Automating Cybersecurity Metrics (ACM)
A series of blog posts on cybersecurity metrics and security automation
GitHub Repo (In Progress):
I’m adding a preliminary post to this series to explain what it’s all about and where you may want to start. I decided to start over with a new account and rebuild everything out for reasons I explained along the way. All the initial posts are relevant and will be used in the new architecture. To decide where you want to start check out this post:
Walk through the thought process of creating secure Batch Jobs to capture and report on cybersecurity metrics in this blog series. Please note that this series contains information related to governance and secure deployments — not just the batch jobs themselves. I’m basically coding every day and writing about it as I go to complete a project I’m working on to help customers with security metrics.
Resource, IAM, and Trust Policies on AWS
ACM.24 Architecting defense in depth AWS policies.
medium.com
Creating Shared Repositories and Code in an Organization
ACM.46 DRY. Don’t Repeat Yourself.
medium.com
AWS Nitro Enclaves and TPMs
ACM.80 Protecting data and encryption keys in memory and in use
medium.com
Creating an AWS Governance Account
ACM.139 Creating OUs and Accounts in an AWS Organization
medium.com
ACM.x Credentials for EC2
ACM.x Protecting CloudFormation stacks
ACM.x Account deletion policies
ACM.x MFA for Okta
ACM.x Organizational Services
ACM.x Finalizing our governance infrastructure (roles, organizational resource policy, additional SCPs, permission boundaries)
ACM.x NS records used in separate AWS account
ACM.x TLS in AWS
ACM.x Automate S3 bucket
ACM.x Automate S3 bucket for static website
ACM.x Form submission from static website to Lambda
ACM.x Authentication on web site using Okta (maybe)
ACM.x Yubikey (maybe)
ACM.x VPC Endpoints for Lambda functions
ACM.x Role Assumption in a Container
ACM.x Secure Messaging
ACM.x Separating Authentication from Applications
ACM.x Data Security for Batch Jobs
ACM.x Batch job POC
ACM.x Assuming a Role in a Batch Job (With MFA hopefully)
To be continued…
Teri Radichel | © 2nd Sight Lab 2023
Like this story? Show your support so I can write more!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Clap for this story or refer others to follow me.
Follow on Medium: Teri Radichel
Sign up for Email List: Teri Radichel
Follow on Twitter: @teriradichel
Follow on Mastodon: @teriradichel@infosec.exchange
Follow on Post: @teriradichel
Follow or Like on Facebook: 2nd Sight Lab
Follow or like on YouTube: @2ndsightlab
Buy a Book: Teri Radichel on Amazon
Buy me a coffee: Teri Radichel
Request a penetration test, security assessment, or training
via LinkedIn: Teri Radichel
Schedule a consulting call with me through IANS Research
About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
Slideshare: Presentations by Teri Radichel
Speakerdeck: Presentations by Teri Radichel
Recognition: SANS Difference Makers Award, AWS Hero, IANS Faculty
Certifications: SANS
Education: BA Business, Master of Sofware Engineering, Master of Infosec
How I got into security: Woman in tech
Company ~ Cloud Penetration Tests, Assessments, Training ~ 2nd Sight Lab
Cybersecurity for Executives in the Age of Cloud on Amazon