We share our grand vision for the future of Cyber Security - AUTOMATIC SECURITY! But don't get it confused with AUTOMATED security. Tune in to find out the distinction. It's a big vision and our conversation touches on a lot of areas of cyber security.

We're riffing off a talk Stuart gave with Jason Lang about the elements within Cyber Security that sit in tension with each other in order to make the whole better. And if you don't know when and where they exist, they can become tar pits that cause us to get stuck.

Small teams – handicap or super power?

A small team can be more of a superpower – but only if you build it that way.

We talk about how you can put your small team on the path to being as good as or better than a large team with more resources.

Football metaphor for fundamentals, literal for cybersecurity

Is an idiom that originates from the phrase “Block and Tackle” which refers to a series of pullies to make lifting easier – force multiplier through effort reduction

https://www.merriam-webster.com/dictionary/block%20and%20tackle

What are 3 key fundamentals we see overlooked? - tactics to employ tomorrow to force multiply through effort reduction

How we picked these:

1) Reward on these far outweigh the risk (40+ environments)

2) You probably have the data & tools at your disposal

There's lots of uncertainty everywhere - everything kind of sucks - can we give people hope? Are there some contrarian themes for 2024?

Last episode we intended to talk about how to attack competing priorities

What we ended up doing is outlining a mental model for looking at defensive security – from an execution standpoint

One we’ve developed and put into practice through the products and services of Outpost Security

Not only do some security teams have diverging priorities, often times we find that analysts and engineers have goals that are opposed and in conflict with one another. How can your SOC move forward when your teams are moving in complete different directions. In this episode we are going to talk about how your team can find common ground and identify unifying objectives.

This statement follows us wherever we go, whether it’s during an assessment or an implementation. Seasoned security professionals and Splunk users are surprised at some of the features available in Splunk ES. In this episode we are sharing some of these elusive capabilities with you so that you can get the most out of this best in class SIEM.

Stuart wanted to take a bit of time talking about Gratitude, finding the unique aspects of this work that help us, as security professionals, stay in the grind, stay in the fight and keep chasing better solutions and outcomes. And Will, newer (4 years) to the security battle, shares his perspective having chose this path after years in other parts of tech. We hope this episode energizes you to stay strong and curious about enterprise security.

We have a bone to pick with the current understanding of being Resilient as it applies to enterprise security. “Resiliency” tries to be a encapsulate how well your organization can defend against unexpected attacks from any where at any time. Some want to point you at the latest tech to add to your stack or list to check against. We have found other indicators that have more impact on your organizations resiliency that any of those.

This episode is all about Murphy’s Law of Combat and how it pertains to DEFENSIVE cybersecurity. This episode is one of Stuart’s favorite topics and we had a lot of fun selecting a few of the laws to discuss and apply to the work we do. Settle into your seat and let’s secure the frontiers of ES.

In this second segment we cover question from community members around integration of RBA with other technologies.

Hot off the heals of Splunk’s .Conf 2023 we are joined by Haylee Mills, Security Strategist from Splunk and community proclaimed “Queen of RBA” to recap the event and the latest RBA conversations.

Successful implementation of Risk Based Alerting in Splunk can be very challenging. Implementing any SIEM is challenging for that matter.  We’ve seen a lot of teams struggle and distilled the problems we’ve observed into three key areas.

For their first interview of the podcast, Will and Stuart talk with Jimi Mills, the CSO of Texas Instruments. Jimi shares about career in security, the ever changing landscape, the value of collaborative culture, and how they all met over late night security chats at Splunk .conf. This conversation provides a glimpse into the future for security leaders who have started their journey into the frontiers of RBA. The ups and downs and the hope it can bring to your SOC.

In this episode Will and Stuart discuss the term “Maturity” and how it has been used to shame your security operation. Instead of measuring maturity, how can we talk about ACTUAL capability, being honest with yourselves so you can meet the needs of your organization.

Welcome to the Outpost RBA Podcast; Securing the Frontiers of Enterprise. Will and Stuart host their first Call-in-style show to answer listener question

Will introduces the metaphor of SYMPHONY to talk about moving from the dissonant noise of your SIEM into a resonant, ordered, performance of security.

In this episode we clear up some common misconceptions security teams have about RBA and equip you to start championing it in your organization.

In this first episode we talk about the Origins of RBA; How Stuart McIntosh and his team defined the solution they wanted for their SOC and in the end built it themselves - thus RBA was born. Stuart and Will also tell stories about their experiences implementing RBA; Employees using date fields to store credit cards, the compounding of tech debt, process debt, data debt, and more!