There are several different viewpoints around cybersecurity; what it is, what’s valuable, and how you accomplish it. Many billions of dollars will be spent this year on cybersecurity, some for more valuable items than others. Over the years of my career though, I’m more firmly convinced that the all-too-common-buzzword “cybersecurity” is simply having an operational …
For those of you who haven’t already heard of Nextcloud, I highly recommend that you take a look at their mature open source solutions for secure and sovereign data collaboration. For those of you who are already using it, but want to connect your server to a Samba-based AD, you can find the official documentation …
Read more “Nextcloud LDAP/Active Directory Configuration Without Relay Attack Surface”
As I had previously explored, there is now a great potential for anyone using commodity hardware, even that which can be purchased at your local Costco, to enable sovereign AI capabilities. From simple code generation inside Visual Studio Code, to generating function-level code blocks based on prompts of desired functionality, to doing in-depth security analysis …
Note: This article is a copy of one that I have written for the compliance.engineering blog. Check it out! In my previous article I was discussing the need for accurately describing system architecture in a way that would enable consistent discovery, documentation, and dissemination of these details across internal teams, with outside auditors, as well …
Until the creation of the European Union’s Digital Operational Resilience Act (DORA) (2022/2554), there hasn’t been much need for those of us in the U.S. to be aware of Threat-Led Penetration Testing (TLPT). DORA’s text also isn’t explicitly clear around what this TLPT is, or what makes it distinctly different from the average penetration testing. …
Read more “E.U. DORA – Threat-Led Penetration Testing, what is it?”
I’m pretty inexperienced when it comes to Fluentd logging, but I have a necessary use case to use it to ingest some log files with a non-standard format. There’s documentation on how parsers work, and there are even examples of how it should automatically happen. But, then there’s also the reality that I discovered that …
A while ago I was talking to a company’s security team and was inquiring about their concerns when it came to cybersecurity issues. During that conversation it was rather surprising that incident response (while important) was voiced as the top issue. I found this surprising because, after all, if you don’t know what you have, …
Many individuals have asked what I do, and the answer varies depending on who is asking. It’s usually either a generic “I work in IT”, or a detailed explanation, because very few people have heard of a Service Maturity Architect. Here’s my written attempt to explain what this niche role is, and why it’s critical …