Infosec Blogs/Podcasts

(ISC)2′s Lack of Experience

June 2, 2014
By
Coding Shots

ISACA recently released yet another security certification to cash in growing “cyber” industry as discussed in this article from several weeks ago. Of course the comment that struck me was (ISC)2′s W. Hord Tipton discussing how their certs are different in that they require real security experience. Requirements have changed over the years but...
Read more »

Tags: , , , , , ,
Posted in Infosec Blogs/Podcasts | 5 Comments »

Healthy Paranoia Podcast on PCI

May 28, 2014
By
Healthy Paranoia

Here’s a Healthy Paranoia podcast episode you might want to checkout, the one where I pretend to know a little about PCI. Hopefully I at least asked some thought provoking questions. I play Mr. Java, the Healthy Paranoia enforcer. Given my Starbucks addition the nickname is very appropriate. via PacketPushers.net Healthy Paranoia Show 24:...
Read more »

Posted in Infosec Blogs/Podcasts | 2 Comments »

THE Only True SOC Metric

May 23, 2014
By
keyboard-279667_640

Brian Pennington published a nice article summarizing the common security metrics as part of a Firemon-sponsored Ponemon study. Of course this “study” was nothing more than asking respondents what they thought the most important security metrics were but from experience the list isn’t all that bad. Almost all of the metrics were preventative in...
Read more »

Tags: , , ,
Posted in Infosec Blogs/Podcasts | 9 Comments »

Favorite Infosec Interview Questions

May 22, 2014
By
question-mark-112390_640

Here is a wonderful post to review whether you are planning on interviewing someone soon or are the one being interviewed. Beyond questions that test your knowledge (e.g., the difference between encoding, encryption, and hashing), the list also includes a number of opinion-based questions (e.g., open source or proprietary software being more secure). The...
Read more »

Tags: , , ,
Posted in Infosec Blogs/Podcasts | 6 Comments »

Practice Incident Management … Not Incident Response

May 22, 2014
By
password-222331_640

I love the theme reenforced by this post over at Intergriography stressing a mindset change from one of response to one of management. First step is to assume you are already compromised. Second step is to manage these assumed “incidents” proactively so that when they do happen your team can go about dealing with them...
Read more »

Tags: , , ,
Posted in Infosec Blogs/Podcasts | 8 Comments »

5 Tips to Minimizing Misses & Blame in Your SOC

May 12, 2014
By
Barbwire

Jack “@jackcr” Crook is back with another great post on improving your SOC’s performance. Previously, he covered his tips on implementing an internal SOC training program. Now Jack points out five tips to minimize missing those elusive important alerts and improve overall analyst moral. Since many SOC analysts are new to this field, add...
Read more »

Tags: , , ,
Posted in Infosec Blogs/Podcasts | 5 Comments »

6 Tips for Learning Information Security

May 7, 2014
By
Data to Knowledge

Some good tips on learning information security (note – not cyber security ) to consider in this recent article on Help Net Security… Here’s the TL;DR quick version. Take Interest in the New: Be on the lookout for new things you’re curious in and make an effort to look into them. Mix sources: We...
Read more »

Tags: , ,
Posted in Infosec Blogs/Podcasts | 3 Comments »

Internet Infrastructure in 5 Minutes

May 6, 2014
By
Filmstrip

Next networking class I teach is going to start with this video… Hopefully after these 5 minutes everyone will get the gist and we can just move on to some of the more fun stuff. The only thing I could have wished for was more puppy pictures.   With the speed of an auctioneer...
Read more »

Tags: , , ,
Posted in Infosec Blogs/Podcasts | 3 Comments »

Top 5 SOC Analyst Skills

April 14, 2014
By
SOC Analyst Candidates

Similar to an article we covered before on training your SOC analysts, Rick Howard recently penned this one detailing what to look for when initially recruiting that staff. The leading sentence pretty much summarizes it all — emphasizing “passion, experience, and communication skills” while downplaying certifications and degrees. And of course you get what...
Read more »

Tags: , , , ,
Posted in Infosec Blogs/Podcasts | 6 Comments »

More Malware Analysis Tools

February 27, 2014
By
More Malware Analysis Tools

I’ve probably mentioned some of these tools before in other articles and presentations but what I really like about this post over at Journey Into Incident Response is that two of the tools are from those in the local NoVA area. Their contributions include Noriben by @bbaskin and Automater by @tekdefense. Rounding out the post’s selection...
Read more »

Tags: , , ,
Posted in Infosec Blogs/Podcasts | 6 Comments »


About Us

Founded in 2008, NoVA Infosec is dedicated to the community of Metro DC-based security professionals and whitehat hackers involved in the government and other regulated verticals. Find out more on our About Us page.