During the last two years I’ve been working at an enterprise company which is a new experience for me.
Previously I worked for various IT consulting and IT Assessor firms. 2 years ago, I left to leave for a large organization, since that time I’ve worked on a compliance team for an enterprise software company. It’s been a vastly different experience that has taught me several lessons. Being behind the curtain so to speak has given me a new perspective on things.
Fundamentally mistakes in domains such as access control and asset management will continuously come back to haunt an organization. If these two foundational controls are not built on a strong foundation, an organization can defend themselves against an audit let alone an actual security threat.
Threat hunting is a new term I hear a lot. Threat hunting using cutting edge tools can be helpful, but at the end of the day knowing what’s in your environment and who has access to it is still the foundation of security. Having a strong foundation if limiting access to need to know and having an accurate up to date inventory will go a long way.
I will be back with more.