#SecurityArchitecture

Security Arch Friends - @sarahyo and I still need your help 🙏

We are a 1/4 of the way there but need more people to respond to our survey particularly from:
- #africa (currently at 2%)
- #southamerica (currently at <2%)
- #europe #eu (currently at <20%)
- #Asia & #northamerica (currently at just over 20%)
- #Oceania (this is tracking well)

If you are a Security Architect, know someone in one of these regions, have an internal team of security architects, or are a community of security architects, please help fill this out or forward it on - forms.gle/MVfEC2bbDkgNEaHY9

Thanks everyone.
#SecurityArchitects
#securityarchitecture
#sabsa
#cybersecurity

Slim Bill (He/Him)wjmalik@noc.social
2024-12-06

Cybersecurity Business Architecture
A Bit of Security for December 6th, 2024
Tim Brown of SolarWinds described the response to the SunBurst attack. He shows us how to build a high-performance cybersecurity business architecture. Listen to this - youtu.be/SEh5WklfQGo
Let me know what you think!
#cybersecuritytips #securityarchitecture #HIPO #BPO #BitofSec

Security architects we still need you!

@sarahyo and I are conducting research on the role of the #securityarchitect, with the intention of understanding the pathways, roles and responsibilities, and demographics of this misunderstood role.

In order to get a good sample of data, we need more responses. This will help us obtain a balance of information globally so we can make recommendations and suggestions going forward so we can shine a light on perception vs reality of this role.

In particular, we need more responses from the Americas, Europe and Africa.

If you are a #securityarchitect, know someone who is, please fill this out or pass it on.

forms.gle/ZeoQSvoWAbDQKDHZA

#securityarchitecture #securityarchitects

@sarahyo and I doing a big piece of research on the role of security architect. Ideally, we hope our research will pave the way for a clear pathway into this role, really see what the role entails, and hopefully encourage more people into this role.

So far we have about 140 entries, but we want to get much moreeeeeee data!.

If you are a security architect, know a security architect, or have a team of security architects at your place of employment, could you PLEASE fill this out for us or forward it onto someone in this role 🙏

We are really excited to publish the data but we need MORE #securityArchitect
NO PII is collected.

If you could help us, that would be greatly appreciated.
forms.gle/SoDezF1Qdhu3j8Bj6

Thankyou all so much if you can help.
Lidia and Sarah.

#security #SecurityArchitects #securityarchitecture #securityArchitect

2023-06-19

Do you still use a 3rd party mail gateway / filter in front of your #M365 environment?
I feel like it could actually be of more harm then good but would like to hear your opinion on this.

#infosec #email #MailGateway #securityarchitecture

Vendor management is operations for security architects.

#InfoSec #SecurityArchitecture #VendorManagement

2023-02-04

One of the most accurate large enterprise architecture diagram sets I’ve seen .

Artist: @manu

#securityarchitecture

2023-01-20

Would You Accept an Inconvenience To Prevent a Data Breach?

Addressing the rise in credential and session compromise
~~~~~~
by Teri Radichel | Jan, 2023
#cloudsecurity #iam #mfa #separationofduties #securityarchitecture #circleci #oktapus

medium.com/cloud-security/woul

2023-01-19

Make it easier to find malware targeting your users: If you’re designing (or redesigning) your web presence and it includes login or authentication functionality of some sort, consider making your authentication cookie names unique to your system.

For example, instead of calling your authentication cookie “auth” or “session,” maybe call it “blue_tiger_cub” (completely contrived example). Now, if you’re hunting for credtheft or infostealing malware targeting your brand, your searches just got a whole lot more targeted.

This does have me thinking though…could you rotate the authentication cookie name on a regular basis?

Or maybe we could just move away from cookies for session management and use an extended version of something like #webauthn to sign every single request, but I digress…

#malware #webauthentication #cookies #securityarchitecture #threathunting #yara

CyberGladius :verified:CyberGladius@cybergladius.social
2023-01-05

I spent waaaay too much time creating secure administrative scheduled tasks in #Windows. So I made a blog post to walk others through the process. Check it out!

cybergladius.com/secure-window

Also, doing the same thing in Linux is so much easier! ugh... Windows...
#windowssecurity #securityarchitecture #cybersecurity

2022-12-08

Removing the Barriers to Security Automation Implementation securityweek.com/removing-barr Implementation of security automation can be overwhelming, and has remained a barrier to adoption
read more #SecurityArchitecture #INDUSTRYINSIGHTS

2022-11-22

A few #introductions:

I run Systems Structure Ltd., a US consultancy that provides fractional CISO services for pre-A to post-C round #startups, along with #threatmodeling training and #securityarchitecture reviews.

I've been working in #security since 2003 and did a spell in NGOland from ~2011 to 2016, working with NGOs and news organizations targeted by states and on tools they use, including the #briar messaging app. The field work I did then fundamentally reshaped my approach to security, and I recommend that everyone in the field learn about the reality of being a high-risk user.

I live in #Helsinki the days, although in the before times (and hopefully soon again) I spent a fair bit of time in #NYC and #London. I run a #queer performance space out of my home, along with my partner, called The Attic (@theatticfi on insta), where we make space for #drag, #burlesque, #performanceart, and music, along other things. Before I moved here, I spent six or so years traveling full time.

I have written various essays over the years, which you can see on dymaxion.org, and I'm slowly writing a book. While security pays the bills, I spend a lot of my time thinking about #complexsystems, and in particular how the human and technical bits mesh, how they fail, and how to redesign them to fail better. In practice, this has meant everything from consulting on a constitution to thinking about what comes after the #climate apocalypse. The "recruiting barbarians" in my bio refers to being more comfortable outside of institutions, but I'm starting to think more about community and infrastructure building now that I live somewhere.

I'm also an #artist; I paint and am slowly learning my way around a #synthesizer, and I've been accused of being an #architect. I'm active in the #nordiclarp scene, where we take larp serious as a dramatic form and do everything from a reworking of Hamlet played at the actual Elsinore castle to a larp about the early days of the HIV crisis. I'm primarily a theorist and critic there, as well as player, and I've edited two books and written a number of essays. Nordic larp has the best toolkit I've seen anywhere for analyzing the human parts of complex systems and especially for building new systems; it's heavily influenced my security work, along with my #designfutures thinking.

2022-11-18

Happy #twittermigration

New to mastodon, but hoping to find the friendly infosec community that I know and love.

#hacking #securityarchitecture #purpleteam #reverseengineering #drones #hardware #bouldering #greatoutdoors

Paul Reynolds :verified:ren@infosec.exchange
2022-11-13

Having learned #introductions are a thing, here goes.

I've worked in tech for >25 years, starting in support and writing apps amd basic games on my.own time.

A fairly winding road took me through systems engineering, technical architecture, solution architecture,. enterprise architecture and now cybersecurity consultanccy and architecture.

I write books on cloud computing, content for security websites, and.spend my days offering security consultancy to those needing it. I'm pretty heavily into #azure #aws #networksecurity #govtech #fintech #healthtech and #saas and in my spare time I'm a Trustworthy AI Researcher.

Also a married father of three, a pretty tidy guitar player, an enthusiastic gamer (halo), and a shitty but enthusiastic skateboarder.

Good to meet you 🍺

#introduction #securityArchitect #securityarchitecture #securityconsultant #CyberWriter

2022-10-28

Apple Paid Out $20 Million via Bug Bounty Program securityweek.com/apple-paid-ou Apple has launched a new security research blog and website, which will also be the new home of the company’s bug bounty program.
read more #SecurityArchitecture #Management&Strategy

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst