This isn’t your typical review of a book. I read this book because I felt that too many security professionals were “showing their work” but not doing it in a way that provided any real value. The way some people share online, I feel like they might have read this book but missed some key…
Lessons in Cybersecurity from Small to Large Organizations
From small organizations with duct tape and bubble gum defenses to larger enterprises armed with fortress-like custom solutions, improved security posture comes from both ends of the organizational spectrum but ultimately lies somewhere in between. Let’s look at each and how the industry has matured to the point where both types of companies can benefit. …
Navigating the Past: A Honest Reflection Of 2023
This post is more of a retrospective for me and my thoughts this last year. As I look ahead to the new year and the goals I want to achieve this upcoming year, I first want to look back at the previous year. This last year, I didn’t have any defined goals. I wanted to…
The Pitfalls of Hiring Clones: Why Diversity Matters
You’ll see discussions about how important diversity is in a workplace from any social media platform to maybe within the organization that you work at. My mindset regarding diversity, specifically in security, wasn’t ensuring we had a diverse group of people working in the SOC. No, it was all about if they had passion. As…
Certifications in Cybersecurity: Are They a Career Game Changer?
Certifications are an interesting concept in the security field. We don’t have one path to be a security professional, and it’s not like we need to go to college for ten years to be a doctor or pass the bar exam to be a lawyer. As the security field has grown, so has the amount…
Certified CyberDefender (CCD) – Review
Hopefully, this review will be slightly different than others I’ve seen. I won’t go as in-depth on some of the labs, material, or exams because I feel there seem to be several reviews about that already, and I expect many more as this cert becomes more popular. I also warn you I might be making…
Asking Users For Help In An Investigation: A Fine Line To Walk
One of my biggest pet peeves during the investigation process is hearing these words: “Did you ask the user?” In my Think Like An Analyst Series, I go over several ways to help come to a conclusion for an alert. I talk about slowing down, asking questions, changing perspectives, and comparing data. The one thing…
Blue Team Level 2 (BTL2) – Review Part 2
I recommend reading Blue Team Level 2 (BTL2) – Review Part 1 to get some additional background on my journey with this certification. Why I took this certification. I took this certification not to move up the security ranks or get a new career. It was for me to level up and to be able…
BSides Buffalo 2022: The Art of Analysis: How Analyzing Art Helps Us Be Better Analysts
I recently did a talk at BSides Buffalo and wanted to share the link for the talk and the slides if anybody is interested in following along. Unfortunately, the video didn’t capture the slides as well as I had hoped, and the visual aspect of the talk is critical. Slideshttps://www.domedion.com/wp-content/uploads/2022/06/art.pptx I’ve started a series of…
Tuning Done Right
In a previous blog post, I described tuning as the key to reducing alert fatigue, not SOAR. You can find that article here Alert Fatigue. Tuning isn’t easy, and this post will only talk about half of the process. When you look up the word tuning, you will find the definition of “to adjust for…
Alert Fatigue, Alert Fatiuge, Alert Fatigue, Alret Fatigue, Alert Fatigue
In the first post in my “Think Like An Analyst” series, I talk about slowing down. I gave a trick of the meditation practice of “body scanning” to do this. More information can be found here Lesson 1. In theory, it’s a great way of tackling an alert, but in some ways, it’s not real…
The Metrics Manifesto – Book Review
I’ve always been interested in using metrics to present a pattern and see if action could be taken from them. I’ve seen many organizations using metrics, but I can’t say I’ve seen an impact on the organization because of them. An example would be, “As you see here in the graph, phishing attempts were highest…
eCPPT Review – The Good, The Bad And The Ugly
eCPPT stands for eLearnSecurity Certified Professional Penetration Tester. Now, I’m very much a blue teamer, but the purpose for me to pursue this certification was to learn attackers’ tactics and techniques. I wanted to be able to more quickly identify an attacker in an environment and also understand the attacker’s next step. I didn’t pursue…
Working In The Security Field With Learning Disabilities
It was my junior year of high school and I had no plans on what I wanted to do after school, either for work or college. One day I had a meeting with the school counselor, some teachers, and my mom to figure it out. I don’t recall much from the meeting but the counselor…
First Rule Of Security Club Is You Don’t Talk About Security Club
Training: it’s one of the best investments for yourself or a team. Even though it’s super important, I often see training not making that big of an impact on employees. They might get that new certification or complete a course, but have they changed? Has the TEAM grown? In some cases they have, but not…
It’s Not The Tools That You Should Have Faith In.
Above is a great tweet by @varcharr asking a very simple question, but engaging quite a few people. The answers to this tweet astonished me; I truly didn’t know there were so many options to choose from. People said things like elasticsearch, splunk, qradar, rapid7, ELK, AlienVault, Security Onion, LogRhythm, Solarwinds, Elastic SIEM, NetWitness, Azure…
Just Say No To SANS
In a previous article I talked about all the money that I’ve invested into myself over the years. I have a saying, “I won’t ask a company to pay for something that I’m not willing to pay for myself,” and one of the things I would never ask a company to pay for is a…
Blue Team Level 2 (BTL2) – Review Part 1
3/21/22 This review will be an ongoing, living review. As I write this review, the platform has jumped to a new interface. Two labs are still “coming soon,” and the estimated date for the exam to be available is at the end of March. I’m doing a “living” review because Blue Team Level 2 has…
Practical Malware Analysis & Triage – Review
I wanted to do a quick review on this course to give some initial thoughts. I want to say I’m only familiar with Matt Kiely aka HuskyHacks due to his blog for the eCPPT. https://huskyhacks.dev/2020/04/24/elsptp/. I enjoyed his other blog posts and ended up following him on twitter https://twitter.com/HuskyHacksMK which is how I became aware…
Squeezing The Most Out Of Security Conferences
Security conferences, to me, are all but one thing… networking events. This wasn’t always the case. The early years of my security career conference were a way to learn about new technology, what people were doing, issues companies faced, and maybe take a few tips back to the office. I attended all the talks I…