There are several different viewpoints around cybersecurity; what it is, what’s valuable, and how you accomplish it. Many billions of dollars will be spent this year on cybersecurity, some for more valuable items than others. Over the years of my career though, I’m more firmly convinced that the all-too-common-buzzword “cybersecurity” is simply having an operational team and capabilities that can survive the unexpected events (accidental or malicious) as they come along. Cybersecurity is far more than a tool, or toolset that you can purchase; it’s a mindset of planning, training, governance, observability, and responsiveness to meet the unknowns of tomorrow, not in arrogance, but in the quiet confidence of preparedness.
Up to the past year or so my experiences have been entirely defensive. Establishing policy and business practices (Governance), identifying environments, assets, configs (Identify), securing architecture and configs (Protect), tuning SOC detection and ensuring proper logging (Detect) as nicely outlined in the NIST Cybersecurity Framework 2.0 have taken the majority of my time in the “cybersecurity” space. However, during the past year I’ve had the privilege to learn a significant chunk of the adversaries’ methods, tools, and mindset through TCM Security training courses and their Practical Junior Penetration Tester (PJPT) certification. Having now gone through and completed the PJPT certification, I want to highly recommend them to anyone who is seriously pursuing a deeper understanding of securing your infrastructure.
It’s one thing to know academically that your team should be using a bastion host for domain administration tasks, it’s another to have used adversarial tools and know from personal experience how trivial it is to perform privilege escalation against domain accounts because you’ve done it. Again, we’ve all talked about strong passwords, but it’s one thing to talk about it, it’s another to have experience cracking password hashes in minutes due to a weak password strength. I’m grateful for this experience that has allowed me to have a stronger understanding of how to defend my own infrastructure, detect incoming attacks, and respond in prepared confidence.