Internal security trainings and awareness awards | ESM part 7

Conduct recurring security trainings

Videos and online presentations are good, but nothing can really replace quality in-person meetups. Show as many demos as possible and don’t stick do overloaded PowerPoint presentations which put people to sleep.
It’s fine to share raw technical details as a recap materials, but while starting out you must make people excited about the subject, otherwise it’ll be just another corporate training which they’ve attended only because it’s obligatory.

Continue reading “Internal security trainings and awareness awards | ESM part 7”

Embrace DevSecOps | ESM part 6

Concept of purple teaming is something I felt in love with many years ago when I was experimenting with various ways to make myself more effective. Everything has changed — in a good way — when I started embracing culture of collaboration where attackers and defenders work together to create best possible way of securing the products.
We’re out there to help secure business by working with all stakeholders, not to just pwn stuff and laugh at people who made a mistake. Being a pwn-all-the-things rockstar asshole is overrated and while fun in short term, gives terrible results long-term.
Purple teaming for the win and let’s see how this great concept can be applied into day to day business operations that go beyond security red and blue teaming. Continue reading “Embrace DevSecOps | ESM part 6”

Start small and early | ESM part 1

 

Start small

Take baby steps to show everyone in your company that security doesn’t need to be tangled and complex. If you show people that it takes 3 clicks to secure their computer more, their mindset will change and they’ll be eager to implement more of such hassle-free solutions. Do the things that have the biggest ROI and lowest cost of implementation and then steadily increase the complexity of security requirements. Continue reading “Start small and early | ESM part 1”

Peerlyst ebook: Essentials of Cybersecurity

Essentials of CyberSecurity is a crowdsourced ebook written by @Peerlyst community. I wrote the chapter ‘Building corporate security culture’ with following preface, which should give you a solid context for the message I tried to convey in my article. Continue reading “Peerlyst ebook: Essentials of Cybersecurity”