Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

  • wop@infosec.pub
    link
    fedilink
    English
    arrow-up
    5
    ·
    11 months ago

    I am currently transitioning into a Security role at work. One question would be: what are the must-have tools for every blue team?

    • Vuln-Scanner
    • Logging/ SIEM-Server
    • MSgtRedFox@infosec.pub
      link
      fedilink
      English
      arrow-up
      3
      ·
      11 months ago

      Here are some platitudes for you without knowing your life:

      Learn concepts and not tools. Email links are your number one threat. Unpatched software is your number two threat.

      You cannot defeat them, just slow them down.

      Consider:

      Go download NIST cyber security frameworks, read it. It’s boring as hell, but tells you what the security program should do and checklists of things to cover.

      Go Google DISA STIGs. You can download free GPOs and checklists that lock down about everything you have. Some are not public, most are. There’s a CIS equivalent, also.

      Implement system tiers, it’s well documented, but hugely painful. No domain admins (DA) on anything but tier 0, no DAs or SAs on workstations.

      Tenable Nessus is an example of vulnerability scanner.

      Security Onion is an example of IDS.