Amrop Luxembourg’s Post

Organizations of all sizes are under attack. Building a security culture that keeps your team safe and secure means understanding the risks your organization faces and the behavior(s) you want to change. What does that mean exactly? Without a firm understanding of what security culture is and an idea of where you want to take your organization, failure to make meaningful and lasting change is almost inevitable. Read this helpful white paper to learn about building a security culture in your business, one dimension at a time. https://hubs.la/Q026FFpz0

Some words of wisdom from our VP of Security Market Research, Dr. Chase Cunningham & Cybersecurity Market Research Analyst, Amal Joby: 🔒Security pros must balance focus & exploration🔒 "It's essential to recognize the shiny object syndrome in ourselves and develop strategies to maintain focus on our main objectives while still allowing room for exploration and learning." Read the full piece👇

Thursday Quick Tip: If you caught my last post, you'll recall that I discussed the current skills gap in the cybesecurity field. Here's a brief guide where maybe can help to navigate this issue. https://lnkd.in/gE5u69cE

This is part two of a three-part blog post series covering the top tips and skills that aspiring analysts will need to master as they begin their journey toward success in the SOC analysis field. In this second post, learn about the top four topics significant to building an understanding of security platforms and tools needed in SOC analysis. Read Part One of the blog series here. TOM SHAW

70% of ambitious transformation projects face an early pause within the first year of their kick-off, encountering 'known but ignored' issues. (McKinsey article - https://lnkd.in/gRH45Kcs). Pitfalls include: 1. Underestimating resistance to change within organization; 2.Lacking market validations, competition analysis, industry Overview, knowledge of business cycles. 3. Unclear roadmap to scale post-Proof of Concept; 4. Relying on hunches rather than a defined data strategy; 5. Overlooking non-negotiables like cyber security. ....and many more These hurdles are often not acknowledged internally, and demand external identification – a key role for consultants. Despite criticism for tackling seemingly obvious problems, hiring consultants proves invaluable in steering through these critical project pitfalls. #TransformationChallenges #consultinginsights

📣 'Inside Security' is now available on Substack. (Link is below in the post) ICYMI, about a month ago, we launched 'Inside Security', a long-form, bi-monthly blog series featuring security practitioners. Since then we've had the opportunity to speak with some fantastic folk & uncover a dearth of insights. Our interviews with guests have covered various topics including: ✨ Best practices on how to effectively use culture to shape world-class security teams ✨ Role of security during an M&A process ✨ Guidance on breaking into security as a non-security professional ✨ Explorations of the critical & rapidly evolving role of security in the gaming and entertainment ✨ Strategies to overcome common challenges such as lack of alignment & security operating in silos ✨ Frameworks to master the art of storytelling & effectively communicate security initiatives across the organization ✨ Collective efforts to drive a more engineering-focused approach to cybersecurity, and so much more Some of you requested for it and so we're excited to launch our Substack newsletter, delivering this content straight to your inbox: https://lnkd.in/gZ7XuSgw Follow along to read about security engineering from the best in the business.

SOC teams are experiencing: 🔸Stress and burnout 🔸Resource shortages 🔸Overall intensified workloads, especially with regulatory mandates for accelerated response times (i.e. SEC rulings and filings)   In Mel Reyes' new article "Helping SOC Teams Manage Stress and Complexity", he provides firsthand strategies as a Global CIO and CISO at Getaround to combat fatigue and support a more resilient cybersecurity workforce.   Here's some key takeaways:     🔸 A call to action to develop quantifiable metrics and security frameworks to measure SOC performance.   🔸 A call to action for senior leaders to occasionally step into operational roles to shield their teams from exhaustion and attrition. 🔸 A call to action for senior leaders to celebrate the quick wins and build on them over time to develop the culture away from defensive to offensive security strategies.   🔗 Read the Full Article: https://lnkd.in/gbYBCuV7   🔗 Apply to Join to Access More Content: https://lnkd.in/eEcs3-hB   #cybersecurity #infosec #informationsharing #communitybuilding

Analytics Multi-Source Analysis of Top MITRE ATT&CK Techniques 2023. “HOW WILL ADVERSARIES ATTACK US AND WHAT DEFENSES SHOULD WE PRIORITIZE?” If you work in cybersecurity, chances are good you’ve asked—or been asked—a question like this one. The good news is that there’s more information available than ever before to help answer that question. But that doesn’t mean answering it is easy. MITRE ATT&CK® is a knowledge base of adversary tactics and techniques based on real-world observations. Its purpose is to serve as a foundation for threat models and methodologies leading to more effective cybersecurity. More and more cybersecurity industry reports include statistics on observed ATT&CK techniques. That’s great in terms of having more data available for defenders and decision-makers, but a challenge arises to establish consensus among them regarding the most common techniques. Sources differ greatly in their visibility of ATT&CK, what they measure, how they report information, etc. This study analyzes 22 public sources of ATT&CK statistics to find common trends among them. Our goal is to aid organizations in building a more threat-informed defens Ten Most Reported Techniques 1. Execution: Command & Scripting Interpreter (T1059) 2. Privilege Escalation: Process Injection (T1055) 3. Defense Evasion: Process Injection (T1055) 4. Initial Access: Valid Accounts (T1078) 5. Persistence: Valid Accounts (T1078) 6. Privilege Escalation: Valid Accounts (T1078) 7. Defense Evasion: Masquerading (T1036) 8. Defense Evasion: Valid Accounts (T1078) 9. Initial Access: Exploit Public-Facing Application (T1190) 10. Execution: Windows Management Instrumentation (T1047) Special Thanks Cyentia Institute ⁩-Cyber Security awareness-   Up2date 4 Defence Today, Secure Tomorrow @CisoasaService 1402.08.20