Follow Mark on LinkedIn Follow @marknca on Twitter Follow marknca on YouTube
marknca

Mornings With Mark
no. // 0 0 0 5

Assumptions & Outdated Mental Models

Subscribe to the podcast.

Watch the episode here

Join the discussion on LinkedIn

Tweet about this episode

Full machine generated transcript follows

Good morning, everybody. How are you doing today? Little bit of a personal mornings with Mark last night make a great topic for tomorrow show mental model reason why I was playing in my Monday night semi-competitive. I am the oldest person in the league and last night was one of those really hit me.

I've been playing basketball for very very long time. It's personal myself Karen balance. I know the Dynamics I can see things that are about to happen quotes. The problem is I can't do a damn thing about it and I just don't have the level practice, but mentally my model is still a younger mark.

Old Man Mark out of shape old man in the middle of a dynamic and I'm playing with alligators in one of my capability the reason why all the time in cybersecurity appropriate yet things change all the time in the environments were defending we know. Especially with the push for more of a devops culture for more often in the production.

The environment that we're working in our Dynamic they're changing constantly several times a day areas and even more than just the weekend maintenance window that we used to have in the 90s. One of the biggest things it took until last summer for the summer 2017 for nice to finally update the password recommendations yet.

We've been dealing with really bad password for a long time for picking strong enough password for being lazy about committing the number in the back or adding a symbol or whatever the case may be up with the new reality. Pictures of work from mystifyingly update and we're still years and years away from having an implemented policy within the organization to not update.

So there's been a debate. I'm in public Frameworks around the requirements for Auntie malware on systems or being able to prove strong application control. I can only executed no whitelist. I've actually controls security controls. What is about using the right control the right time we're friends permit information that you have an expiration date on any actions you take so that you automatically review them.

If you want to see this played out in sort of the extreme ridiculous example, look at most very rarely where they remove the books mental model, like different constructs setup. We need to constantly updating put reasonable deadlines on your policies. If you create a policy should be reviewed at least every year.

It's not every quarter to make sure that it's still valid still that mental model that policy was constructed on those assumptions. It was based on still hold true. And the thing is is reviewing it is not a huge amount of work. Is it appropriate to make sure that there is something for free that you can actually start to roll up but the most beautiful without at least putting them in a sandbox first.

I think the problem is a lot of our systems don't allow every right. I think you should be looking down that roof. You should be having regular reviews of your policies regular reviews of your security controls. Model at all Level Fitness let alone make sure you let me know.

Hit me up online Mark NCAA in the comments down below or as always by email me at Mark end. See. How do you keep your security controls? How do you make sure that you're not the old guy slogging it up and down the court. Have a great day will talk to you online and we'll see on the show tomorrow.

Good morning, everybody. How are you doing today? Little bit of a personal mornings with Mark last night make a great topic for tomorrow show mental model reason why I was playing in my Monday night semi-competitive. I am the oldest person in the league and last night was one of those really hit me.

I've been playing basketball for very very long time. It's personal myself Karen balance. I know the Dynamics I can see things that are about to happen quotes. The problem is I can't do a damn thing about it and I just don't have the level practice, but mentally my model is still a younger mark.

Old Man Mark out of shape old man in the middle of a dynamic and I'm playing with alligators in one of my capability the reason why all the time in cybersecurity appropriate yet things change all the time in the environments were defending we know. Especially with the push for more of a devops culture for more often in the production.

The environment that we're working in our Dynamic they're changing constantly several times a day areas and even more than just the weekend maintenance window that we used to have in the 90s. One of the biggest things it took until last summer for the summer 2017 for nice to finally update the password recommendations yet.

We've been dealing with really bad password for a long time for picking strong enough password for being lazy about committing the number in the back or adding a symbol or whatever the case may be up with the new reality. Pictures of work from mystifyingly update and we're still years and years away from having an implemented policy within the organization to not update.

So there's been a debate. I'm in public Frameworks around the requirements for Auntie malware on systems or being able to prove strong application control. I can only executed no whitelist. I've actually controls security controls. What is about using the right control the right time we're friends permit information that you have an expiration date on any actions you take so that you automatically review them.

If you want to see this played out in sort of the extreme ridiculous example, look at most very rarely where they remove the books mental model, like different constructs setup. We need to constantly updating put reasonable deadlines on your policies. If you create a policy should be reviewed at least every year.

It's not every quarter to make sure that it's still valid still that mental model that policy was constructed on those assumptions. It was based on still hold true. And the thing is is reviewing it is not a huge amount of work. Is it appropriate to make sure that there is something for free that you can actually start to roll up but the most beautiful without at least putting them in a sandbox first.

I think the problem is a lot of our systems don't allow every right. I think you should be looking down that roof. You should be having regular reviews of your policies regular reviews of your security controls. Model at all Level Fitness let alone make sure you let me know.

Hit me up online Mark NCAA in the comments down below or as always by email me at Mark end. See. How do you keep your security controls? How do you make sure that you're not the old guy slogging it up and down the court. Have a great day will talk to you online and we'll see on the show tomorrow.