Profile picture
J. @CxOSidekick
, 13 tweets, 6 min read Read on Twitter
@sachafaust One of the things that I find helpful is to use product management frameworks to look at effort and impact over time. Lots of things you 'should have' can take a lot of time to roll out and then don't give you the agility you want (e.g. in detection over custom data sets)...
@sachafaust ... which means the team needs to think about what will move the needle quickly in the short term while also laying the foundation to go from 1.0 to 2.0 of capability (vs waiting for 5.0 and never getting there).
@sachafaust Another product management tool is 'time boxing' for testing new ideas (either on red or blue) and that can be effective in limiting scope (which itself is another important part of testing assumptions under uncertainty).
@sachafaust We've found that linking timeboxed goals via Objectives and Key Results that should only take one 2-week Sprint to complete is a great way of limiting scope and focusing attention on low effort / high impact activities in terms of 'outcome for the business'.
@sachafaust The challenge is how to apply this to multiple threat surfaces when you have more than one (e.g. internet web app, AWS, traditional network etc) that you would call 'a priority' - all be it for (potentially) different attack scenarios.
@sachafaust Another area is how you show a security ticket priority against a business ticket priority. Being able to articulate impact from a threat surface (e.g. the availability of a control gap to credible threat actors, its ease of exploit, the impact from exploit) is super important.
@sachafaust Sometimes the impact of an exploit is that it opens up a whole new part of the attack graph to a threat actors (so no direct biz, impact but wider potential badness by enabling compromise of more stuff). It's helpful to show this to people who have to pull things out of sprints.
@sachafaust That's because it can help with the risk decision of '
"Can this wait? And under what specific circumstances, either relating to a threat or tech change, would it suddenly become much more urgent?"
@sachafaust For e.g. if something is v obviously bad (biz asset exposure at low level of sophistication to anyone on internal network) the risk decision may be to close down the biggest avenue for discovery of the asset & implement some detections that IR need to jump on asap if they fire.
@sachafaust That means there's a Sprint action you can take immediately for both 'prevent' and 'detect' - with agreement to look at mitigations for a later Sprint.
@sachafaust I guess the final thing I'd say is you have to k ow how to hack the meta-structure for how things get done in your specific org. Sometimes that is getting a ticket in a Sprint planning session. Sometimes it's knowing the right person at the right level to show the finding to...
@sachafaust ...as you may have some findings that at one level are 'this is way too hard for engineering to fix' (e.g. scrum master) and at another (e.g. cto) are 'Do we turn this feature off right now?'
@sachafaust @threadreaderapp #unroll
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to J.
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Related hashtags

#unroll

More from @CxOSidekick see all

Profile picture
It's 100% true that you need technical expertise in a security team. There are also other things that need to come together for a team to improve how well protected their business is. One of those can be winning the opportunity to do the technical stuff that's needed.
In fact I think there are 8 key applied abilities that are vital in security

1. Systems thinking
2. Politic
3. Architecture / engineering mindset
4. Team creation and evolution
5. Product management
6. Project management
7. Data science
8. Coding
Systems thinking: Sec teams are usually implementing a complex system (lots of sec controls w/ interdependencies) within a complex system (the biz+its people/process/ tech inter-relationships). Ability to understand, share & build consideration of this into decisions is vital.
Read 11 tweets
Profile picture
@xaprb Some quick thoughts...

There are different scenarios for exec comms:
- Cyclical (e.g. annual reporting where format doesn't change)
- Periodic (e.g. on an issue that will last a few committee meetings)
- Ad hoc (e.g. random requests on key things)
- Crisis (new, short cycle)
@xaprb For each there are different formulas you can use. E.g. cyclical reporting may be
- what's our status on something pre-defined as important?
- is status good or bad?
- if bad do we have enough information to act or do we need more?
- if we act what is best cost decision?
@xaprb And there will be different levels of detail for each type of comms. For example in Crisis, you may be giving minute by minute updates. In cyclical the level of detail may be very deep (e.g. board reporting) but more analytical in style.
Read 9 tweets
Profile picture
A SOC that deals in Alerts is doomed. If it deals in 'high fidelity detection analytics' + can show ...
1) what's possible to detect that your tech teams + business MDs care about
2) by implication what gaps exist with existing tech (coverage / config)
... then in with a chance.
In practice what that means is defining 5 things that are highly interesting from a blue/red perspective, and where you would tolerate high false positives because if you see 'an activity' it's worth some precious analyst time to investigate ... for 2 reasons ...
1) To rule out that badness is happening
2) To understand if the analytic can be better tuned to remove the trigger to 'go look at this'
Read 18 tweets

Related threads

Profile picture
Now let's talk about @jenniferdoleac & @anita_mukherjee on naloxone. Again woo--another counter-intuitive result! Narcan increases opioid use! Well, let's turn to statistician Andrew Gelman for another view of the article and data: andrewgelman.com/2018/03/21/mor… @BrookingsInst 1/
"1.The bank-shot reasoning by which it’s argued that a lifesaving drug can actually make things worse. It could be, but I’m generally suspicious of arguments in which the second-order effect is more important than the first-order effect. This general issue has come up before." 2/
"2. The unintended-consequences thing, which often raises my hackles. In this case, 'saving the lives of active drug users' is a plus, not a minus, right? And I assume it’s an anticipated and desired effect of the law. So it just seems wrong to call this 'unintentional.'" 3/
Read 22 tweets
Profile picture
Okay, so. At about 2:00 PM I'm going to do a thread (continuing off this one if you want to like/bookmark/tab it) about Trump's AP interview from earlier this week.
I've made no secret of the fact that I see limited value in interviewing a reflexive liar but as long as people are doing it, I am going to wring every drop of meaning out of them that I can.
For those who haven't followed me long and don't know what I actually do here, I'm *not* a fact checker. That takes skills and resources I don't have. What I have is a very particular set of skills, skills honed over a long career of picking words apart and putting them together.
Read 178 tweets
Profile picture
Hello, everyone!

We're going to kickstart our weekly #GlobalEChats discussion thread. This week, we'll talk about #fitness #personal #trainer as #entrepreneurs and how #tech can change everything!

Ready? Let's go!
Let's first start with two possibilities in the future.

1. We no longer need humans as #PT personal trainers at the #gym or #field. All will be replaced by #tech and smart applications! 😲

2. Human PTs will still be demanded but will utilise #tech to improve their coaching!
Do you think #1 is truly possible? It seems a bit far-fetched, no?

Meet @ollinfit! Ollinfit is a set of three wearable sensors and smartphone app that work together as your personal trainer. Say what???

Using Ollinfit, you'll be able to workout without needing human coaching!
Read 15 tweets
Profile picture
001/ [article content in this tweet series 001-180 reproduced with permission from Martin Howe QC of Lawyers for Britain @lawyers4britain]
#quote "Leaving the EU on WTO terms: pulling down the barriers to world trade
Introduction: why prices will FALL after Brexit, not rise" /002
002/ #quote "Over the past couple of weeks, the media have been full of lurid scare stories about what will happen if the UK leaves the EU on WTO terms, because negotiations with the EU do not result in a withdrawal agreement." /003
#tariffs #NoDeal #Brexit #WTO #ProjectFear #shortages #food #medicines
003/ #quote "One of the most ridiculous and UNJUSTIFIED of these absurd scare stories is that it will lead to higher prices, and even shortages, of foods and medicines." /004
Read 180 tweets
Profile picture
45 Days Of @ElvisCostello: a twitter megathread in anticipation of the Oct 12 release date of LOOK NOW, the new LP by Elvis Costello & The Imposters

This is either a bright idea or a brilliant mistake, but this is only, this is only, this is only the beginning...
I did something similar to this 5 years ago, in anticipation of EC & @theroots' Wise Up Ghost LP, on tumblr.

(You can still find all those posts if you look, although a lot of the YouTube links etc are now dead ends. It was 40 Days Of EC then, so for 2018 I'm upping it to 45.)
Mostly I will be going chronologically from the early years right up to the present, but it feels right to start out with Costello's 2002 song, "45."

Music Video directed by @jessebdylan


(There's an alternate "diner" version I can't find anywhere online)
Read 2378 tweets
Profile picture
(1) And we're started! Goodcovfefe is kicking us off with a prepared statement, aaaaand he starts off with a broadside against Loretta Lynch. Hilarious. Oh, and Holder was at one point held in contempt over Fast and Furious.
(2) He suspects 'Muh Russia!' to come nonstop from the Dems on the committee. Fantastic. Why don't I have bourbon.
(3) He's still going. Also, Goodcovfefe calls out that gun laws on the books weren't being enforced, but now are under Sessions.
Read 106 tweets

Trending hashtags

#barriers #drugs #farmers #GlobalEChats #economists #prohibit #Tesco #Karmageddon #consumers #veterinary #pay #law #SPS #profiles #TBT #AadhaarFail #PeakTV #trademark #factualclearandconcise #NTBs #penalties #AmericaFirst #type #ucustrikes #importation

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!