The Chief Information Security Officer (CISO) Workshop Training

The Chief Information Security Officer (CISO) Workshop Training

The Chief Information Security Office (CISO) workshop helps accelerate security program modernization with reference strategies built using Zero Trust principles. The workshop covers all aspects of a comprehensive security program including strategic initiatives, roles and responsibilities, success metrics, maturity models, and more. Videos and slides can be found here.

For more information, this is the landing page:

For up to date Microsoft CI and Playbooks refer to this link:

Business Email Compromise (BEC) 

Australians and Australian businesses should be aware of Business Email Compromise (BEC) threats this tax time. BEC occurs when cybercriminals access email accounts to steal your sensitive and financial information, or commit fraud by impersonating employee or company email accounts to obtain money or data. 

What can you do?

Preventative and protective measures are simple, cost effective and immediately beneficial.

The ACSC is encouraging Australian individuals and businesses to strengthen their email security by taking the following steps:

  • Set secure passphrases for each account.
  • Set-up multi-factor authentication.
  • Exercise caution when opening attachments or links.
  • Think critically before actioning requests for money or sensitive information.
  • If you’re a business, establish clear processes for workers to verify and validate requests for payment and sensitive information.

Use the ACSC’s learning resources  

Individuals and businesses can learn how to protect their email accounts and know what to do after an email attack by using our easy-to-follow guides found here, including:

Cyber Security Mature Models

Cyber Security Mature Models

There are so many maturity models that help us evaluate, assess, and benchmark the effectiveness of our security programs.

Maturity Models, by nature, are structured at various levels for continuous improvement. Hence, these further help in “suggesting/recommending” directions to what capabilities or improvements are needed to improve the performance of these security programs.

Sharing some of the maturity models for reference:

1. AWS Security Maturity Model from Amazon Web Services (AWS)
You can also refer AWS Security Maturity Roadmap by Scott Piper

2. OWASP DevSecOps Maturity Model by OWASP® Foundation

3. DevSecOps Maturity Assessment by GitLab

4. Cloud Security Maturity Model by IANS

5. Red Team Maturity Model

6. Threat Detection Maturity Model by Snowflake

7. Threat Hunting Maturity Model by Sqrrl

PS: While these maturity models are insightful, they might be misleading if circumstances, context, and risk appetite are not well considered.

Passing; CISM Study Guide

Passing; CISM Study Guide

job descriptions

Information security governance

·          Information Security Governance: Guidance for Information Security Managers

·          Accountability for Information Security Roles and Responsibilities

·          Info Security Chiefs: Communications Is Key to Mitigate Risk)

·          Code of Professional Ethics

·          The Business Model for Information Security

·          Return on Security Investment

·          Differentiating Key Terms in the Information Security Hierarchy

·          How to Measure Security From a Governance Perspective

Information security operations

·          Information Security Architecture: Gap Assessment and Prioritization)

·          Nonsense Compliance

·          Enterprise Security Architecture—A Top-down Approach

·          The Benefits of Information Security and Privacy Awareness Training Programs

·          Checking the Maturity of Security Policies for Information and Communication

·          Framework for Protecting Your Valuable IT Assets

Risk Management

·          Developing an Information Security and Risk Management Strategy

·          Risk Management Process

·          Vulnerability Assessment

·          Enterprise Risk Monitoring Methodology

·          A Risk-Based Management Approach to Third-Party Data Security, Risk and Compliance

Information Security Incident Management

·          An Introduction to Information Security Incident Management)

·          Internal Control – Key to Delivering Stakeholder Value)

·          A Business-integrated Approach to Incident Response

·          Incident Management and Response

·          Evaluating Security Incident Management Programs)

Audit and monitoring

·          Strengthening Internal Audits Influence and Impact

·          Security Monitoring as Part of the InfoSec Playbook

·          Information Security Management Audit Program)

·          Integrating KRIs and KPIs for Effective Technology Risk Management

Other ISACA Resources:

·          CISM Certification Guide

·          CISM Certification | Certified Information Security Manager | ISACA

·          CISM Planning Guide (

Detecting the “Next” SolarWinds-Style Cyber Attack

Detecting the “Next” SolarWinds-Style Cyber Attack

Hardening SaaS

Hardening SaaS

For every complex problem there is an answer that is clear, simple, and wrong. H. L. Mencken

Log the following for SaaS and API

  • Admin role assigned or revoked.
  • API token created or revoked.
  • Application modified.
  • Look for impossible travel (UEBA) and based on ASN Address, expiry sessions to admin panels or admin api/users immediately.

Great talk by [email protected]

Microsoft Cyberattack Simulator

Microsoft Cyberattack Simulator

Microsoft has released an open-source cyberattack simulator that allows security researchers and data scientists to create simulated network environments and see how they fare against AI-controlled cyber agents.

This simulator is being released as an open-source project named ‘CyberBattleSim‘ built using a Python-based Open AI Gym interface. 

The Microsoft 365 Defender Research team created CyberBattleSim to model how a threat actor spreads laterally through a network after its initial compromise.

“The environment consists of a network of computer nodes. It is parameterized by a fixed network topology and a set of predefined vulnerabilities that an agent can exploit to laterally move through the network.”

“The simulated attacker’s goal is to take ownership of some portion of the network by exploiting these planted vulnerabilities. While the simulated attacker moves through the network, a defender agent watches the network activity to detect the presence of the attacker and contain the attack,” the Microsoft 365 Defender Research Team explains in a new blog post.

To build their simulated environment, researchers will create various nodes on the network and indicate that services are running on each node, their vulnerabilities, and how the device is protected.

Automated cyber agents (threat actors) are then deployed in the environment, where they randomly select actions to perform against the various nodes to take control over them.