The term “Workflow” gets thrown around quite a bit in security, most commonly used within the context of security operations, incident detection and response.

Here’s the thing:

Nobody owns your workflows but you. You create them. You manage and iterate on them. You report on them.

There are no sh...

Is your security team thinking differently?

Do you even know how any modern threat actors work?

Because if you did you’d stop this old way of thinking:

Detect bad
Respond to bad
Prevent bad
Alert review to zero
100% true positive rate
0% false positive rate
No App Control
No Asset/Config Management
Patc...

Yet another reason why security analysts and network defenders suffer from alert fatigue.

Let’s break down an alert from a fairly known security tool (I won’t be calling out the vendor) :

“ <Time> <IP Address> <Malware: Async RAT> <Mitre Code: T1566.001, T1566.002, TA0011> “

First impressions :

With zero experience, how do I crack into the security industry?

I hear this question all the time. Mostly from college students but more from high schoolers and those who decided not to pursue the traditional college route.

The qualities I look for in green candidates are simple and straightforwa...