SecEng Newsletter #1

Welcome to Issue #1 of the Security Engineering Newsletter.

SecOps Alert Enrichment: Part 1 - Recent Related Alerts

The idea behind this enrichment is that you take various IOCs from the alert and then make an API call to your alert platform to return the last 5 alerts where those IOCs were mentioned.

Andrew KatzAndrew Katz

This article is the first in a series I am writing about SecOps alert enrichment. Recent related alerts is a great enrichment to add to your alerts because it harnesses the information of your past investigations. Every time you add notes to an alert on what happened and why, this enrichment becomes even more useful since it can potentially use that information in the future.

What Security Metrics Should I Be Looking At?

What are security metrics? SecOps deals with a lot of data, so choosing the right cybersecurity metrics to track is crucial. Automate security metrics with Swimlane

AI Enabled Security AutomationMichael Lyborg

This post from Michael Lyborg at Swimlane goes into how and why you should be tracking and reporting security metrics. I agree that this is an important area to focus in and that automation can certainly help. I would even suggest that teams try to send out a brief version of metrics weekly and then do the deeper dive monthly. It's also crucial that individuals on the team receive the metrics reports and are not left in the dark. If your MTTD/MTTR is really bad, then everyone should be aware and empowered to help fix it.

Attachment: Callback Phishing solicitation via text file with a large unknown recipient list

Callback Phishing via text file attachment, with a large number of recipients that are unknown to the organization, and a short body and subject from…

Sublime Security

Sublime Security released a new detection rule for callback phishing via text file attachment, with a large number of recipients that are unknown to the organization, and a short body and subject from an unknown sender.

GitHub - osintmatter/shortemall: Shortemall is a Python-based tool that automates the process of scanning hidden content of Short URLs.

Shortemall is a Python-based tool that automates the process of scanning hidden content of Short URLs. - GitHub - osintmatter/shortemall: Shortemall is a Python-based tool that automates the proce…

GitHubosintmatter

My brain totally wants this to say "Short Email" but it is actually "Short 'Em All", a Python-based tool that automates the process of scanning hidden content of Short URLs.

The Race for AI-Powered Security Platforms Heats Up

Microsoft, Google, and Simbian each offers generative AI systems that allow security operations teams to use natural language to automate cybersecurity tasks.

Dark ReadingRobert Lemos, Contributing Writer

An interesting article from Robert Lemos at Dark Reading about the companies that are trying to tackle asking hard questions about our environments using generative AI. One of the examples from the article asks, what if we could just ask AI "what are all the machines I have that have this specific package of xz on them"? I am skeptical that using generative AI is a requisite part of answering that question. I am also wary of using it to perform any kind of automated decisioning in its current state. Things are moving at an incredible pace, so I am open to have my mind changed about this 😺

Anyone got a contact at OpenAI. They have a spider problem.

John Levine owns a huge content farm of pages where companies' spiders/crawlers will routinely get stuck. For instance, he had to find a contact at Amazon to get theirs unstuck recently. Now that OpenAI's crawler is stuck, he is trying to find a contact there. 🕷️

Not necessarily related to SecEng – Joe Sullivan's keynote from Black Hat Europe 2023 is definitely worth a watch if you haven't seen it.

Senior Cloud Security Engineer [Remote]

remote

Quanata Logo

Security Operations Engineer

Remote - US

Zensurance - Security Engineer (Remote First)

The IT team supports Zensurance and its team members with a full life-cycle of technology support (from on-boarding - to offboarding). The team also supports and works closely with every team across Zensurance in providing technical support, implementation of technologies, and guidance for programs and initiatives related to their department. Reporting to the Associate Director, IT, you will be responsible for supporting our company-wide information security management program to ensure that information assets are adequately protected. You will proactively work with Zensurance business units to implement practices that meet defined policies and standards for information security. The role also assists in a variety of IT-related risk management activities and includes the day-to-day support of various information security programs and initiatives. As an individual contributor, you will collaborate closely with the Associate Director to coach and mentor colleagues across the organiz

Zensurance logo

Coalfire - Cloud Engineer II | Remote US

About Coalfire Coalfire is on a mission to make the world a safer place by solving our clients’ toughest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever-changing cybersecurity landscape. We are headquartered in Denver, Colorado with offices across the U.S. and U.K., and we support clients around the world. But that’s not who we are – that’s just what we do. We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference. And we’re growing fast. We’re looking for an Engineer II to support our Cloud Services team. This can be a remote position (must be located in the United States).

Coalfire logo

Thank you for reading this week's issue, and see you next week!