I talked about security engineers focusing on what they like. Same for secops. Redteam and apt Aren’t scared of your threat hunting, huge ioc collection, or your edr. You are asymmetric. They are scared of patching, upgrading, Mfa disabling, macros and powershell, app control.

Don’t play their game, make them play yours.

During the next redteam outbrief, ask them “if i did x, y, z basic hardening measure what would they do instead” When you hear that long pause and a non answer, go make that happen. @epakskape and I do that after almost every pwn2own to plan. It works.

@dwizzzleMSFT @SwiftOnSecurity Don't even get me started. Human issues not tech issues. People get complacent and like new shiny toys. The only killer app is a calendar with the monthly reminder "update system".

@Smefner @SwiftOnSecurity Yes this is what separates the people who want to improve security from those that just want to play with tech

@dwizzzleMSFT @SwiftOnSecurity Sadly getting the basics right in a large company is THAT hard. Not cause of technology but bureaucracy and fragmentation.

@bpauwels @SwiftOnSecurity Then security people have to be good at navigating the bureaucracy and being effective. No surrender

@nightmodesec @SwiftOnSecurity It’s easier when it’s presented as the only real option

@dwizzzleMSFT Secure workstations, smartcards, user rights restrictions, some form of tiering (atleast tier 0),laps, Bitlocker,security baselines, firewalls, IPsec, protected users group for t0 admins. That's my 2c

@dwizzzleMSFT Or as I like to put it - brush your teeth every night and change you underwear daily - basic hygiene...:)

@dwizzzleMSFT @SwiftOnSecurity “We are spending so much time analyzing and reporting for ‘compliance’ that we don't have time to patch and configure security!”

@dwizzzleMSFT I keep saying this “80-90% of all incidents could have been avoided or the impact reduced by just doing the basics right (security hygiene) in the 1st place” I also say “technology without the foundations in place; processes, procedures & training, is like building on quicksand”

@dwizzzleMSFT “Totally agree, but It’s not as hard as you think” really depends on the environment. :-/

@dwizzzleMSFT @dinodaizovi For SMBs on very limited budgets, just doing these sec basics is all that's usually possible anyway.