Infosec Blogs/Podcasts

Practice Incident Management … Not Incident Response

May 22, 2014
By
password-222331_640

I love the theme reenforced by this post over at Intergriography stressing a mindset change from one of response to one of management. First step is to assume you are already compromised. Second step is to manage these assumed “incidents” proactively so that when they do happen your team can go about dealing with them...
Read more »

Tags: , , ,
Posted in Infosec Blogs/Podcasts | 8 Comments »

5 Tips to Minimizing Misses & Blame in Your SOC

May 12, 2014
By
Barbwire

Jack “@jackcr” Crook is back with another great post on improving your SOC’s performance. Previously, he covered his tips on implementing an internal SOC training program. Now Jack points out five tips to minimize missing those elusive important alerts and improve overall analyst moral. Since many SOC analysts are new to this field, add...
Read more »

Tags: , , ,
Posted in Infosec Blogs/Podcasts | 5 Comments »

6 Tips for Learning Information Security

May 7, 2014
By
Data to Knowledge

Some good tips on learning information security (note – not cyber security ) to consider in this recent article on Help Net Security… Here’s the TL;DR quick version. Take Interest in the New: Be on the lookout for new things you’re curious in and make an effort to look into them. Mix sources: We...
Read more »

Tags: , ,
Posted in Infosec Blogs/Podcasts | 3 Comments »

Internet Infrastructure in 5 Minutes

May 6, 2014
By
Filmstrip

Next networking class I teach is going to start with this video… Hopefully after these 5 minutes everyone will get the gist and we can just move on to some of the more fun stuff. The only thing I could have wished for was more puppy pictures.   With the speed of an auctioneer...
Read more »

Tags: , , ,
Posted in Infosec Blogs/Podcasts | 3 Comments »

Top 5 SOC Analyst Skills

April 14, 2014
By
SOC Analyst Candidates

Similar to an article we covered before on training your SOC analysts, Rick Howard recently penned this one detailing what to look for when initially recruiting that staff. The leading sentence pretty much summarizes it all — emphasizing “passion, experience, and communication skills” while downplaying certifications and degrees. And of course you get what...
Read more »

Tags: , , , ,
Posted in Infosec Blogs/Podcasts | 6 Comments »

More Malware Analysis Tools

February 27, 2014
By
More Malware Analysis Tools

I’ve probably mentioned some of these tools before in other articles and presentations but what I really like about this post over at Journey Into Incident Response is that two of the tools are from those in the local NoVA area. Their contributions include Noriben by @bbaskin and Automater by @tekdefense. Rounding out the post’s selection...
Read more »

Tags: , , ,
Posted in Infosec Blogs/Podcasts | 6 Comments »

DoD Approved 8570 Baseline Certifications

February 20, 2014
By
Certifications

I unfortunately find myself having to reference the approved certifications for DoD 8570 a lot lately. Instead of searching for it each time, I thought I would just post it here as a quick reference for myself and any others out there. I don’t necessarily agree with the DoD placing so much importance on...
Read more »

Tags: ,
Posted in Infosec Blogs/Podcasts | 5 Comments »

What Is Homomorphic Encryption?

December 11, 2013
By
What Is Homomorphic Encryption?

I was listening to an older episode of Risky Biz (282) where they were discussing the concept of homomorphic encryption and how it can be applied to secure cloud computing. Basically, this type of operation involves performing computing operations on data while its encrypted rather than having to decrypt it first. It’s obvious to...
Read more »

Tags: ,
Posted in Infosec Blogs/Podcasts | 6 Comments »

Do You SQRL?

December 10, 2013
By
Do You SQRL?

Just curious what everyone thinks about this new Security Quick Reliable Login (SQRL) authentication protocol Steve Gibson introduced early last month. Originally standing for Secure QR Login, the initial login process involves snapping a picture of a QR code on a site’s authentication page using a SQRL app. The app and the website authenticate...
Read more »

Tags: , , , ,
Posted in Infosec Blogs/Podcasts | 4 Comments »

(ISC)2 Announces BoD Election Results

December 9, 2013
By
(ISC)2 Announces BoD Election Results

Just wanted to close out our coverage of the (ISC)2 Board of Directors election for this year… Late last week (ISC)2 announced the results of this recent election. Although it doesn’t look like the write-in campaign had the desired effect, its organizer Jennifer Minella did win one of the five board seats. Congrats to...
Read more »

Tags: , ,
Posted in Infosec Blogs/Podcasts | 1 Comment »


About Us

Founded in 2008, NoVA Infosec is dedicated to the community of Metro DC-based security professionals and whitehat hackers involved in the government and other regulated verticals. Find out more on our About Us page.