Time to start looking into cyber security frameworks. For this episode we’re looking at the the NIST Cyber Security Framework. We’re also explaining what a cyber security framework is and how they can help.

Time for another maintenance episode where we review our systems and management process. This time were looking at our Digital Ocean servers, Automox patch management, Fortinet Firewalls, and the password manager Bitwarden.

Almost roasted our VMware server to death. Don’t do what I did. Enjoy!

LastPass was hacked last year. As LastPass customers we need to evaluate the impact that has on Section 9. Should we continue to use the product? Should we migrate to a different password manager? How do we evaluate a password manager? Consider this the start of a longer conversation about LastPass and password managers.

Found some really interesting and helpful videos. One walks you through an Active Directory hacking lab. Another talks about default configurations and bad passwords as a way to hack into systems. The last one is about building a home lab. These are just what I needed.

Found a video that walks you through the process of setting up an Active Directory Lab for hacking. I wouldn’t be able to do this without a starting point.

Last episode was about my crazy study plan, or lack of one. Time to put together a proper study plan. One that works.

Last episode was about my crazy study plan, or lack of one. Time to put together a proper study plan. One that works.

Time to jump into my crazy, unorganized study process. Trying to study or learn the CISSP, pentesting, risk assessments, and keep up with my current certification requirements. I’ve also signed up for two Antisyphon classes.

Time to create a policy for asset inventory. This will help us define what we need in our asset inventory. It will also help us define what we need in our procedures. The process we use to manage the inventory.

We’re scanning our network with runZero to get an inventory of devices. What did it find? What can we learn from this inventory? How well does it work? fix? Do we have any security controls in place? Can we wait to implement the CIS controls?

We’re in the process of implementing the CIS controls. This will take time. We’re also very busy. Are there any gaping security holes that we need to fix? Do we have any security controls in place? Can we wait to implement the CIS controls?

Time to get an accurate inventory of the devices on our network. Once we have an inventory, we can move on to policies and procedures.

Time for another maintenance episode. This time were going back to the CIS Controls. This time were using version 8. Hoping to implement the first 7.

Time to start learning Azure. We’ve had Azure AD and Microsoft 365 for years. Just added Azure to the mix. Lots to learn.

Time to go down the OSINT rabbit hole. What is it? What are we looking for? What are some of the tools we can use?

Time to dig in and start learning the tools.

Got a new job. This makes our lab environment more important than ever. Some labs will be for me. Others will be for work. We need to make sure everything is working. We also need good documentation. No more messing around.

There could be a new job in my future. Before that happens, we need to organize our IT. We’re looking at patching, Microsoft Defender for Business, and data recovery.

Time for some new projects. Still have a few things to do with Wazuh. Once that’s done, I’ll need something new to work on. Python is the big one. Seems everyone is asking for Python skills these days.