Another Vendor, just got breached, but it won't be last company
Next victim, let’s see, Could be you, and it could be me
Listen up, carefully,
I'm here to help you yeah I got the strategy
Learn Cyber Security
All the concepts and methodologies
You gotta try to balance the security
Don't inhibit productivity
Otherwise shadow IT
Where they break your policies
MFA, authenticate
Validate, who they say
Intune managed, not enough
Password-less (ehh) , yeah that’s the stuff
Move GAs, to the cloud
NO GA, on the ground
So that when, you are breached
Cloud assets, they never reach
Make them use, secured PCs
So actors can’t, access these
PIM, would be nice
before you access the, secured device
All them servers, update
To the cloud, migrate
Patch them bugs, CVEs
Fix them Vulnerbilities
Please don’t, federate
Actors will, infiltrate
Assume breach, it can happen
When it does, plan to trap em
Detection, visibility
Light it up, so that you can see
When actors move, laterally
With all of your, SAML Keys
Protect your data, so they can't see
What your doing in, the company
Enforce it with, DLP
Stop all the mass copies to the USB
Watch your certs, master key
Store your creds, away from me
HSM, not locally
Bitlocker, encrypt the C
Developers, listen please
Bring them early, security
So they can do threat modeling
Find them gaps that you can't see
Red team, exercise
Blue team, make them wise.
Learn about the attacks
About how to fight back
So their ready, when it comes
To mitigate, overcome
Learn about, what they did
Because you logged, all of it
Automation, set you free
Use the bots, you oversee
Use AI, Machine learning
Train the models with, your entities
Azure, sentinel
That’s where, logs will flow
Charge by, data rate
Purpose?, aggregate
Then it correlates
AI they activate
Looks around for mistakes
Not normal, mitigate
So much data, we can see
Name and hashes, and IPs
Bad actors, APTs
Indicators, IOCs
Teaching is, what I do
Helping others, helping you
Please subscribe, it's for free
Be notified, support me