[SC-100] Identity is more than a username

August 06, 2023

While studying for the SC-100 exam, a concept really resonated with me: the definition of identity and its purpose in security.

I think for some folks (myself included), it's been all too easy to think of "identity" as a singular credential; a unique data element. Like an ID card. While understandable, I think that . . .

Read More

Trivial terminology: MITRE vs MITRE Engenuity?

What's the difference?

August 05, 2023

I like this succinct explanation from Check Point on the difference between "MITRE" and "MITRE Engenuity". Good stuff.

The MITRE Corporation is a US Government federally funded research and development center (FFRDC), and the MITRE Engenuity is a foundation dedicated to using the research and technology . . .

Read More

[SC-100] NIST 800-61 response management phases

August 05, 2023

I'm digging this simple (but functional!) illustration of the NIST 800-161 response management phases, courtesy of Microsoft Learning:

Good stuff!

Read More

[SC-100] Simplified explanation of technical response to incidents

August 05, 2023

While perusing a study guide for SC-100 exam, I came across a really nice and succinct explanation for technical response. It's one of my favorite quotes now:

(...) there are two key goals that every incident response should aim to address from a technical perspective. The first is identifying the scope of the attack (...) . . .

Read More

Cybersecurity and productivity

July 27, 2023

I came across a nifty quote by Pete Zerger while watching one of his LinkedIn Learning courses. This one really resonated with me:

Focus on security and productivity. Ensure that security enables productivity as well as reducing risk. If it hampers productivity or increases risk, reconsider.

I know at first . . .

Read More

IoT Architecture Zones

July 20, 2023

I'm digging this illustration of IoT security architecture zones, courtesy of Microsoft docs.

The beauty of it all is the simple (but effective) principles:

  • Segment the solution
  • Minimize the impact of lower-trust zones against higher-trust zones
  • Assume that as data traverses zones, it could be . . .

Read More

[SC-100 Exam Prep] Zero trust example workflow topology

A (zero trust) picture is worth a thousand words :-)

July 07, 2023

In preparing for the Microsoft SC-100 exam, I came across a nifty article from Microsoft regarding their position on Zero Trust.

Among other things, it includes a high-level example diagram of a topology combining a number of concepts.

Check it out:

Read More

Archive
   Subscribe by email and never miss a post.

This update link alerts you to new Silvrback admin blog posts. A green bubble beside the link indicates a new post. Click the link to the admin blog and the bubble disappears.

Got It!