One of the key areas we can automate our defensive posture is understanding how the network we are defending looks. One of my SANS instructors once said: “you cannot protect what you don’t know about.”
At the time I was working for an organization that had 12,000+ assets ranging from the latest and greatest operating systems to hosts running custom software built utilizing Fortran, which I had no experience using. We needed a tool to help us identify hosts and vulnerabilities as well as meet NIST compliance. The tool I would choose today for that would be Tenable. Their current lifecycle blog goes in depth into this area.
The weakest spots in an organization’s security posture occur at the intersection of attack surface, avenues of attack (attack vectors) and obstacles/ (lack of) controls in place. Identifying these weak spots should be the first objective of all cybersecurity programs. This is also where several fail, due to weak visibility and understanding during that crucial “identify” phase.
Cody's engineering networking and security expertise broaden AQUILA’s ability to service organizations. Before AQUILA, Cody was a Computer and Information Security Specialist on the Los Alamos National Laboratory Security Architecture and Application Development team. He also worked as an IT Specialist at Western New Mexico University.
Cody earned a Master of Science in Information Systems & Assurance from UNM. He received an MBA and a B.S. in History and Math from Western New Mexico University.
Latest posts by Cody Jackson (see all)
- Using Tenable To Identify Network Vulnerabilities - February 27, 2019
- Protecting The API Ecosystem As A Security Strategy - February 14, 2019
- Testing APIs with Rest - February 6, 2019