Super Cyber Fridays!
Join us TOMORROW, Friday [03-15-24], for "Hacking Security-Driven Sales"

Join us Friday, March 15, 2024, for “Hacking Security-Driven Sales: An hour of critical thinking about how to unlock revenue with your security program.”

It all begins at 1 PM ET/10 AM PT on Friday, March 15, 2024 with guests Ravneet Dhaliwal, security solutions lead, Vanta and Steve Zalewski, co-host, Defense in Depth. We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Register

Thanks to our Super Cyber Friday sponsor, Vanta

Defense in Depth
The Demand for Affordable Blue Team Training

If you want to get into cybersecurity, there are a multitude of red teaming tools available for little to no cost. So why is it so darn expensive to get any training on the defender side?

Check out this post by Christopher Russell, CISO, tZERO Group, for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is our guest, Ron Gula, president and co-founder, Gula Tech Adventures.

Giving the blue team some respect

Security operations remain critical, but it often doesn’t get the same rose-colored optics as the other side of the house. "The industry constantly tries to glamorize pentesting/redteaming while trivializing the work of security operations. If you’re a blue teamer ‘then you’re not cool enough,’” said Melina Phillips. But this mentality doesn’t give blue teaming the credit for the intellectual rigor it requires, as Patrick Tsushima of Qualitest pointed out, saying, "Understanding architecture and designing the correct security requirements is a lot more interesting and advanced than rooting boxes all day. You definitely need both."

Be your own best advocate

There is a perception that there’s a lack of quality blue teaming training resources available. The are out there, but they lack the visibility of red teaming tools. "The smartest move is to self-teach with all the free and widely available resources out there. Being inquisitive is one of the main requirements to be in cybersecurity. There is a plethora of websites offering good training," suggested Daniel Piątkowski of Phoenix Software Limited. Training can start by dipping your toe in as Harlan Carvey of Huntress suggested, "I started online and at the library. From there, I expanded to the bookstore. Develop the foundation first, and then look to vendor training, and certs."

Blue teaming in the real world

While resources may be available, compared to red teaming, the path to connecting skills to a job isn’t nearly as clear cut. Jonathan Smith of Pioneer Natural Resources Company suggested leaning into that, saying "I wonder if it’s better to start our red team and switch over to blue after I have gotten into cyber security in hopes of finding a job." Once you have the job, blue teaming still represents a much more open-ended set of problems that usually require mentorship and hard fought experience. "You can find a hundred free samples of how to throw up a reverse shell with net cat but I’ve never seen one that will teach you how to take a blocked traffic to malware domain event and then walk backwards using your SIEM and EDR to find the cobalt strike package that was dropped and the auto runs set to provide persistence, " said Glenn McDowell of SAIC.

A different mindset for a different job

The stakes for blue teaming are fundamentally different. Vendors know organizations need these defensive skills, and operate in an environment where there are not enough teachers to meet demand, hence the ability to charge for them. "The rigor required for blue-teaming is higher. The penalty for a vulnerability you missed is lower than that for an attack you missed. They require different mindsets, behaviors, and demands on diligence and accountability,” said Rob Wood, CISO at TrustCISO.

Please listen to the full episode on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Listen to the episode.

Thanks to our podcast sponsor, Query

LIVE!
Cyber Security Headlines - Week in Review

Make sure you register on YouTube to join the LIVE "Week In Review" this Friday for Cyber Security Headlines with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Alexandra Landegger, executive director and CISO, Collins Aerospace.

Thanks to our Cyber Security Headlines sponsor, Vanta

Cyber chatter from around the web...
Jump in on these conversations

"Whats the most amount of viruses you’ve seen on a system?" (More here)

"23andMe tells victims it's their fault that their data was breached" (More here)

"What do you expect from ransomware in 2024?" (More here)

Coming Up On Super Cyber Friday...
Coming up in the weeks ahead on Super Cyber Friday we have:

• [03-15-24] Hacking Security-Driven Sales

• [03-22-24] Hacking Effective Third-Party Risk Management

• [03-29-24] Hacking Detection and Response

 Save your spot and register for them all now!

Thank you!
Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.