Note: This article is a copy of one that I have written for the compliance.engineering blog. Check it out! In my previous article I was discussing the need for accurately describing system architecture in a way that would enable consistent discovery, documentation, and dissemination of these details across internal teams, with outside auditors, as well …
Until the creation of the European Union’s Digital Operational Resilience Act (DORA) (2022/2554), there hasn’t been much need for those of us in the U.S. to be aware of Threat-Led Penetration Testing (TLPT). DORA’s text also isn’t explicitly clear around what this TLPT is, or what makes it distinctly different from the average penetration testing. …
Read more “E.U. DORA – Threat-Led Penetration Testing, what is it?”
I’m pretty inexperienced when it comes to Fluentd logging, but I have a necessary use case to use it to ingest some log files with a non-standard format. There’s documentation on how parsers work, and there are even examples of how it should automatically happen. But, then there’s also the reality that I discovered that …
A while ago I was talking to a company’s security team and was inquiring about their concerns when it came to cybersecurity issues. During that conversation it was rather surprising that incident response (while important) was voiced as the top issue. I found this surprising because, after all, if you don’t know what you have, …
Many individuals have asked what I do, and the answer varies depending on who is asking. It’s usually either a generic “I work in IT”, or a detailed explanation, because very few people have heard of a Service Maturity Architect. Here’s my written attempt to explain what this niche role is, and why it’s critical …