Hunting
My 2020 resolution is simple: Spread the word and help as many clients as possible implement command-line and script-block auditing. As advanced adversaries continue to “live off the land,” blending in with increasingly potent PowerShell and WMI, there really is no better opportunity for hunting and curtailing attacks. With so many available options – Windows eventing, Sysmon, EDR – this is absolutely achievable!
Jon Gorenflo: Learn More, Do More, Share More
Jon is a SANS Certified Instructor
My personal motto for this year is “Learn more. Do more. Share more.” I’m going to sharpen some existing skills and develop some new ones so I can create some useful tools. Then I’m going to share what I learn and create along the way via GitHub, blogs, social media, talks, and webcasts.