7 Minute Security
534 episodes - English - Latest episode: over 1 year ago - ★★★★★ - 63 ratings7 Minute Security is a weekly information security podcast focusing on penetration testing, blue teaming and building a career in security. The podcast also features in-depth interviews with industry leaders who share their insights, tools, tips and tricks for being a successful security engineer.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
7MS #333: Pentesting Potatoes
October 26, 2018 02:52 - 13 minutes - 18.1 MBThis week I was in lovely Boise, Idaho doing some security assessment work. While I was there I got to hang out with Paul Wilch and some of the Project7 crew and picked up a lot of cool tools and tips I share in today's episode: The Badger Infosec group did a cool Rubber Ducky demo. Dan from DDSec did a demo of PlexTrac which is "the last cybersecurity reporting tool you will ever need." I'm actually going to use PlexTrac for my next few assessments and am working to line up a future inter...
7MS #332: Low Hanging Hacker Fruit
October 17, 2018 14:14 - 8 minutes - 11.1 MBIn this episode I'm releasing a new document aimed to help organizations eliminate low hanging hacker fruit from the environment. The document contains (relatively) cheap and (relatively) easy things to implement. And my hope is it can be a living/breathing document that will bulk up over time. Got things to add to this list? Then please comment on the gist below!
7MS #331: How to Become a Packtpub Author - Part 3
October 10, 2018 13:34 - 7 minutes - 10.7 MBIt's done! It's done!! It's DONE!!! That's right mom, my PacktPub course called Mastering Kali Linux Network Scanning is done! In today's episode I: Recap the course authoring experience Explain my super anal retentive editing process that takes 4 hours for every 10 minutes of produced video Admit some last minute mistakes that about made me quit the whole project With the holidays coming up, this course is a perfect gift for that IT or security person in your life :-). Buy them a co...
7MS #330: Interview with Nathan Hunstad of Code42
October 03, 2018 18:20 - 52 minutes - 72.2 MBIn today's episode, I'm excited to be joined in the studio by Nathan Hunstad, Director of Security at Code42. Nathan and I had a great chat about Code42's new security offering called Code42 Forensic File Search, which helps IT and security teams figure out where files are located across their enterprise - even if the endpoints are offline. This functionality lends itself to a number of interesting use cases and helps answer questions such as: "Does known malware have, or has it ever had, a...
7MS #329: Active Directory Security 101
September 27, 2018 16:52 - 21 minutes - 29.8 MBToday's episode is brought to you by my friends at Netwrix. Their amazing Netwrix Auditor tool gives you visibility into what’s happening both on your local network and cloud-based IT systems and tells you about critical changes, and when and where people have been accessing data. Give it a spin right in your browser here, and then try it in your environment free for 20 days! www.netwrix.com Welcome! Today I'm kicking off a new miniseries all about the fundamentals of Active Directory secu...
7MS #328: How to Succeed in Business Without Really Crying - Part 5
September 19, 2018 21:50 - 28 minutes - 39.5 MBThis episode is a cavalcade of fun! Why? First, I've got a big announcement: I've accepted a new position. "What?!" exclaimed my mom. "I thought you were president of 7MS, what the what?" No worries, it's business as usual, and my responsibilities at 7MS aren't changing. But I'm also going to start writing blogs, nurturing a Slack channel and producing a podcast for somebody else each week. Tune in to find out who! Oh, and I also conclude this episode with a song from my band, Sweet ...
7MS #327: Interview with John Strand
September 13, 2018 03:24 - 46 minutes - 64.1 MBToday's episode is brought to you by my friends at Netwrix. Their amazing Netwrix Auditor tool gives you visibility into what’s happening both on your local network and cloud-based IT systems and tells you about critical changes, and when and where people have been accessing data. Give it a spin right in your browser here, and then try it in your environment free for 20 days! www.netwrix.com Well I'm geeking out big time because today I chatted with John Strand of Black Hills Information S...
7MS #326: Interview with Ryan Manship and Dave Dobrotka
September 06, 2018 04:54 - 1 hour - 129 MBToday's episode is brought to you by my friends at Dashlane, a fantastic password manager for you, your family and your business! Head to www.dashlane.com/7ms and use the code 7MS for 10% off a year of Dashlane Premium! Today I'm super pumped to be joined by Ryan Manship of RedTeam Security and Dave Dobrotka of United HealthGroup. Both these guys lead red teams for a living and had a lot of great insight to share as it relates to: The definition of "red teaming" and where it overlaps, if ...
7MS #325: Integrating Pwned Passwords with Active Directory - Part 2
August 30, 2018 12:35 - 19 minutes - 26.7 MBToday's episode is a follow-up to #304 where we talked about how you can integrate over 500 million weak/breached/leaked passwords form Troy Hunt's Pwned Passwords into your Active Directory. To get started with this in your environment, grab Troy's updated passwords list here, and then you can check out my BPATTY site for step-by-step implementation instructions. The big "gotchas" I discuss in today's episode are: If users update their password to something on the Pwned Passwords list,...
7MS #324: How to Succeed in Business Without Really Crying - Part 4
August 23, 2018 14:21 - 20 minutes - 28.6 MBIt's been a while so I thought I'd update you on how things are going on the business front. Here are the big updates I want to share with you in today's episode: A new 7MS hire that's going to hunt sales opportunities! My approach to finding podcast sponsors (it seems to be working) Some kick-butt interviews that are on the horizon (including the one and only JOHN STRAND!) Lots of goodies to share today!
7MS #323: 7 Ways to Not Get Hacked
August 16, 2018 21:05 - 18 minutes - 25 MBI'm putting together a general security awareness session aimed at helping individuals and businesses not get hacked. To play off the lucky number 7, I'm trying to broil this list down to 7 key things to focus on. Here's my list thus far: Passwords 2FA/MFA Wifi (put a good password on it, don't use WEP, don't use WPS Sign up for HaveIBeenPwned Update all the things Block malware/mining with browser plugins Security awareness training What do you think? Anything I missed or shou...
7MS #322: My First Live Radio Interview
August 09, 2018 14:53 - 53 minutes - 73.4 MBI had an exhilarating and terrifying experience this week doing my first ever live radio interview! As a quick bit of background, this interview was part of the 7MS radio marketing campaign that I've talked about my "How to Succeed in Business Without Really Crying" series (here's part 1, 2 and 3). The interview was conducted by Lee Michaels, and though my heart was pounding for the first few minutes, it quickly became fun as Lee and I talked about picking good passwords, securing wifi, ...
7MS #321: Interview with Joe Klein - Part 2
August 01, 2018 19:09 - 1 hour - 147 MBToday's episode is brought to you by ITProTV. Visit itpro.tv/7ms and use code 7MS to get a FREE 7-day trial and 30% off a monthly membership for the lifetime of your active subscription. Today's episode is a follow-up interview with Joe Klein, who is my good pal, a former coworker, and a SOC analyst extraordinaire. You might remember Joe from things such as...this podcast - episode #290 to be exact. When we last left Joe, he had just started an exciting new journey as a SOC analyst, and a...
7MS #320: Interview with Lane Roush of Arctic Wolf
July 25, 2018 14:24 - 1 hour - 86.9 MBToday's episode is brought to you by ITProTV. Visit itpro.tv/7ms and use code 7MS to get a FREE 7-day trial and 30% off a monthly membership for the lifetime of your active subscription. This week I sat down with Lane Roush of Arctic Wolf to discuss the big hairy beast that is...(insert dramatic music here) logging and alerting! I work with a lot of clients (and you probably do too) who want answers to these questions: What in the world is going on in my network? How will I know if bad s...
7MS #319: Sniper and Firewalls Full of FUD
July 20, 2018 00:17 - 18 minutes - 9.94 MBToday's episode is brought to you by ITProTV. Visit itpro.tv/7ms and use code 7MS to get a FREE 7-day trial and 30% off a monthly membership for the lifetime of your active subscription. In today's episode, I talk about my fun experience using the Sn1per automated pentesting tool. It's really cool! It can scan your network, find vulnerabilities and exploit them - all in one swoop! It also does a nice one-two punch of OSINT+recon if you feed it a domain name. And, I tell a painful story ab...
7MS #318: Interview with Bjorn Kimminich of OWASP Juice Shop
July 11, 2018 13:01 - 1 hour - 82.7 MBToday's episode is brought to you by ITProTV. Visit itpro.tv/7ms and use code 7MS to get a FREE 7-day trial and 30% off a monthly membership for the lifetime of your active subscription. This week's show is another interview episode - this time with my pal Bjorn Kimminich of the OWASP Juice Shop. If you've never heard of the Juice Shop before, it's the world's most secure (and I mean that sarcastically) online shopping experience. Actually, it's chock full of security issues, which makes ...
7MS #317: Interview with Justin McCarthy of StrongDM
July 05, 2018 16:58 - 48 minutes - 66.1 MBToday's interview features Justin McCarthy, CTO and cofounder of StrongDM, which offers both commercial and open source tools (like Comply) to help customers with SOC compliance. Justin schooled me (in a nice way) about a lot of things, including: What SOC and the various SOC types are all about What SOC compliance costs What to look for in selecting a good auditor Tools that can help companies make SOC compliance efforts go more smoothly
7MS #316: How to Succeed in Business Without Really Crying - Part 3
June 28, 2018 02:44 - 22 minutes - 31.4 MBIn this episode I wanted to give you some cool/fun updates as it relates to 7MS the business! Specifically: A new member of the 7MS team (kinda!) The weird and varied projects I'm working on Upcoming podcast sponsors (probably in July) 7MS has a "real" office coming soon to the southern metro of MN (hopefully!)
7MS #315: Creating a Personal DR Plan - Part 2
June 21, 2018 04:55 - 11 minutes - 6.35 MBAs a continuation of last week's episode I'm now making a bit of progress in finding a good backup solution that protects USB backups both at rest and when pumped up to the cloud. I mentioned I've been using BackBlaze for backups (not a sponsor), and they allow you to backup USB drives as long as they're connected at least once every 30 days. That's cool. However, many of my USB drives are not encrypted, and I want to protect myself in the off chance that someone breaks in and steals all m...
7MS #314: Creating a Personal DR Plan
June 13, 2018 22:29 - 15 minutes - 21.5 MBYou probably create DR plans for your business (or help other companies build them), but have you thought about creating one for yourself? Yeah, I know it's grim to think about "What will my loved ones do to get into my accounts, backups, photos, social media accounts..." but it's probably not a bad idea to prepare for that (spoiler alert: we all die at some point). Today I talk about how I'm beginning to build such a plan so my wife can take over for my/our online accounts. This plan incl...
7MS #313: Push-Button Domain Admin Access
June 07, 2018 22:00 - 18 minutes - 25.6 MBAs I was preparing for my Secure 360 talk a month or so ago, I stumbled upon this awesome article which details a method for getting Domain Admin access in just a few minutes - without cracking passwords or doing anything else "loud." The tools you'll need are: PowerShell Empire DeathStar Responder Ntlmrelayx I've written up all the steps in a gist that you can grab here. Enjoy!
7MS #312: OFF-TOPIC - Boxing a Cat
May 30, 2018 21:18 - 18 minutes - 10.1 MBIt has been a heck of a week (in a good way), and I'm taking a break from security so you can help me untangle a mystery that's been wrapped around my brain for years. I need you to help me figure out what this dude meant when he said that something was as frustrating "as boxing a cat." P.S. if you hate off-topic episodes no worries! We'll be back to our regularly scheduled security program next week!
7MS #311: How to Build a Cuckoo Sandbox
May 24, 2018 13:04 - 15 minutes - 8.63 MBThis week I dove into building a Cuckoo Sandbox for malware analysis. There are certainly a ton of posts and videos out there about it, but this entry called Painless Cuckoo Sandbox Installation caught my eye as a good starting point. This article got me about 80% of the way there, and the last 20% proved to be problematic. I got some additional answers from the Cuckoo documentation but still left some answers to be desired. Through a lot of Googling, banging my head against the wall and...
7MS #310: Secure the Radio Commercials
May 18, 2018 18:37 - 12 minutes - 17.4 MBLast week I was in the recording studio to record three 7MS commercials aimed at churches. The goal was to educate them on some security topics and close with a "hook" to contact 7MS for help securing your church. The commercials themselves are embedded in this episode so please have a listen and let me know what you think! I'll also let you know (via the podcast) when these commercials hit the air. It's likely the station won't air in your area, but you can catch it on the interwebs if yo...
7MS #309: Password Cracking in the Cloud - Part 2
May 09, 2018 12:42 - 13 minutes - 7.26 MBCracking passwords in the cloud is super fun (listen to last week's episode to learn how to build your own cracking box on the cheap at Paperspace)! In the last couple weeks, customers have asked me about doing a password strength assessment on their Active Directory environment. I asked around and read a bunch of blogs and found a method that I think: Extracts the hashes safely Parses down the dump to contain only the hashes (so that if somebody popped my Paperspace cloud-crackin' box,...
7MS #308: Password Cracking in the Cloud
May 02, 2018 13:11 - 11 minutes - 6.4 MBI had an absolute ball this week trying to figure out how to crack passwords effectively, and on the cheap, and in the cloud. Today's episode goes into much more detail, and embedded below is the Gist of my approach thus far. If you've got things to add/suggest to this document, let me know! P.S. if you don't see the gist because you're reading this in a podcast-catching app, head to https://7ms.us and look up today's episode and you'll see the gist in all its gisty glory!
7MS #307: Writing Security-Focused Radio Commercials
April 25, 2018 12:51 - 12 minutes - 7 MBHey, so this week I am without my main machine - thus no jingle or "jungle boogie" intro music. Feels weird. Feels real weird. Anyway, ya know how I teased last week that 7MS could possibly be coming to a radio station near you? Well I think it's more of a probability than a possibility at this point! I met with a radio exec a few weeks ago and we talked about: Lots of people still listen to the radio (who knew?) Creating a "security minute" spot that would lead to a commercial about ...
7MS #306: A Peek into the 7MS Mail Bag - Part 2
April 19, 2018 14:52 - 18 minutes - 25.4 MBWe've dug into some pretty technical topics the last few weeks so we're gonna take it easy today. Below are some FAQs and updates I'll cover on today's show: FAQs What security certs should a sales person get? What lav mic should I get for podcasting? How do I know if I'm ready to take the OSCP? When are you gonna do some more YouTube videos? When will the PacktPub project be done? Updates Don't forget to check out these new and/or updated pages on BPATTY: Caldera LAPS PwnedPass...
7MS #305: Evaluating Endpoint Protection Solutions - Part 2
April 12, 2018 20:13 - 11 minutes - 16.3 MBToday is part two of evaluating endpoint solutions, where I primarily focus on Caldera which is an adversary simulation system that's really awesome! You can essentially setup a virtual attacker and cut it loose on some test machines, which is what I did as part of an endpoint protection evaluation project. The attacks simulated are from Adversarial Tactics, Techniques & Common Knowledge (ATT&CK) project. So the big question is...did any of these endpoint solutions catch some of the simula...
7MS #304: Integrating Pwned Passwords with Active Directory
April 05, 2018 14:20 - 17 minutes - 23.6 MBI've been super pumped about Troy Hunt's Pwned Passwords project ever since it came out - especially when I saw a tweet about using it in Active Directory so that enterprises could essentially stop people from picking previously pwned passwords! That led me to explore the following two solutions: Pwned Passwords DLL This blog entry has everything you need to get started with this GitHub project. If you've got some coding skillz you can probably give everything a quick read and have the D...
7MS #303: Evaluating Endpoint Protection Solutions
March 29, 2018 02:20 - 14 minutes - 20.3 MBI'm working on a fun project right now where I'm evaluating endpoint protection solutions for a client. They're faced with a choice of either refreshing endpoints to the latest gen of their current product, or doing a rip and replace with something else. I've spun up a standalone AD environment with ~5 Win 10 VMs and nothing on 'em except a current set of patches. The idea is I can assign each workstation VM an install of INSERT_NAME_OF_POPULAR_AV_VENDOR_HERE and have somewhat of a "bake o...
7MS #302: Bunnies and Bloodhounds
March 22, 2018 20:58 - 16 minutes - 23.3 MBI've had a fun week with a mixed bag of security related stuff happening, so I thought I'd throw it all in a big stew and cook it up for today's episode. Here are the highlights: Bash bunny preso I had a fun opportunity this week to speak to some property managers about the threats the Bash Bunny poses to an environment. Specifically I showed the one-two punch of: How BB can steal your wireless network pre-shared keys that are saved to your PC How BB can go into "Responder mode" to cap...
7MS #301: CredDefense
March 15, 2018 04:16 - 15 minutes - 20.7 MBIntro CredDefense is a freakin' sweet tool from the fine folks at Black Hills Information Security that does some really nifty things: Password filter Lets say you use the out-of-the-box password policy that comes with Active Directory, and you want to change your password to Winter2017! - AD is gonna say "Yeah dude/dudette, go for it...it fits the bill!" But from an attacker's perspective we know this is bad - people love to pick bad seasonal passwords like Winter2017, Summer2019, etc...
7MS #300: Windows System Forensics 101 - Part 2
March 09, 2018 03:42 - 16 minutes - 22.1 MBIn today's continuation of last week's episode I'm continuing a discussion on using free tools to triage Windows systems - be they infected or just acting suspicious. Specifically, those tools include: FTK Imager - does a dandy job of creating memory dumps and/or full disk backups of a live system. You can also make a portable version by installing FTK Imager on a machine, then copying the C:\Program Files\wherever\FTK Imager\lives to a USB drive. FTK on the go! Redline grabs a full forens...
7MS #299: Windows System Forensics 101
February 28, 2018 23:45 - 10 minutes - 15 MBI had the privilege of creating a Windows System Forensics 101 course/presentation for a customer. The good/bad news is there is so much good information out there, it's hard to boil things down to just an hour. For the first part of the presentation, I focused on Mark Russinovich's technique of using Sysinternals as the primary surgical tool. This approach includes things like: Use Process Explorer to find processes with no signature and/or description. Put any suspicious processes to s...
7MS #298: How to Succeed in Business Without Really Crying - Part 2
February 15, 2018 02:24 - 17 minutes - 23.7 MBLast week I talked about how business has been going with the LLC. Today I answer some additional questions that I didn't have time to address: How I'm finding leads/projects to work on (TLDR: I'm NOT sending 1TB of PDFs to people, spamming them, calling them endlessly or LinkedIn'ing everybody and their mom) The interesting conversations I'm having with customers who seem a little tired of the traditional pentest/assessment song and dance (spoiler alert: they're looking for people with so...
7MS #297: How to Succeed in Business Without Really Crying
February 08, 2018 03:59 - 16 minutes - 22.7 MBIntro Here's some of the "juice" that has helped 7MS have a successful start: Support system Ok so I think if you're going to have a successful business, you need an awesome support system. Mine consists of some of these things: Faith - I'm a Christian and pray about this business constantly. In fact I learned really quickly how easy it is to brag about your rock-solid faith when everything is going fine. And then when suddenly the rug is pulled out from under you, you find what your ...
7MS #296: WEFFLES - Windows Event Logging Forensic Logging Enhancement Services
February 01, 2018 14:41 - 14 minutes - 20.3 MBWEFFLES are delicious! WEFFLES stands for Windows Event Logging Forensic Logging Enhancement Services and is Microsoft's cool (and free!) console for responding to incidents and hunting threats. I had a chance to play with it in the lab this week and for the most part, the install of WEFFLES went well, but I had one minor issue that was cleared up easily. As I went through the MS TechNet article, I wrote a full install write-up on my BPATTY site. So go gobble up some WEFFLES and let me...
7MS #295: Interview with Kevin Keane
January 25, 2018 03:57 - 59 minutes - 81.6 MBToday I'm excited to be joined by my friend and advisor Kevin Keane (Twitter / LinkedIn) who is a lawyer, blogger, keynote speaker, business advisor, and just all around great guy. Kevin and I sit down to talk about: How SMBs can take some productive security baby steps How to get the most value out of your next security consultant engagement Can breaches ever be funny? What is the Trust Calculus? Do I need to care about GDPR? That and much more is coming up today on this special i...
7MS #294: GDPR Me ASAP
January 18, 2018 03:53 - 11 minutes - 15.3 MBGDPR in a nutshell GDPR, in a nutshell, is a set of legal regulations focused on the privacy of personal information for EU citizens - no matter where they are. Entities that store and/or process personal information about EU citizens must clearly explain to the citizens what data is being stored and processed, and any parties the data is being shared with. The citizens must opt-in and agree to each instance or reason that their data is being stored and processed. The citizens also must be...
7MS #293: How to Become a Packtpub Author - Part 2
January 04, 2018 00:13 - 15 minutes - 20.8 MBBack in episode 280 I talked about how I started working with PacktPub to start authoring a video course on vulnerability scanning using Kali. Since that episode I've found that recording and editing high quality video clips is taking waaaaaayyyyyyyyyyy longer than I'd like, but it's worth it to create good stuff! PacktPub authored a tool called Panopto to make videos, but I found it a little frustrating to work with, so I'm going with the following janky - but functional - recording setup...
7MS #292: OFF-TOPIC - How I Nearly Killed My Sister with a Snowball
December 28, 2017 06:55 - 11 minutes - 16.4 MBHey folks, I had originally planned to cover the CredDefense toolkit but I couldn't get it working. I'm basically having the same issue that someone reported here. Sooooo....will have to save that for next week. In the meantime, this episode features a story about how I nearly knocked a retina out of my sister's face with an ice ball when I was about 8 years old. Yep, she's still mad about it, but I think 2018 is the year for forgiveness! Enjoy, and we'll talk to you in 2018. Blessings t...
7MS #291: The Quest for Critical Security Controls - Part 4
December 21, 2017 02:10 - 13 minutes - 18.4 MBDid I mention I love the Critical Security Controls? I do. And here's an absolute diamond I found this week: This site (http://www.auditscripts.com/free-resources/critical-security-controls/) offers awesome CSC-mapping tools (and they're free!), specifically: A spreadsheet with how the CSCs map to other popular frameworks like ISO and NIST A manual assessment tool for measuring your org - or someone else's org - against the CSCs. Flippin' sweet right? RIGHT! Also, be sure to come and Sl...
7MS #290: Interview with Joe Klein
December 14, 2017 03:21 - 52 minutes - 71.5 MBMy pal and former coworker Joe Klein joins me in the virtual studio to discuss: His career as a diesel mechanic and insurance guru How to leave a stable job, take a huge pay cut and start a risky infosec internship (sounds like the name of a broadway musical!) The start of his new career as a SOC analyst The importance of having a career cheerleader/mentor Being hungry for knowledge and certifications without being ashamed or afraid to look like a newb CompTIA Security+ and Cisco ...
7MS #289: I'm Dipping My Toes in Windows Forensics
December 07, 2017 03:30 - 13 minutes - 18.7 MBTwo weird things happening in this episode: I'm not in the car, and thus not endangering myself and others while podcasting and driving! My once beloved lav mic made a trip through the Johnson family's washer and dryer. I don't know that she'll ever record anything again. We'll see once it fully dries out (fingers crossed). I spent some time this last week getting back into Windows systems forensics, which has been really fun. If you want a play-by-play guide with some fantastic, practica...
7MS #288: I'm BURPing a Lot
December 01, 2017 04:23 - 14 minutes - 20 MBSorry the podcast is late this week - but it's all for good reasons! I'm busy as a bee doing a ton of pentesting so I have a smattering of random security stuff to share with you: Mac High Sierra root bug Did you hear about this? Basically anybody could log in as user root on your system without a password because...there isn't a password! Read the Twitter thread where I originally read the news here, read about the root account madness here, and then read how the fix broke file sharing ...
7MS #287: Introducing 7 Minute Security LLC
November 22, 2017 20:26 - 12 minutes - 16.6 MBWell, after over-teasing this last week, I'm excited to announce that I've started my own company! 7 Minute Security, LLC gives me an outlet to do all my favorite infosec stuff, such as: Network assessments Vulnerability scanning Penetration testing Training Public speaking I welcome you to check out 7MinSec.com for more information. Or 7MinuteSecurity.com or SevenMinuteSecurity.com. Collect 'em all! What does this mean for the podcast? Nada - I'll keep cranking it out. Maybe w...
7MS #286: The Quest for Critical Security Controls - Part 3
November 16, 2017 22:30 - 9 minutes - 12.7 MBWe're continuing to hammer on the CSCs again this week. Here's some rad resources that can get your CSC efforts in the right direction: CIS Implementation Guide for SMEs CIS Cybersecurity quarterly newsletters Netdisco lets you locate machines by MAC or IP, show the corresponding switch port, and disable it if necessary. Defensive Security Handbook isn’t specifically mapped to CSCs but offers great advice to tie into them. Open-Audit tells you what’s on your network, how it’s configured...
7MS #285: The Quest for Critical Security Controls - Part 2
November 09, 2017 05:07 - 12 minutes - 17.3 MBNothing to do with security, but I've heard this song way too much this week. I love the CIS Controls but it seems like there isn't a real good hands-on implementation guide out there. Hrmm...maybe it's time to create one? Speaking of that, check out the MacMon project and chat with us about it via Slack. After hearing rave reviews about Fingbox (not a sponsor), I picked one up (~$120) and wow, I'm impressed! It's got a lot of neat features that home users and SMBs would like as it relat...
7MS #284: The Quest for Critical Security Controls
November 02, 2017 03:50 - 12 minutes - 17.1 MBFor a long time I've been electronically in love with the Critical Security Controls. Not familiar with 'em? The CIS site describes them as: The CIS Controls are a prioritized set of actions that protect your critical systems and data from the most pervasive cyber attacks. They embody the critical first steps in securing the integrity, mission, and reputation of your organization. Cool, right? Yeah. And here are the top (first) 5 that many organizations start to tackle: Inventory of Aut...