Jump to content

Ian Chisholm

  • Content Count

  • Joined

  • Last visited

  • Invited by

    Kevin Beaumont

Community Reputation

5 Neutral

Personal Information

  • Bio
    Blinky boxes. All things Security Operations. Compliance, SIEM, DFIR, firewalls, data governance, perimeter, cloud, endpoint.

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Interested in this, @james mckinlay. Why are you bringing filtering in-house? Regulatory? Or lack of efficacy of providers? our email filtering is already run from in-house but I’m moving away from Microsoft ATP.
  2. Policy changes, tooling, and controls to get to ISO27k next year.
  3. Funny, that’s what I call my 6 year old daughter!
  4. Aye, that’s Microsoft best practice advice. And don’t mirror MFA methods in case, for example, mobile network is down. theres a decent link (below) but the MFA requirement is still there. link: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-emergency-access So I’ll add “and keep your fingers crossed” to the policy document!
  5. I was SO hoping there would be something else!!!
  6. Sooo. We are obviously doing MFA, and microsoft is (soon) forcing MFA on O365 and Azure admin accounts anyway, But is anyone out there looking at Disaster Recovery policies and processes for when MFA goes belly up? How do you plan to access those accounts and potentially grant non MFA access to users in an emergency for business continuity? We are using Azure MFA, not Duo, etc. Good enough to force non cellphone related MFA? Take the day off when this happens, as it did in Nov, 2018?
  7. Definitely how to interact with people, whether it’s reporting up, down, or responding to questions. In my experience, always achieved through experience and example.
  8. she autodetected the kids brand new school sweaters.
  9. Other value for money platforms like LogLogic, too.
  10. Eventually you need to run a scream test anyway. Go for it. Tell them we said you could! 😎
  11. My team is spread over 9 timezones, and next year that may be more. I see no issue in having my guys work from home, or work remote. If an incident happens in Edinburgh and they are in San Diego physical proximity isn’t going to help. as a manager I have happy staff that like the working conditions and stay because they feel empowered and valued. personally I WFH 3-4 days per week and my boss is Boston based, so effectively I’m remote too. I don’t believe it affects my efficiency.
  12. Couldn’t work without SIEM, and AV. We don’t use Splunk so less of a cash cow 🙂 SIEM gives central visibility, not a replacement for good practice but complements it well. AV also isn’t a be all and end all, but a good endpoint solution is essential if you can’t go down the app whitelisting road.
  13. I’m Ian. Physics grad, and postgrad with some optical engineering and lasers thrown in in between. Programmed with MPICH and CHIMP parallelising optical and seismic data signal processing before shifting into Linux and SunOS/Solaris admin. Discovered windows networkIng around Novell 3. Discovered Linux at Slackware 0.9. Linux sysadmin, Windows sysadmin, bad coder. Active Directory, Information governance, SOC, SIEM, DFIR, vulnerability management. Meetngs, meeting, meetings. I love meetings. outside work, yes there is some, I cycle, rock climb, and taxi my kids.
  14. It’s funny coz we’re still wrestling with Windows XP but we are steamrollering windows 7. So end of this year we’ll be almost through the win10 migration, and I bet we’ll have more windows XP or server 2003 machines than windows 7!
  • Create New...

Important Information

We use cookies as we're cookie monsters. Privacy Policy