Security Driven by Business Needs

And not the other way around.

Companies that perform managed IT services for their customers are under attack by criminal operations due to their connections into other businesses. A ransomware or data extortion attack will put the provider under immense pressure to pay up or lose their business. But where do you begin to protect your company and your customers?

Searching for recommendations on how to strengthen your defenses is a maze of technologies, platforms, appliances, and jargon. Instead of talking about the problems you are trying to solve, providers focus on technology to implement. Isn’t this supposed to be the other way around?

It is and it must be to be effective

The Process

  • Examine
    • Examine where your practices are at today
    • Discover gaps that need shoring up
  • Plan
    • Create a plan to address the discovered gaps
    • Evaluate options that will address the needs the business
    • Prepare procedures to support your operations securely
  • Implement
    • Only after the first two steps do we move towards implementation

Your Security Advisor

Hello, I’m Jason and I help businesses become far more resilient to cyber attacks. I’ve worked in IT operations and security for over 20 years, with a front row seat into how adversaries operate for the last five years. They say that “offense informs defense” and I believe this is particularly true when we observe how adversaries actually compromise and damage their victims.

I have analyzed hundreds of intrusions performed by the extremely inept to some of the most sophisticated attack. I’ve been a security engineer and systems administrator. I also spent a number of years as a penetration tester. My unique background allows me to make recommendations based on how to continue operating an environment while also protecting it from attack.


Podcasts

I’ve been a podcaster for a long time now and I love being able to share with others. Please check out the shows below. Enjoy!

Security Weekly News

I’m on the Security Weekly News podcast every Tuesday and provide commentary on the latest events in security.

InfoSec Career Podcast

The InfoSec Career Podcast is a series of interviews with some extremely talented people who work in security. We discuss how they got into security and how they have found success in their careers. I feel very fortunate to have been able to interview such a great group of people.