Best Of Last Week As A vCISO

Author

Ayman Elsawah
December 26, 2023

Table of Contents

2023 Okta Hack Deep Dive

A 3000+ word article that went into how to prevent the occurrence or impact of such a hack.

Deep Dive: 10 Major Lessons Learned From the Okta, Cloudflare, 1Password Hack

This is a deep dive not just into all the things that went “wrong” but more importantly, all the things you and your organization can do to prevent this for you

www.lastweekasavciso.com/p/deep-dive-10-major-lessons-learned-from-the-okta-cloudflare-1password-hack

Step 0: Create A Risk Register

This topic had a lot of comments on LinkedIN. Sometimes we need to just start with the basics.

Step 0: Create A Risk Register

A risk register is just a fancy cybersecurity term for “a list of things that introduce risk to the company”. In the post, I will walk you through why you need one, how to create it, and what to avoid

www.lastweekasavciso.com/p/infosec-start-a-risk-register

30, 60, 90 Day Plan for CISO’s

Written some time ago, but still good, is a plan for CXO hiring security leaders to use as a guide for putting their own 30, 60, 90 day goals.

30, 60, 90 Day Plan For New Security Leaders

A simple outline of tasks and goals a new security leader will need to tackle in their first 90 days.

www.lastweekasavciso.com/p/thirty-sixty-ninety-day-plan-security-leadership

Broken Authentication & How To Prevent It

When you see multiple instances of something, you then realize there is a larger root cause to the problem. Broken auth is such a rampant and ignored problem, I decided to frame it as a disease.

Symptoms of Broken Authentication & How to Prevent it?

If you're sick, you can choose to treat the disease... or do nothing. But What if you don’t know you’re sick??

www.lastweekasavciso.com/p/symptoms-broken-authentication-how-to-prevent-it

DEF CON: A Beginner Guide

DEF CON is overwhelming for the beginner. Every time I meet a new DEF CON attendee, they always say they WISH there was a guide to the con. Well, here it is. I mean, take a look at the TOC! There’s also an updated part 2 at the end.

DEFCON: A Beginner's Guide

What started as a simple guide, became a 2000+ word brain dump of my past years' experience and learnings of Defcon. From Tickets to Villages to Digital Safety, join me on this journey...

www.lastweekasavciso.com/p/a-guide-to-defcon-hacker-conference

50 Shades of Gray

A philosophy I’ve been using this past year is that Infosec is not black and white, it’s 50 shades of gray.

50 Shades Of Gray In Cybersecurity (Part 1)

A friend told me this weekend… “You don’t know someone until they’re angry”. This is so true. The same can apply when working with a team in an incident response scenario.

www.lastweekasavciso.com/p/50-shades-of-gray-in-cybersecurity

A Story On Three CISO’s

A small fictional, but realistic, portrayal of how three different CISO’s can approach security in a starkly different way.

3 CISO's Walk Into A Startup...

A story of how three different cybersecurity executives can react in different ways to the same situation...

www.lastweekasavciso.com/p/three-cisos-walk-into-a-startup

Thanks!

Thanks for reading this far! Hope you found these articles useful. Feel free to share with friends and your network.

-Ayman

Reply

or to participate.