Reflecting and riffing on 5 years of Outpost Security. We discuss some lessons learned, patterns detected, hopes projected, and more. There’s a little bit of something for everyone and we’re happy to be here making an every increasing impact on the security industry and RBA community. 

Proofs-of-Concepts (POCs) can often be viewed as a low-risk throw away exercise to test a new strategy or system, but you never really know if the move is going to payoff long-term. So what if you’re looking to replace your entire SIM or make a big shift in strategy? Beyond the significant investment of time and a huge amount of risk, how would you even design a POC to justify the shift?

However, we’ve been able to run POCs with clients that have shown significant value, before they spend the first dollar (As quick as 2 weeks). We’re not only finding the cracks, but demonstrating the efficacy of their strategy down the road. 

Join us for this episode where we give you permission to expect more from your POCs and share what we are seeing work with our clients.

This episode we focus on the Security Analysts in the house! Leveling up security operations requires involving multiple teams at many different levels. But the analyst role is unique and we felt that it needed to be unpacked and given some time in the spot light. We hope you enjoy the episode!

In this episode we talk about pitching your idea or solution to leadership in order to find support and funding. THIS IS NO EASY TASK and can be intimidating. But it’s necessary if you want any influence over how your security program gets built out. Join us as we discuss how to be more successful in this part of the work. 

Let's dive into the flow state! We spend a lot of time talking about the academic and technical side of cyber security and we needed a break. There's a method to how we've been able to build our apps and grow Outpost and we wanted to talk about that this episode. Maybe it will help you tackle the obstacles and projects in front of you. 

Join us to explore practical theories around the business of risk and how to prioritize where you can have the largest impact. When you are faced with multiple attack vectors, how do you triage the situation and decide where to start. We're going to talk through some case studies and form a plan of action.

We share our grand vision for the future of Cyber Security - AUTOMATIC SECURITY! But don't get it confused with AUTOMATED security. Tune in to find out the distinction. It's a big vision and our conversation touches on a lot of areas of cyber security.

We're riffing off a talk Stuart gave with Jason Lang about the elements within Cyber Security that sit in tension with each other in order to make the whole better. And if you don't know when and where they exist, they can become tar pits that cause us to get stuck.

Small teams – handicap or super power?

A small team can be more of a superpower – but only if you build it that way.

We talk about how you can put your small team on the path to being as good as or better than a large team with more resources.

Football metaphor for fundamentals, literal for cybersecurity

Is an idiom that originates from the phrase “Block and Tackle” which refers to a series of pullies to make lifting easier – force multiplier through effort reduction

https://www.merriam-webster.com/dictionary/block%20and%20tackle

What are 3 key fundamentals we see overlooked? - tactics to employ tomorrow to force multiply through effort reduction

How we picked these:

1) Reward on these far outweigh the risk (40+ environments)

2) You probably have the data & tools at your disposal

There's lots of uncertainty everywhere - everything kind of sucks - can we give people hope? Are there some contrarian themes for 2024?

Last episode we intended to talk about how to attack competing priorities

What we ended up doing is outlining a mental model for looking at defensive security – from an execution standpoint

One we’ve developed and put into practice through the products and services of Outpost Security

Not only do some security teams have diverging priorities, often times we find that analysts and engineers have goals that are opposed and in conflict with one another. How can your SOC move forward when your teams are moving in complete different directions. In this episode we are going to talk about how your team can find common ground and identify unifying objectives.

This statement follows us wherever we go, whether it’s during an assessment or an implementation. Seasoned security professionals and Splunk users are surprised at some of the features available in Splunk ES. In this episode we are sharing some of these elusive capabilities with you so that you can get the most out of this best in class SIEM.

Stuart wanted to take a bit of time talking about Gratitude, finding the unique aspects of this work that help us, as security professionals, stay in the grind, stay in the fight and keep chasing better solutions and outcomes. And Will, newer (4 years) to the security battle, shares his perspective having chose this path after years in other parts of tech. We hope this episode energizes you to stay strong and curious about enterprise security.

We have a bone to pick with the current understanding of being Resilient as it applies to enterprise security. “Resiliency” tries to be a encapsulate how well your organization can defend against unexpected attacks from any where at any time. Some want to point you at the latest tech to add to your stack or list to check against. We have found other indicators that have more impact on your organizations resiliency that any of those.

This episode is all about Murphy’s Law of Combat and how it pertains to DEFENSIVE cybersecurity. This episode is one of Stuart’s favorite topics and we had a lot of fun selecting a few of the laws to discuss and apply to the work we do. Settle into your seat and let’s secure the frontiers of ES.

In this second segment we cover question from community members around integration of RBA with other technologies.

Hot off the heals of Splunk’s .Conf 2023 we are joined by Haylee Mills, Security Strategist from Splunk and community proclaimed “Queen of RBA” to recap the event and the latest RBA conversations.

Successful implementation of Risk Based Alerting in Splunk can be very challenging. Implementing any SIEM is challenging for that matter.  We’ve seen a lot of teams struggle and distilled the problems we’ve observed into three key areas.