DORA's TLPT Mandate: Is Your Bank Ready?
Yesterday, I had a meeting with an international consulting firm about the Digital Operational Resilience Act (DORA), which officially comes
Threat Modeling Hands-On
Introduction
Threat modeling can feel intimidating, especially if you're unsure where to begin, don’t know the right
Deploying Sysmon via GPO
While I explained in my previous article how to collect Windows Event Logs which already provide some valuable insights, it
Using NIST CSF 2.0 for SMEs
As a security engineer with some experience in GRC, even though it is not my primary focus in my day
SIEM - Guide to Windows Event Logs Auditing and Forwarding
Introduction
Collecting Windows Event logs is crucial for maintaining a secure and well-monitored IT environment. Whether it’s tracking user
Reclaiming Disk Space on Root Volume by Shrinking Home in RHEL with XFS
Introduction
Lately, I found myself called on an incident where a critical security application was running on a Red Hat
Learning About Cloud Security for Swiss Private Banks
It has been 3 months since I moved from the tech industry to the banking sector, and here is my
MITRE ATT&CK - Gap Assessment Analysis and Threat Profiling
Introduction: Understanding MITRE ATT&CK Navigator
The MITRE ATT&CK Navigator is a powerful tool that helps cyber
Mastering CyberArk EPM: Implementation Guide
When looking for Endpoint Privilege Management (EPM) solutions, there are not a lot of options out there. The main market
Writing Security Policies for SOC2
Transitioning from ISO27001 certification to SOC2 compliance is a natural progression for many organizations. Whether you've already obtained
