Insights For Success

Strategy, Innovation, Leadership and Security

cybersecurity

Unlocking the Power of Purple Teams: A Comprehensive Guide to Enhance Your Cybersecurity Posture

GeneralEdward Kiledjian

TL;DR: Learn how Purple Teams can help your organization identify and combat new cybersecurity threats, as well as why this collaborative approach combining the expertise of Red and Blue Teams is gaining traction. With a competent Purple Team tester, you can enhance your cybersecurity posture, improve team communication and collaboration, and reduce the risk of security incidents.

As cybersecurity evolves, organizations must remain prepared to deal with new threats. As a result, a concept known as a Purple Team has gained traction in recent years. In this blog post, we will examine what Purple Teams are, the skills their members must possess, when to utilize them, the benefits they offer, and how to select a competent Purple Team tester.

Purple Teams: What are they?

A Purple Team is a collaborative group of cybersecurity professionals who combine the expertise of Red Team (offensive) and Blue Team (defensive) specialists. Using the Red and Blue teams' skill sets, the Purple Team identifies and addresses vulnerabilities in an organization's cybersecurity posture. When they work together, they can better identify weaknesses, develop strategies, and implement solutions to protect an organization's digital assets.

The following skills are required of Purple Team members:

  1. A Purple Team member should understand various technologies, platforms, and tools used in cybersecurity, from penetration testing tools to intrusion detection systems.

  2. The team members must be familiar with the latest threat landscape and be capable of analyzing and interpreting intelligence data to identify potential risks and vulnerabilities.

  3. In order to foster a cooperative environment between the Red and Blue Teams, strong communication and collaboration skills are crucial.

  4. To assess situations, identify potential threats, and develop effective mitigation strategies, Purple Team members must possess analytical thinking skills.

  5. As cybersecurity threats continually evolve, team members must be flexible and open to learning new techniques, tools, and methodologies.

Purple teams are helpful when:

Organizations should consider engaging a Purple Team in the following scenarios:

  1. It is essential to identify and address vulnerabilities when conducting regular security assessments.

  2. Evaluate existing security controls following a security breach or incident and identify areas for improvement.

  3. A significant change in infrastructure or technology, such as migrating to the cloud or implementing new applications, may be required.

  4. Ensure that security posture remains strong and current as part of a continuous improvement process.

Benefits of a Purple Team:

  1. An organization that relies on a Purple Team approach will benefit from the expertise of both offensive and defensive cybersecurity professionals, resulting in a more comprehensive evaluation of their security posture.

  2. Purple Teams contribute to developing a unified security strategy by fostering communication and collaboration between Red and Blue Teams.

  3. Continual Learning: By collaborating between the Red and Blue Teams, knowledge gaps are identified, and best practices are shared, improving overall security.

  4. A Purple Team allows organizations to prioritize and address vulnerabilities more efficiently, reducing the risk of breaches and other security incidents.

Selecting a Good Purple Team Tester:

Consider the following factors when searching for a Purple Team tester:

  1. Candidates should possess both offensive and defensive cybersecurity experience.

  2. Testers must possess industry-recognized certifications like CISSP, OSCP, and CEH.

  3. Assess the tester's reputation by reviewing their previous work, client testimonials, and industry recognition.

  4. Testers should be able to effectively communicate their findings, insights, and recommendations to a variety of stakeholders.

  5. Purple Team testers should be able to tailor their testing methodology to your organization's specific needs and requirements.


#cybersecurity #PurpleTeam #RedTeam #BlueTeam #offensivesecurity #defensivesecurity #collaboration #communication #continuousimprovement #vulnerabilityassessment #securitycontrols #cloudsecurity #applicationsecurity #knowledgegap #bestpractices #riskmanagement #testers #CISSP #OSCP #CEH #reputation #tailoredtesting #findings #recommendations

Toronto Citizen Lab: Protecting Digital Security and Human Rights in the Age of Cyber Threats

GeneralEdward Kiledjian

debtly.org

TL;DR: Discover how the Toronto Citizen Lab advances digital security and human rights. Learn more about their notable contributions to cybersecurity, including discovering government-sponsored spyware and their commitment to promoting freedom of expression and access to information. Learn more about this multidisciplinary research center's role in addressing cyber threats in the modern world.

--------------------------------------------------------------------------------------

In an increasingly connected world, cybersecurity has never been more critical. However, increasingly sophisticated and complex cyber threats make it more difficult to defend against them. This is where organizations such as the Toronto Citizen Lab come into play.

It is a multidisciplinary research center dedicated to advancing and protecting digital security and human rights. As part of their work, they examine various issues related to cyber threats, such as censorship, surveillance, and online privacy.

Toronto Citizen Lab has significantly contributed to cybersecurity by uncovering and exposing government-sponsored spyware. They have been involved in some high-profile cases, including discovering the Pegasus spyware used by the Mexican government to target journalists and activists.

Besides uncovering malware and phishing attacks, the Citizen Lab has also uncovered a range of other cyber threats. They work closely with academic, industry, and civil society partners to investigate these threats and develop mitigation strategies.

Citizen Lab is not only committed to cybersecurity but also to advancing human rights in the digital age. Their research focuses on online censorship, surveillance, and promoting freedom of expression.

Toronto Citizen Lab is a vital organization that is dedicated to protecting digital security and human rights. In addition to their significant contributions to cybersecurity, they will continue to play a critical role in addressing future cyber threats.

Link: Citizen Lab

#CyberSecurity #DigitalSecurity #HumanRights #TorontoCitizenLab #PegasusSpyware #OnlinePrivacy #Censorship #Surveillance #Malware #PhishingAttacks #FreedomOfExpression #AccessToInformation #Research #Investigation #Mitigation #Multidisciplinary #Academia #Industry #CivilSociety

How HR can identify a strong modern CISO candidate

GeneralEdward Kiledjian

The cybersecurity landscape of today is both dynamic and complex. A new attack may occur at anytime, and new threat actors are constantly devising new ways to target businesses and consumers. Businesses need access to cybersecurity leaders who can identify risks and implement solutions accordingly to stay competitive in this ever-changing cyber ecosystem. Over the past several years, the role of a cybersecurity leader has also evolved. To achieve organizational goals, today's strategists must understand the nuances of the digital world and be able to work with various stakeholders across different departments. Here are some factors that may indicate whether a candidate will be successful as a modern CISO in today's security environment:

Has a clear understanding of end-to-end security

As a leader of an organization's cybersecurity team, the best candidates should understand how the various end-to-end security components interact. In addition, they should have experience working with the security team to identify gaps and requirements in each of these areas. Moreover, these candidates should be able to demonstrate a deep understanding of the threat landscape, including how the various threats interact with the company's assets and infrastructure. Finally, candidates with a strong knowledge of threat modelling and penetration testing will be able to assist the team in preventing security issues and ensuring compliance with regulatory requirements.

Deep understanding of threat landscape and current trends

To succeed as a CISO, a person must quickly understand a business' threat landscape and then use this knowledge to make informed decisions. If, for example, a company experiences a breach affecting an employee's record, the candidate should have a comprehensive understanding of how the latest threat landscape and trends could affect the organization. An effective candidate will be able to predict how this scenario might affect the organization, including how it might negatively affect the company's reputation or increase its risk exposure.

Demonstrates digital fluency across operations, technology and culture

A cybersecurity leader must communicate clearly with both internal and external stakeholders. Candidates who can communicate effectively in writing and through visual content (e.g., whiteboards, presentations, etc.) are more likely to succeed than candidates who rely exclusively on written communication. In addition, it is essential to assess how candidates communicate with their teammates. Leading a cybersecurity team may be challenging if candidates need help collaborating with different departments and individuals.

Demonstrates exceptional leadership qualities

The cybersecurity leader of the future must be capable of building strong relationships and fostering strong team cohesion. A candidate must be capable of identifying which stakeholders play a critical role in achieving organizational goals and demonstrate excellent leadership and communication skills to work with them effectively. Modern CISOs should be able to identify and address interpersonal issues (e.g., conflict, miscommunication) within the organization.

Wrapping up

Cybersecurity leaders must understand the various components of security from end to end, including operations, technology, and culture. Additionally, they must be able to see the big picture and utilize their expertise to make informed decisions. In addition, they should be able to communicate effectively with internal and external stakeholders and foster strong team cohesion. A successful candidate should possess a number of these qualities. The cybersecurity landscape of today is both dynamic and complex. There is always the possibility that a new attack will emerge at any time, and threat actors are continually developing new methods of targeting businesses and consumers. Business leaders must have access to cybersecurity leaders who can identify risks and implement appropriate solutions in this ever-changing cyber ecosystem. In recent years, the role of a cybersecurity leader has also evolved. The strategist of today must understand the nuances of the digital world and collaborate with various stakeholders across different departments to achieve the organization's goals.

Audit the security of your IOS apps

GeneralEdward Kiledjian

Checkup on your IOS APPs

In iOS15, IOS applications' security posture became more visible. Apple introduced a powerful tool that you may not be familiar with.

  • Go to Settings > Privacy

  • Click on Record App Activity at the bottom of the page

  • The toggle should be enabled.

It will record a 7-day summary of how often your apps have requested sensitive access (such as microphone, camera, domains they access, etc.).

Once you have enabled it, come back a week later and be amazed. If you are a more technical user, you can export the report as a JSON file.

CISOs are stressed and I can prove it

GeneralEdward Kiledjian
face-1013520.jpg

Not a week goes by without some data breach, leak, hack, attack or other significant cybersecurity failures that spills all over blogs and even national media.

Five years ago, only avant-garde companies invested in cybersecurity; today, it has become a must. Companies realize the importance of a solid cybersecurity plan built on the People, Process and Technology pillars. One topic rarely discussed by corporate executives or security leaders is the incredible (and growing) stress the current environment inflicts on CISOs.

hooded-man-2580085.jpg

The stress is real

Stress is a normal way of life for most executives, but CISOs feel an acute level. Nominet's report, in collaboration with Vanson Bourne, The CISO Stress Report - Life Inside the Perimeter: One yes on", was the first quantification of this systemic issue.

In 2019, Nominet and Vanson Bourne conducted 800 online interviews in the USA and U.K (400 C-Suite and 400 CISOs). The included CISOs worked for both public and private corporates with at least 3,000 employees. They were quizzed about work-related stress and its effect on their professional & personal lives.

88 percent of CISOs consider themselves under moderate or high levels of stress

digital-marketing-1725340.jpg

Some Interesting conclusions

  • 7 out of 10 CISOs agree their work-life balance is too heavily weighted towards work (71%)

  • Almost all CISOs are working beyond their contracted hours, on average by 10 hours per week (95%)

  • This equates to extra time worth $30,319 per annum

  • 87% of CISOs say that working additional hours was expected by their organization, while 78% of board members admitted this to be the case

  • 83% of CISOs spend at least half of their evenings and weekends thinking about work

  • Only 2% say they are able to switch off once they’ve left the office

  • Over a third have failed to take all entitled annual leave

  • 45% have missed family milestones or activities

More about the stress

The average tenure of a CISO is 26 months, and many believe stress is the primary motivator of change.

CISOs reported missing important family events such as birthdays, vacations, weddings and even funerals. Even with all the stress and extra working hours, most CISOs aren't taking their full annual leave (or sick days, time off for medical & dental appointments, etc.)

Stuart Reed, vice president at Nominet, suggested that the stress and wear & team on CISOs result from a combination of internal and external factors. The external factors are the headlines your read about, while the internal stresses are the pressure from executives expecting CISOs to "properly" handle these incidents and to provide updates & answers continually.

darts-102919.jpg

What are the most stress inducing elements?

  • 44% being responsible for securing the organization and preventing breaches

  • 40% the need to stay ahead of threat intelligence

  • 39% the long hours worked

  • 65% of those surveyed had suffered a breach in the past 12 months

  • 37% of CISOs consider themselves ultimately % responsible for a breach while 31% of board members agree

  • A fifth of CISOs believe they would be fired as a result, regardless of whether or not they themselves were responsible

leaf-1082118.jpg

What are the effects of the stress?

  • Nearly half of CISOs said the levels of stress they are under has impacted their mental health (48%)

  • 35% also reported that their stress had impacted their physical health

  • 4 out of 10 CISOs said that their stress levels had affected relationships with their partners or children

  • 31% said the stress affected their ability to fully perform at their job

pencil-2878764.jpg

How are CISOs coping with the stress?

  • A quarter of CISOs are turning to medication or alcohol to manage their stress - an increase from 17% a year ago

  • A fifth have taken a leave of absence due to stress (21%)

  • 21% believed there to be no support structures in place within their organization to help deal with stress, while 94% of board members suggest there are

  • 9 out of 10 CISOs would take a pay cut to improve their work-life balance; on average 7.76%, equating to $9,642

grass-455753.jpg

The silver lining

The report suggests that boards of directors are aware of the stress affecting their CISOs (74% of respondents believe that moderate or severe stress impacts their CISO).

As the board of directors and CIOs acknowledge this significant issue, they show more willingness to hire support staff to alleviate some of the stress elements. Ensuring the CISO is surrounded by skilled senior professionals can help alleviate many of the most aggravating elements. These supporting professionals must be experienced security technicians and have strong business acumen, strong interpersonal skills and the ability to work in teams or alone.

Another important stress reliever is ensuring the CISO can honestly share the state of their cyber universe with the executive leadership team to ensure decision-makers universally understand risks and provide executive support to the CISO (guidance and funding). The CISO must know he/she is not alone.

Cybersecurity is growing in importance and, for many organizations, has become the price of entry. Executives have started to understand this important fundamental truth and are now more willing to share the cybersecurity burden.

Conclusion

I built my first security business (a Canada wide security practice) that was later sold to Bell Canada in the early 2000’s and have been actively involved in cybersecurity since. Over the last 20+ years, I have seen the importance of security grow and this has required the creation of the CISO role.

Unfortunately I see too many CISOs that have been promoted to their level of incompetence (read about Peter’s principle here). The job is difficult enough for the professional with the right skills but is deadly for the wrong professional promoted as a reward (not because of merit).

Companies should perform an honest review of their CISOs competence and abilities. Thrusting the wrong person into this role is a disservice to the candidate.

Additionally it is important to realize that most security certifications tackle the technical skills. These are important but form less than 40% of the CISO’s true day to day responsibilities. The key skills (negotiation, strategic vision, budgeting, people management, etc) are completely ignored in most of the certifications companies deem “required” when posting a CISO job. HR leaders must quickly understand the new realities of the CISO role and craft job descriptions akin to that of a business executive leader than a manager for firewalls. This realization is important because a properly skilled CISO will handle the stress much better and therefore will deliver a much higher return on investment for the company.

HR leaders must learn to hire the right candidate for the CISO position