avatarTeri Radichel

Summary

The website content provides a comprehensive guide on automating cybersecurity metrics, focusing on AWS services, with a series of blog posts that detail the process of developing a secure deployment architecture using AWS, including the use of security automation, IAM roles, KMS keys, batch jobs, and network security configurations.

Abstract

The provided web content outlines a series of blog posts under the title "Automating Cybersecurity Metrics (ACM)," which delve into the intricacies of cybersecurity metrics and security automation, particularly within the AWS cloud environment. The author, presumably an expert in cloud security, shares insights on creating a secure architecture for deployments, emphasizing the use of AWS Identity and Access Management (IAM) roles, AWS Key Management Service (KMS) keys, and batch jobs for automated security tasks. The posts cover a wide range of topics, from setting up secure network configurations to implementing zero-trust policies, and provide practical examples and code snippets for readers to follow. The content aims to educate and guide cybersecurity professionals and enthusiasts through the complexities of cloud security, governance, and compliance, while also addressing common security challenges and potential attack vectors.

Opinions

  • The author advocates for a systematic approach to cybersecurity in the cloud, emphasizing the importance of automation and consistent naming conventions.
  • There is a strong focus on AWS services and best practices for securing AWS environments, suggesting a preference or expertise in AWS solutions.
  • The author believes in the necessity of implementing zero-trust policies and principles of least privilege to enhance cloud security.
  • Encryption and secure management of credentials are highlighted as critical components of a robust security strategy.
  • The content suggests that the author values the sharing of knowledge and resources, as evidenced by the provision of GitHub repositories and links to detailed blog posts.
  • There is an opinion that security should not be an afterthought but should be "baked in" from the ground up in any cloud architecture.
  • The author expresses the need for continuous improvement and revisions in security practices, indicating a dynamic and evolving approach to cybersecurity.
  • The posts convey a concern about the risks associated with credential exposure and the importance of securing access to cloud resources.
  • The author emphasizes the role of governance and organizational policies in maintaining cloud security, highlighting the use of AWS Organizations and Service Control Policies (SCPs).
  • There is a clear opinion that practical, hands-on examples and code are essential for learning and implementing cybersecurity measures effectively.

Automating Cybersecurity Metrics (ACM)

A series of blog posts on cybersecurity metrics and security automation

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

⚙️A series on Security Automation. The Code.

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FYI, I’m not getting paid for anyone who reads or claps on this particular story by Medium for some unknown reason. If you like this story please read and clap on the story in this blog to show your support.

GitHub Repo (In Progress):

Note:

This is an on-going account of developing a system on AWS for secure deployments and evaluation of deployments. The code evolves significantly over time and the posts at the end are the most up to date. Maybe someday I’ll get around to summarizing this but not done yet. :-)

Topics:

Approaching 350 posts exist in this series on automating Security Metrics Automation. I happen to be using AWS but the security and automation concepts are applicable to Azure, GCP or on premises environments. What started out as a simple blog series on batch job automation for security became a bit more complex. I also have close to 1500 posts on mostly cloud security at the time of this writing so organizing them by topic here to make them easier to find.

Cloud Governance

AWS Organizations

Network Security

DNS Security

Okta and IdPs

AWS Security

Cloud Security Architecture

AWS IAM

AWS S3

Encryption and KMS

Creating a Static Website Hosted on AWS S3 (In progress)

Batch Job Security

Related:

Ubuntu on AWS

Secure Code

Application Security

Troubleshooting CloudFormation — tips and error messages you might face

Troubleshooting and Issues with EC2, CloudShell, etc.

Continuous improvement — revisions and do overs

I’m adding a preliminary post to this series to explain what it’s all about and where you may want to start. I decided to start over with a new account and rebuild everything out for reasons I explained along the way. All the initial posts are relevant and will be used in the new architecture. To decide where you want to start check out this post:

Walk through the thought process of creating secure Batch Jobs to capture and report on cybersecurity metrics in this blog series. Please note that this series contains information related to governance and secure deployments — not just the batch jobs themselves. I’m basically coding every day and writing about it as I go to complete a project I’m working on to help customers with security metrics.

Had to republish this one:

Oops 364.

A vulnerability was announced that involves SSH and RSA. I addressed that vulnerability in these three posts.

To be continued…

Follow for updates.

Teri Radichel | © 2nd Sight Lab 2023

The best way to support this blog is to sign up for the email list and clap for stories you like. If you are interested in IANS Decision Support services so you can schedule security consulting calls with myself and other IANS faculty, please reach out on LinkedIn via the link below. Thank you!

About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
Author: Cybersecurity for Executives in the Age of Cloud
Presentations: Presentations by Teri Radichel
Recognition: SANS Difference Makers Award, AWS Security Hero, IANS Faculty
Certifications: SANS
Education: BA Business, Master of Software Engineering, Master of Infosec
Company: Cloud Penetration Tests, Assessments, Training ~ 2nd Sight Lab
Like this story? Use the options below to help me write more!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
❤️ Clap
❤️ Referrals
❤️ Medium: Teri Radichel
❤️ Email List: Teri Radichel
❤️ Twitter: @teriradichel
❤️ Mastodon: @[email protected]
❤️ Facebook: 2nd Sight Lab
❤️ Threads: @teriradichel
❤️ Bluesky: @teriradichel
❤️ YouTube: @2ndsightlab
❤️ Buy a Book: Teri Radichel on Amazon
❤️ Request a penetration test, assessment, or training
 via LinkedIn: Teri Radichel 
❤️ Schedule a consulting call with me through IANS Research

My Cybersecurity Book: Cybersecurity for Executives in the Age of Cloud

Cybersecurity Metrics
Automation
Cybersecurity
Cloud Security
Topics
Recommended from ReadMedium