topic March 2022 Meeting Minutes in Cleveland Chapter Discussion Forum

topic March 2022 Meeting Minutes in Cleveland Chapter Discussion Forum https://community.isc2.org/t5/Cleveland-Chapter-Discussion/March-2022-Meeting-Minutes/m-p/52186#M11 <P>Meeting Announcement / Invite Message:</P><P><STRONG>Let’s get together - IN PERSON</STRONG></P><P>We’re hosting a new event, and we’d love to see you there.  Join us for March, 29, 2022 (ISC)2 Cleveland Chapter Meeting - InfoSec - In house or Outsource?,</P><P><STRONG>It was virtual last month but we're ONLY in person this month - at the Wild Eagle.</STRONG></P><P> </P><P>Every organization needs to address Information and Cyber security needs.  But how to do it?  Should they hire some cheap, energetic, computer kid to do it and let him figure it out?  <EM>("It's just a firewall, right, that Internet thing we bought 5 years ago?")  </EM>Should they impress the investors and appease the insurance carrier by hiring another fancy "suit" to build another big department?  How about just paying some company who has "security and admin guys" to just take care of it and watch everything?  Ignoring the absurd extremes, there are worthy points and considerations along this spectrum.  Billy Heiser will moderate a group discussion with our chapter featuring our co-sponsors and panel participants from MRK.</P><P> </P><P>We will be gathering at the Wild Eagle in Broadview Hts. Ohio (NW "sector," Rt. 82 & I-77 - the official address is: 5001 East Royalton Rd., Broadview Heights, OH 44147).</P><P> </P><P>Co-Sponsors: MRK and the Cybersecurity Summit</P><P>We hope you’re able to join us - IN PERSON!!!</P><P> </P><P>Start: 17:32</P><P>Attendees: 29</P><P>Sponsored: MRK</P><P>Security Friends</P><UL><LI>Canadian ransomware against Tampa - Netwalker RW Attack</LI><LI>OKTA hack puts thousands of companies on alert by Lap$$</LI></UL><P>                        ○ Supply chain laptop hacked</P><UL><LI>RW Bridgestone subsidiary - outage for a week</LI></UL><P>                        ○ Toyota suppliers getting hit</P><UL><LI>MS Lap$$ attack - Krebs on Security article</LI></UL><P>                        ○ 1st generation of MFA attack</P><P>                        ○ High value assets should be under MFAv2 - digital dongs (UbiKey) no push</P><P>                        ○ Also offering cash per week for credentials</P><UL><LI>50% of all data breaches involve some form of insider threat</LI><LI>DOJ charges Russian employees for hacking energy sectors in 135 companies</LI><LI>What can security people do to influence decisions within their companies</LI></UL><P>                        ○ Quick and pointed presentations & information</P><UL><LI>FCC puts Kaspersky on security watch list - pose an unacceptable risk</LI></UL><P>Topic 1 - InfoSec In-house or Outsourced</P><UL><LI>What are the differences between in and out</LI></UL><P>                        ○ Many people who were specialists and larger cross-teams (in); doing same job for multiple companies, see commonalities evolve between companies (out)</P><P>                        ○ Swim upstream and learning to speak a language (in), customers want to listen (out)</P><P>                        ○ Small teams (in), different challenges within companies (out)</P><UL><LI>In a services role, is there a demographic of companies that choose one over the other</LI></UL><P>                        ○ Small companies want someone to do it all for them and outsource</P><P>                        ○ Commercial orgs have dedicated FTEs and compliment with outsourcing, most don't have the CISO position, looking to strike a balance</P><P>                        ○ Large enterprises have big sec staffs (500+ FTEs) to run things, have factor spending</P><P>                        ○ IT maturity can drive the run for CISO or MSSP</P><P>                        ○ Full time CISO can find more work than workers can do, outsourcing makes things more part time and manageable</P><UL><LI>Is it worth outsourcing because it becomes too difficult / expensive to staff</LI></UL><P>                        ○ Need to keep the staff engaged if inside</P><P>                        ○ Can move money and resources to other areas by outsourcing</P><P>                        ○ Retaining security people is hard as expertise increases - growth internal or they go elsewhere</P><P>                        ○ Security teams >10 have big turnover due to skills increases, no advancement, and inability of company to create roles</P><P>                        ○ Buy, build, or outsource - three choices</P><P>                        ○ Time, money, and accuracy - needs for security professionals</P><P>                        ○ Real, validated, and actionable - the needs of when something hits the desk</P><P>                        ○ Outsourcing the SOC allows for leveraging the knowledge of many other people</P><P>                        ○ Do not outsource vendor management</P><UL><LI>Engineering and operations side of the house</LI></UL><P>                        ○ Keep engineering inside, operations can be outsourced</P><P>                        ○ Drive a car vs build a car</P><P>                        ○ Firewall management - open a ticket to make it happen</P><P>                        ○ Automated response and actions can be outsourced</P><P>                        ○ Bring in experts where needed to assist in getting it happening</P><P>                        ○ Outsourcing engineering takes away your ability to affirm that security is being done</P><P>                        ○ Can outsource the work but cannot outsource the risk, the company always owns the risk</P><P>                        ○ Bring in people due to the acceptance of working remote - able to get talented people who might not have been able to work for the company</P><P>                        ○ Outsource M&A due diligence</P><UL><LI>RW tabletop = 1 technical to make sure it can be done, 1 with only execs for them to figure out what will actually happen, then share with each team</LI><LI>Highest value outsourced service (basic to advanced) = MDR/EDR, O365, managed SIEM, SOAR, vCISO, pen testing</LI><LI>It's easier to get $500K than to get 5 staff - if you're not willing to put the staffing, we're not doing the project</LI><LI>Reducing the EPS on the SIEM to meet the level of what the 3 staff can watch means you are actually reducing your realized value of the SIEM</LI><LI>Technical debt or tools rationalization - how can I pay for it</LI></UL><P>Job Postings</P><UL><LI>Progressive - FW Engineer</LI><LI>Black & Decker - interns</LI><LI> </LI></UL><P>End: 19:44</P><P> </P> Wed, 27 Jul 2022 23:15:56 GMT TedKozenko 2022-07-27T23:15:56Z March 2022 Meeting Minutes https://community.isc2.org/t5/Cleveland-Chapter-Discussion/March-2022-Meeting-Minutes/m-p/52186#M11 <P>Meeting Announcement / Invite Message:</P><P><STRONG>Let’s get together - IN PERSON</STRONG></P><P>We’re hosting a new event, and we’d love to see you there.  Join us for March, 29, 2022 (ISC)2 Cleveland Chapter Meeting - InfoSec - In house or Outsource?,</P><P><STRONG>It was virtual last month but we're ONLY in person this month - at the Wild Eagle.</STRONG></P><P> </P><P>Every organization needs to address Information and Cyber security needs.  But how to do it?  Should they hire some cheap, energetic, computer kid to do it and let him figure it out?  <EM>("It's just a firewall, right, that Internet thing we bought 5 years ago?")  </EM>Should they impress the investors and appease the insurance carrier by hiring another fancy "suit" to build another big department?  How about just paying some company who has "security and admin guys" to just take care of it and watch everything?  Ignoring the absurd extremes, there are worthy points and considerations along this spectrum.  Billy Heiser will moderate a group discussion with our chapter featuring our co-sponsors and panel participants from MRK.</P><P> </P><P>We will be gathering at the Wild Eagle in Broadview Hts. Ohio (NW "sector," Rt. 82 & I-77 - the official address is: 5001 East Royalton Rd., Broadview Heights, OH 44147).</P><P> </P><P>Co-Sponsors: MRK and the Cybersecurity Summit</P><P>We hope you’re able to join us - IN PERSON!!!</P><P> </P><P>Start: 17:32</P><P>Attendees: 29</P><P>Sponsored: MRK</P><P>Security Friends</P><UL><LI>Canadian ransomware against Tampa - Netwalker RW Attack</LI><LI>OKTA hack puts thousands of companies on alert by Lap$$</LI></UL><P>                        ○ Supply chain laptop hacked</P><UL><LI>RW Bridgestone subsidiary - outage for a week</LI></UL><P>                        ○ Toyota suppliers getting hit</P><UL><LI>MS Lap$$ attack - Krebs on Security article</LI></UL><P>                        ○ 1st generation of MFA attack</P><P>                        ○ High value assets should be under MFAv2 - digital dongs (UbiKey) no push</P><P>                        ○ Also offering cash per week for credentials</P><UL><LI>50% of all data breaches involve some form of insider threat</LI><LI>DOJ charges Russian employees for hacking energy sectors in 135 companies</LI><LI>What can security people do to influence decisions within their companies</LI></UL><P>                        ○ Quick and pointed presentations & information</P><UL><LI>FCC puts Kaspersky on security watch list - pose an unacceptable risk</LI></UL><P>Topic 1 - InfoSec In-house or Outsourced</P><UL><LI>What are the differences between in and out</LI></UL><P>                        ○ Many people who were specialists and larger cross-teams (in); doing same job for multiple companies, see commonalities evolve between companies (out)</P><P>                        ○ Swim upstream and learning to speak a language (in), customers want to listen (out)</P><P>                        ○ Small teams (in), different challenges within companies (out)</P><UL><LI>In a services role, is there a demographic of companies that choose one over the other</LI></UL><P>                        ○ Small companies want someone to do it all for them and outsource</P><P>                        ○ Commercial orgs have dedicated FTEs and compliment with outsourcing, most don't have the CISO position, looking to strike a balance</P><P>                        ○ Large enterprises have big sec staffs (500+ FTEs) to run things, have factor spending</P><P>                        ○ IT maturity can drive the run for CISO or MSSP</P><P>                        ○ Full time CISO can find more work than workers can do, outsourcing makes things more part time and manageable</P><UL><LI>Is it worth outsourcing because it becomes too difficult / expensive to staff</LI></UL><P>                        ○ Need to keep the staff engaged if inside</P><P>                        ○ Can move money and resources to other areas by outsourcing</P><P>                        ○ Retaining security people is hard as expertise increases - growth internal or they go elsewhere</P><P>                        ○ Security teams >10 have big turnover due to skills increases, no advancement, and inability of company to create roles</P><P>                        ○ Buy, build, or outsource - three choices</P><P>                        ○ Time, money, and accuracy - needs for security professionals</P><P>                        ○ Real, validated, and actionable - the needs of when something hits the desk</P><P>                        ○ Outsourcing the SOC allows for leveraging the knowledge of many other people</P><P>                        ○ Do not outsource vendor management</P><UL><LI>Engineering and operations side of the house</LI></UL><P>                        ○ Keep engineering inside, operations can be outsourced</P><P>                        ○ Drive a car vs build a car</P><P>                        ○ Firewall management - open a ticket to make it happen</P><P>                        ○ Automated response and actions can be outsourced</P><P>                        ○ Bring in experts where needed to assist in getting it happening</P><P>                        ○ Outsourcing engineering takes away your ability to affirm that security is being done</P><P>                        ○ Can outsource the work but cannot outsource the risk, the company always owns the risk</P><P>                        ○ Bring in people due to the acceptance of working remote - able to get talented people who might not have been able to work for the company</P><P>                        ○ Outsource M&A due diligence</P><UL><LI>RW tabletop = 1 technical to make sure it can be done, 1 with only execs for them to figure out what will actually happen, then share with each team</LI><LI>Highest value outsourced service (basic to advanced) = MDR/EDR, O365, managed SIEM, SOAR, vCISO, pen testing</LI><LI>It's easier to get $500K than to get 5 staff - if you're not willing to put the staffing, we're not doing the project</LI><LI>Reducing the EPS on the SIEM to meet the level of what the 3 staff can watch means you are actually reducing your realized value of the SIEM</LI><LI>Technical debt or tools rationalization - how can I pay for it</LI></UL><P>Job Postings</P><UL><LI>Progressive - FW Engineer</LI><LI>Black & Decker - interns</LI><LI> </LI></UL><P>End: 19:44</P><P> </P> Wed, 27 Jul 2022 23:15:56 GMT https://community.isc2.org/t5/Cleveland-Chapter-Discussion/March-2022-Meeting-Minutes/m-p/52186#M11 TedKozenko 2022-07-27T23:15:56Z