Blog posts

Heartbleed

 

Deploying a Mac EDR agent 24th November 2022

In a previous blog post, I had benchmarked a few EDR software vendors & selected the one that suited my organisation best: CarbonBlack. With the contractual details sorted out, it was time to deploy the agent to my organisation’s fleet of workstation.

Automating database security 25th May 2022

When I started out my career, I didn’t give much thought to databases. To my junior eyes, big security problems were in the webservers, the code, not really in the database.

Let’s talk about multi-factor authentication 3rd January 2022

Working for SaaS scale-ups, I’ve had my fair share of client security questionnaires to fill out. Every single one of these questionnaires included a question similar to: “Do your employees/admins use MFA?”

If I answer “no”, all hell breaks loose the client gets uneasy and starts asking all sorts of questions. If I answer “yes”, I get a satisfied, congratulatory nod.

Selecting a Mac EDR agent 30th June 2021

My organisation recently migrated all its workstations from Windows boxes to MacOS devices. The Windows fleet was equipped with a remotely managed anti-virus software. We needed to maintain a similar level of protection, so I had to select the security agent that would be deployed on the new Mac fleet.

Putting out non-existent fires 12th May 2021

On a random September afternoon, Daniel, a colleague, rings me up. He tells me that a privileged user account on our B2B SaaS website had been hacked, and that we had received an email from the affected user, Zoe, as well as the CISO of the company she works at.

Laying log-pipes with Lambda 19th December 2020

If you ask the devops team running a SaaS service about the biggest weakness in their current production infrastructure, chances are they’ll tell you “monitoring and logging”. When the pressure to deliver is high on a devops team, as with any team, projects that do not directly contribute to serving stakeholders are put on hold, ergo the previous answer.

Build me a secure SaaS app 7th June 2020

When applying for an IT engineering job, meeting a few people at the target company and answering some technical questions is standard practice. Things get a bit more interesting when you have to present a security roadmap to all the company’s technical leads.

Auditing AD user passwords 4th December 2019

Say you’re a blue teamer in an organisation of a few thousand people. Unless you’re in a kubernetized, SaaSified and cloudified startup, you’re likely to have an Active Directory running. ADs and their accounts are a prime target for attackers, so how do you go about insuring your assets are a bit safer? Eliminating weak passwords is a start.

Handling logs on AWS 19th August 2019

As we migrate our IT systems to the AWS cloud, it is imperative for us to be able to monitor their health and security. AWS does provide a range of tools for logging, however they feel fragmented and balky at times. Looking through logs in the dedicated AWS services was awkward at best, frustrating at worst, and definitely time-consuming. We needed a centralised, robust log storage and management infrastructure that we could control. So I built one!