In today's episode, I sit down with Zane West of Proficio. Zane has been in information security for more than 20 years - starting out in the "early days" as a sysadmin and then moved up into global infrastructure architect function in the banking world. Today Zane manages Proficio's solution and product development. I sat down with Zane over Skype to talk about how companies can better analyze and defend their networks against attacks. Specifically, we talk about:
How important is it to have an IT background before you jump into security?
How can newb(ish) security analysts and pentesters better understand the political/financial struggles a business has, rather than charge in and scream "PWN ALL THE THINGS!"
Is there a "right way" to step into an organization, get a lay of the land and discover/prioritize their security risks?
Why in the world does it take twenty seven people to run a SOC?!
When should an organization consider engaging an MSSP to help them with their security needs?
What if your MSP also provides MSSP services? Is that a good or bad thing?
What are some tips for successfully deploying a SIEM?
What is the cyber kill chain about, and is it only something for the Fortune X companies, or can smaller orgs tip their toe in it as well? (Here's a nice graph to help you understand it)