this post was submitted on 18 Dec 2023
11 points (100.0% liked)

cybersecurity

3238 readers
1 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Enjoy!

founded 1 year ago
MODERATORS
[email protected]
[email protected]
11
Mentorship Monday - Discussions for career and learning! (infosec.pub)
submitted 10 months ago by [email protected] to c/[email protected]
3 comments fedilink hide all child comments
 

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 5 points 10 months ago (3 children)

I am currently transitioning into a Security role at work. One question would be: what are the must-have tools for every blue team?

  • Vuln-Scanner
  • Logging/ SIEM-Server
  • ...
[–] [email protected] 3 points 10 months ago

Here are some platitudes for you without knowing your life:

Learn concepts and not tools. Email links are your number one threat. Unpatched software is your number two threat.

You cannot defeat them, just slow them down.

Consider:

Go download NIST cyber security frameworks, read it. It's boring as hell, but tells you what the security program should do and checklists of things to cover.

Go Google DISA STIGs. You can download free GPOs and checklists that lock down about everything you have. Some are not public, most are. There's a CIS equivalent, also.

Implement system tiers, it's well documented, but hugely painful. No domain admins (DA) on anything but tier 0, no DAs or SAs on workstations.

Tenable Nessus is an example of vulnerability scanner.

Security Onion is an example of IDS.