SECURING CORPORATE IoT DEVICES: CHALLENGES, STRATEGIES, AND THE ROLE OF AI AND ML IN CYBERSECURITY

Posted on May 4, 2023 by mclaukl

The rapid proliferation of IoT devices within corporate infrastructures has left organizations more vulnerable than ever to cyberattacks. It is essential to adopt a comprehensive approach that incorporates various techniques, tools, and emerging technologies, such as AI and ML, to effectively defend against these evolving threats. – Dr. Kevin Lynn McLaughlin, PhD 

As the Internet of Things (IoT) continues to grow and proliferate, it is increasingly clear that IoT devices pose a significant cybersecurity risk to organizations. (Fazel et al., 2022) One of the primary challenges it poses is that it can be difficult to obtain relevant cybersecurity alert data from these devices into a corporate Security Information and Event Management (SIEM) system. As a result, cyberattacks that target IoT devices are often not detected by corporate cybersecurity Security Operations Centers (SOCs) in time for an effective response to be launched early in the attackers’ kill chain. Many IoT devices lack the ability to generate cybersecurity alert data in a format that can be easily consumed by a SIEM. For example, some IoT devices may only provide basic telemetry data that does not include information about cybersecurity events, making it difficult to distinguish normal behavior from malicious activity or abnormal behavior. In addition, many IoT devices are designed to operate independently and may not be able to communicate with a central monitoring system, making it difficult to detect anomalies and respond to threats in real-time.  

To address the multifaceted challenges posed by the integration of IoT devices within corporate infrastructures, it is imperative for organizations to adopt a diverse array of techniques, processes, and cybersecurity tools. These measures are designed to prevent, monitor, and detect any abnormal behavior exhibited by the IoT devices operating within their networks. A fundamental technique to consider is the implementation of network segmentation, which necessitates the division of the overarching corporate network into smaller, more manageable subnetworks. This approach effectively limits the potential impact resulting from a compromised IoT device, simultaneously impeding the ability of attackers to move laterally within the network and diminishing the risk of data exfiltration. Furthermore, organizations should prioritize the implementation of security controls at the device level. This can encompass a variety of measures, including the deactivation of unused services and ports, the diligent updating of firmware and software, and the careful configuration of access controls to restrict device access to authorized personnel only. Additionally, organizations can leverage network access control (NAC) technologies as a means of enforcing stringent policies regarding the types of devices permitted to connect to the corporate network, as well as the levels of access granted to each. By adopting this comprehensive strategy, organizations can significantly reduce the likelihood of unauthorized devices appearing in various locations, such as conference rooms, break rooms, and employee offices, which might otherwise be connected to the corporate infrastructure without proper oversight. In doing so, organizations will be better equipped to safeguard their networks and valuable data from the ever-evolving threats targeting IoT devices. 

In the pursuit of effectively monitoring and detecting IoT devices within an organization’s network, it is crucial to harness the power of the corporate cybersecurity Security Orchestration, Automation, and Response (SOAR) team. By leveraging the expertise of these professionals, organizations can design and implement strategies and solutions tailored to detecting abnormal behaviors originating from IoT devices, ultimately strengthening their cybersecurity posture.  A plethora of cybersecurity tools are available to aid organizations in monitoring and detecting IoT devices, encompassing IoT device discovery and inventory tools, network traffic analysis tools, and endpoint detection and response (EDR) tools. When used effectively, these tools enable organizations to pinpoint IoT devices on the network, scrutinize network traffic for any suspicious activity, and identify as well as respond to security incidents in real-time. The SOAR team in conjunction with your Cybersecurity Architects and Cybersecurity integration engineers can play a crucial role in optimizing the deployment and configuration of these tools, ensuring that they work in concert to provide comprehensive visibility and protection against threats targeting IoT devices. 

Artificial intelligence (AI), machine learning (ML) and blockchain technologies (Yu, 2018) (Dey, 2021) are also becoming increasingly indispensable in the defense of corporate IoT devices. These innovative technologies can augment the capabilities of the SOAR team by providing advanced analytics and automation. For instance, ML algorithms can be utilized to analyze network traffic, detecting anomalies that could potentially signify a cybersecurity threat. By incorporating these technologies into the organization’s cybersecurity strategy, the SOAR team can more effectively identify and prioritize potential threats, empowering them to focus their efforts on the most pressing concerns. In addition to bolstering threat detection, monitoring, detection and alerting AI can be harnessed to automate incident response processes, allowing organizations to react more swiftly and efficiently in the face of an attack. The SOAR team can take advantage of AI-driven automation to streamline workflows, reduce response times, and minimize the impact of security incidents on the organization’s operations and reputation. The corporate cybersecurity SOAR team plays a pivotal role in the creation and implementation of strategies aimed at detecting abnormal behaviors originating from IoT devices. By leveraging a diverse array of cybersecurity tools, as well as incorporating AI and ML technologies into their arsenal, the SOAR team can significantly enhance an organization’s ability to identify, monitor, and respond to the growing array of threats targeting IoT devices within their corporate infrastructure. 

In conclusion, the proliferation of IoT devices within corporate environments presents an array of complex cybersecurity challenges, rendering organizations increasingly vulnerable to cyberattacks. To counteract these evolving threats, a comprehensive approach is necessary (S. Forsström, 2018), incorporating a diverse range of techniques, processes, and cybersecurity tools, as well as harnessing the power of emerging technologies such as AI and ML. By leveraging the expertise of the corporate cybersecurity SOAR team, Cybersecurity Architects, and Cybersecurity Integration Engineers, organizations can develop and implement tailored strategies to effectively monitor, detect, and respond to abnormal behaviors originating from IoT devices. This collaborative and multifaceted approach is crucial in safeguarding corporate networks and valuable data from the ever-growing threats targeting IoT devices. As I stated at the start of this article, “It is essential to adopt a comprehensive approach that incorporates various techniques, tools, and emerging technologies, such as AI and ML, to effectively defend against these evolving threats.”(Zaman, 2021) By embracing this holistic strategy, organizations can significantly enhance their cybersecurity posture, mitigating the risks associated with the integration of IoT devices within their corporate infrastructures. 

References: 

Dey, A., Jara, A.J., Al-Jaroodi, J. (2021). Blockchain-based security and privacy in Internet of Things: A survey. Journal of Network and Computer Applications, 173. https://doi.org/https://doi.org/10.1016/j.jnca.2021.102837  

Fazel, E., Shayan, A., & Mahmoudi Maymand, M. (2022). Designing a model for the usability of fog computing on the internet of things. Journal of Ambient Intelligence and Humanized Computing. https://doi.org/10.1007/s12652-021-03501-5  

S. Forsström, I. B., M. Eldefrawy, U. Jennehag and M. Gidlund. (2018). Challenges of Securing the Industrial Internet of Things Value Chain Workshop on Metrology for Industry 4.0 and IoT, Brescia Italy.  

Yu, Y. (2018). Blockchain-Based Solutions to Security and Privacy Issues in the Internet of Things. IEEE Wireless Communications, 25(6), 12-18. https://doi.org/doi: 10.1109/MWC.2017.1800116  

Zaman, S. (2021). Security Threats and Artificial Intelligence Based Countermeasures for Internet of Things Networks: A Comprehensive Survey. IEEE Access, 9, 94668-94690. https://doi.org/doi: 10.1109/ACCESS.2021.3089681  

ORCID – https://orcid.org/0009-0009-8367-5292

Posted in Critical Manufacturing Cyber Security | Tagged , , , , , , , , , , , | 2 Comments

“Unlocking Leadership Excellence: One Cybersecurity Executive’s Guide to Essential Reads for Aspiring Team Leaders”

Posted on April 30, 2023 by mclaukl

“In the pursuit of leadership excellence, the wisdom gleaned from the works of esteemed authors can serve as a guiding beacon, empowering aspiring team leaders to navigate the complexities of the cybersecurity landscape with confidence, agility, and foresight.” – Kevin Lynn McLaughlin, PhD

As a cybersecurity executive, I’m frequently asked what books aspiring team leaders should read to enhance their leadership skills and elevate their teams. In response to these inquiries, I’ve decided to share my thoughts on the most insightful and transformative works in the realm of leadership and management through this blog post. These literary gems, penned by renowned authors such as Blanchard, Covey, Greene, Senn Delaney, Maxwell, Rath, Collins, and others, offer invaluable wisdom that can be applied to hone our leadership abilities and foster high-performing teams in the ever-evolving cybersecurity landscape.

In a time where fast-paced technological advancements and growing competition constantly push organizations to adapt, the pursuit of maintaining high-performing teams has become a crucial mission for leaders at all levels. The wealth of leadership and management wisdom accumulated over the years, such as the works by Blanchard, Covey, Delaney, Greene, Maxwell, Rath, Collins, and others, offers valuable insights that can be utilized to improve our leadership abilities. As cybersecurity executives and experts, it’s essential for us to explore the ideas and principles presented in these books, incorporate the core aspects of leadership, and translate this knowledge into practical strategies that will nurture, empower, and transform our team members into a unified, high-performing group that excels in their mission.


The foundation of effective leadership, as explained in the One Minute Manager series, lies in striking the right balance between clear communication, motivation, and empowerment. Throughout the different iterations of Blanchard’s work, he emphasizes the need for setting expectations, offering timely feedback, fostering autonomy, and acknowledging the impact of praise. Consequently, leaders must be adept at articulating goals and expectations while also cultivating a culture that inspires team members to assume responsibility for their tasks and outcomes. Along with the One Minute Manager Meets the Monkey, another of Blanchard’s books that teaches how to efficiently concentrate on managing your own responsibilities without adopting everyone else’s, these works offer helpful guidance on shaping the ideal culture and behaviors within your team.Covey’s influential book, “The 7 Habits of Highly Effective People”, encourages leaders to develop self-awareness, embrace proactive actions, and search for win-win solutions that benefit everyone involved. Building these habits is essential for creating a high-performing team, as it helps leaders demonstrate behaviors that promote teamwork, creativity, and personal development.


Additionally, the ideas presented in Rath’s How Full is Your Bucket emphasize the significance of positive feedback and appreciation, as they play a crucial role in fostering an environment that supports growth and builds commitment. Greene’s influential book, The 48 Laws of Power, offers a more cunning perspective on leadership. While some may argue that the tactics suggested could create a manipulative atmosphere, others believe that using these strategies wisely and ethically can strengthen one’s influence and inspire the team to achieve shared goals.


Blanchard’s High Five, Whale Done, The Secret, and The 4th Secret of the One Minute Manager all praise the values of empowerment, teamwork, trust, and purpose-driven leadership. These works emphasize the need to create an environment where team members feel encouraged to take risks, learn from mistakes, and aim for excellence. By building a culture of psychological safety, leaders can unlock their teams’ hidden potential and lead them to remarkable success.


The Arbinger Institute’s Leadership and Self-Deception offers a fresh perspective on leadership by revealing the harmful effects of self-deception and the importance of adopting an outward mindset. Combining this approach with the principles found in Maxwell’s 21 Irrefutable Laws of Leadership, Collins’ Good to Great, Johnson’s Who Moved my Cheese, and Farber’s Radical Leap enables leaders to go beyond traditional leadership methods and adopt a transformative approach that fosters growth, adaptability, and resilience.


The insights gained from these literary works provide cybersecurity executives with a comprehensive framework for nurturing high-performing teams. By embracing clear communication, empowerment, collaboration, trust, and growth, leaders can establish a culture that supports talent development, builds loyalty, and achieves success. As leaders in our field, it’s essential for us to continually invest in both our own growth and that of our team members. By applying and adapting the lessons from these leadership books, we can confidently tackle the challenges of the ever-changing cybersecurity landscape with agility and foresight. Additionally, we should recognize the importance of mentorship, as shown in Cottrell’s Monday Morning Mentoring, and commit to fostering a learning environment and ongoing improvement. As each of you progress on your leadership paths, let’s remain dedicated to excellence and draw inspiration from the insights of these esteemed authors to guide our endeavors in building and sustaining high-performing teams. By embracing these principles, we can successfully safeguard the digital realm, gain the confidence of our stakeholders, and leave a legacy within the cybersecurity profession as we foster the growth of exceptional future leaders. So, act now and incorporate these valuable lessons into your leadership practices, and together, we can shape a more secure and promising future for the cybersecurity profession and, more importantly, the talent that works in our profession.

The summary above is from these leadership books:
• The One Minute Manager Blanchard
• The One Minute Manager Meets the Monkey Blanchard
• The On-Time, On-Target Manager Blanchard
• The 48 laws of power Greene
• High Five Blanchard
• Whale Done Blanchard
• How Full is Your Bucket Rath
• 7 Habits of Highly Effective People Covey
• The 4th Secret of the One Minute Manager Blanchard
• 21 Irrefutable Laws of Leadership Maxwell
• Good to Great – * Boring and Dry but Good Collins
• The Secret Blanchard
• Leadership and Self Deception Arbinger Institute
• Great Leaders Grow: Becoming a Leader for Life Blanchard
• Helping People Win at Work Blanchard
• Who Moved my Cheese Johnson
• Self Leadership and the One Minute Manager Blanchard
• Monday Morning Mentoring Cottrell
• Developing the Leader Within You Maxwell
• Radical Leap Farber
• The Human Operating System, Delaney
• The Why Cafe

https://orcid.org/0009-0009-8367-5292

Posted in Uncategorized | Tagged , , , , , | 3 Comments

EDPACS _ 2023 _ Kevin Lynn McLaughlin, PhD  & Erik S. A. Elliott

Posted on April 30, 2023 by mclaukl

EDPACS _ 2023 _ Kevin Lynn McLaughlin, PhD  & Erik S. A. Elliott

Unleashing the Power of Mobile Threat Hunting Toolkits: Why They Are Crucial in Today’s Cybersecurity Landscape

Mobile threat hunting toolkits are a crucial component of modern cybersecurity strategies, providing greater efficiency, accuracy, & agility in detecting and mitigating threats.”- Kevin Lynn McLaughlin, PhD

In today’s highly connected world, the cybersecurity landscape has become increasingly complex and challenging, requiring organizations to implement strong and adaptable cybersecurity measures to protect their digital assets and data. The development of advanced technologies, such as artificial intelligence (AI) and machine learning (ML), along with the rise of quantum computing, has made the job of cyber defenders more difficult and complicated. One important strategy for strengthening an organization’s cybersecurity is to deploy specialized teams focused on threat hunting. These skilled professionals, who have extensive knowledge of cybersecurity, work diligently to examine the organization’s infrastructure every day, determining whether any adversaries have breached their systems.(Hermawan, et al, 2021)

The strategic execution of threat hunting responsibilities is facilitated by the utilization of sophisticated threat hunting toolkits, designed to meticulously unearth the presence of bad actors lurking within the organization’s environment. These toolkits empower threat hunting teams to detect abnormal activities early in the cyber kill chain, enabling them to take swift and decisive action to neutralize the impending threat before it can cause harm to the organization. An assortment of diverse threat hunting toolkits is available to assist these teams in their pursuit of cyber adversaries. Each toolkit boasts unique features and capabilities, tailored to identify, and mitigate a variety of cyber threats, and fortify the organization’s defenses against the ever-looming specter of cyber-attacks. These toolkits serve as essential instruments in the hands of adept threat hunters, who wield them with dexterity and finesse to safeguard the organization’s digital landscape, and in so doing, contribute significantly to the preservation of the organization’s integrity and security in this rapidly evolving digital age. (Warner & Johnson, 2016)

Companies such as Gartner, a leading research and advisory firm, recognize the importance of threat hunting toolkits in today’s cybersecurity landscape. According to Gartner, threat hunting toolkits are essential for organizations seeking to proactively detect and respond to potential security threats. Research indicates that the best threat hunting toolkits offer a comprehensive suite of tools for threat detection, investigation, and response and can integrate with a variety of security technologies and data sources. As cybersecurity threats become increasingly complex and sophisticated, organizations must rely on advanced tools and technologies to detect and respond to potential breaches. One of the most promising developments in this field is the use of machine learning algorithms and other forms of automation in threat hunting. By automating the process of threat detection and analysis, organizations can improve the efficiency and accuracy of their cybersecurity efforts. This is particularly important in today’s fast-paced threat landscape, where malicious actors can strike quickly and with devastating consequences. Automation in threat hunting also allows security teams to focus their attention on the most critical threats, minimizing the risk of human error and ensuring that potential breaches are addressed in a timely manner. By using advanced analytics and risk assessment techniques, threat hunting toolkits can provide security teams with a clear understanding of the severity of a given threat and its potential impact on the organization. The importance of automation in threat hunting cannot be overstated. In today’s rapidly evolving threat landscape, cybersecurity teams need to stay ahead of malicious actors to protect their organizations from security breaches. To achieve this, organizations must harness the power of machine learning algorithms and other advanced technologies to proactively detect and mitigate potential threats. (Aldauiji, F., et al, 2021) Leveraging these technologies alone may not be enough. To truly stay ahead of the curve, organizations should also consider integrating cybersecurity SOAR (Security Orchestration, Automation and Response) technologies into their threat hunting and incident response efforts. By integrating SOAR technologies with threat hunting toolkits, organizations can automate the threat hunting process. This reduces response times and minimizes the risk of human error, enabling cybersecurity teams to quickly and effectively respond to security incidents. Cybersecurity SOAR technologies can help organizations establish a standardized incident response framework, allowing for greater consistency and efficiency in incident response efforts. This is particularly important for organizations managing many cybersecurity incidents or having limited resources to dedicate to incident response. While leveraging machine learning algorithms and other advanced technologies is crucial for proactive threat detection, organizations should also consider the benefits of integrating cybersecurity SOAR technologies into their threat hunting toolkit strategies. By doing so, they can streamline their processes, reduce response times, and ensure the ongoing detection of bad actors in their infrastructure.

In the realm of organizational cybersecurity, a particularly intriguing and advantageous option presents itself in the form of the Portable Analysis and Network Threat Hunting and Evaluation Resource, more commonly referred to as the PANTHER. The PANTHER embodies a portable toolkit for threat hunting teams, honing its focus on three pivotal areas that serve as the crux of a threat hunter’s value to an organization’s security posture—areas which have, until now, frequently been the source of stumbling blocks within the security landscape. PANTHER offers a swiftly deployable package, reminiscent of a fly-away kit, that boasts versatility in deployment across a multitude of scenarios. These scenarios encompass not only incident response, but also heightened visibility and security in network segments that are non-compliant due to disparities in technology, an absence of controls, or even during the often-complex Merger and Acquisition (M&A (Mergers & Acquisitions)) process. Additionally, these toolkits can be uniquely tailored to suit non-traditional enterprise systems, such as Operational Technology (OT), Industrial Control Systems (ICS), or other non-IP based communication systems. In the past, enterprise responses have frequently been mired in bureaucratic red tape, processes, and approvals. However, the rapid deployment capability of these kits, which operate outside of the standard “gold image” tools, allows for a significantly reduced response time and a broader range of response locations, unhindered by pre-existing IT (Information Technology) infrastructure constraints. Moreover, the ever-evolving landscape of Advanced Persistent Threats (APTs) and other highly sophisticated actors, who are relentlessly leveraging their resources, skills, and artificial intelligence to bypass security measures, poses an ongoing challenge. During the reconnaissance phase, an organization’s profile, as delineated by its security tools and programs, becomes exposed and subsequently targeted for evasion. The PANTHER toolkit counters this by being deliberately constructed with an alternative compilation of tools, designed to facilitate advanced visualizations, in-depth analysis, and adaptability in data representation. This allows for the detection of even the most intricate behavioral patterns. Mainly employing a passive implementation model, these toolkits are deployed with existing Incident Response (IR) processes or enterprise solutions to undertake actions as required. This approach affords threat hunters the dual advantage of remaining undetected during on-network reconnaissance, while simultaneously gaining a profound internal perspective of the network in question. Although it is unrealistic for any organization to supply every conceivable log and data point a threat hunter might desire, the PANTHER toolkit’s deployment model enables it to be situated in highly sensitive “crown jewel” locations, subsequently amassing a wealth of logs. This, in turn, facilitates a good economic solution that provides high-fidelity protection of an organization’s most precious assets, further cementing the toolkit’s invaluable contribution to the security posture. (Bohme & Schwartz,2016)

There are a lot of great vendor partners that play in the threat hunting space. Gartner’s “Market Guide for Threat Hunting” (Gartner, 2020) provides a detailed overview of the threat hunting toolkit landscape, highlighting key vendors and their respective capabilities. Some, just a small amount from the list, of the vendors mentioned in the report include Elastic, Exabeam, FireEye, Crowdstrike and Splunk. Overall, Gartner’s position on threat hunting toolkits aligns with the view that these tools are crucial for organizations seeking to stay ahead of the evolving threat landscape. By leveraging the capabilities of threat hunting toolkits, security teams can gain greater visibility into potential threats and proactively respond to them, mitigating the impact of security breaches and reducing the risk of data loss. (V. S. Sree, et al 2021)

As the digital world continues to grow and presents new challenges, organizations must adapt and strengthen their cybersecurity measures to protect their assets and data. The integration of advanced technologies like AI, ML, and quantum computing has made cyber defense more complex, and specialized threat hunting teams have become vital to maintaining cybersecurity. (Bhardwaj & Goundar,2019) These teams rely on sophisticated threat hunting toolkits to identify and neutralize threats early in the cyber kill chain. A variety of toolkits are available to suit diverse needs and capabilities, allowing organizations to better defend against cyber-attacks. Automation and machine learning algorithms are critical developments in this field, improving the efficiency and accuracy of cybersecurity efforts. Industry leaders like Gartner emphasize the importance of threat hunting toolkits and the benefits of integrating cybersecurity SOAR technologies into threat hunting strategies. This integration allows organizations to automate their processes, reduce response times, and continuously detect threats within their infrastructure. Options such as PANTHER, a portable threat hunting toolkit, can provide valuable resources for threat hunting teams. Gartner’s “Market Guide for Threat Hunting” highlights key vendors in the space, such as Elastic, Exabeam, FireEye, Crowdstrike, and Splunk, demonstrating the critical role of these toolkits in staying ahead of the evolving threat landscape. Organizations must adopt a proactive approach by leveraging advanced tools, technologies, and strategies to protect their digital landscape and ensure ongoing cybersecurity in this rapidly changing digital age.

References

Bhardwaj, A., & Goundar, S. (2019). A framework for effective threat hunting. Network Security, 2019(6), 15-19.

Böhme, R., & Schwartz, G. (2016). Modeling Cybersecurity Investment in Attack and Defense. In 2016 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) (pp. 372-379). IEEE. https://doi.org/10.1109/TrustCom.2016.0083

Hermawan, D., Novianto, N. G., & Octavianto, D. (2021). Development of Open Source-based Threat Hunting Platform. Paper presented at the 2nd International Conference on Artificial Intelligence and Data Sciences (AiDAS), downloaded on April 19, 2023.

Gartner. (2020). Market Guide for Threat Hunting Toolkits. Gartner, Inc. Retrieved from https://www.gartner.com/en/documents/3993665/market-guide-for-threat-hunting-toolkits

N Aldauiji, F., Batarfi, O., & Bayousef, M. (2021). Utilizing Cyber Threat Hunting Techniques to Find Ransomware Attacks: A Survey of the State of the Art. IEEE Access. doi: 10.1109/ACCESS.2021.3064371

V. S. Sree, C. S. Koganti, S. K. Kalyana and P. Anudeep, “Artificial Intelligence Based Predictive Threat Hunting In The Field of Cyber Security,” 2021 2nd Global Conference for Advancement in Technology (GCAT), Bangalore, India, 2021, pp. 1-6, doi: 10.1109/GCAT52182.2021.9587507.

Warner, J., & Johnson, R. (2016). Leveraging Threat Hunting Techniques for Improved Cybersecurity. In 2016 IEEE 2nd International Conference on Cyber Security and Cloud Computing (CSCloud) (pp. 164-169). IEEE. https://doi.org/10.1109/CSCloud.2016.32

https://orcid.org/0009-0009-8367-5292

Posted in Uncategorized | Tagged , , , , | 2 Comments

CYBERSECURITY AND FUSION CENTERS

Posted on April 27, 2023 by mclaukl

To cite this article: Kevin Lynn McLaughlin (2023): CYBERSECURITY AND FUSION CENTERS, EDPACS, DOI: 10.1080/07366981.2023.2205689

To link to this article: https://doi.org/10.1080/07366981.2023.2205689

In the ever-evolving world of cybersecurity, it is vital to streamline complexity and create accessible solutions. The establishment of a Cybersecurity Security Operations & Fusion Center serves as a centralized nexus for monitoring, defending, and enhancing awareness of cyber threats, ultimately empowering professionals to safeguard their digital domain. – Kevin Lynn McLaughlin, PhD

Cybersecurity professionals need to simplify the multifaceted world of cybersecurity to facilitate a better understanding of it. A powerful way to achieve this is through the establishment of a Cybersecurity Security Operations & Fusion Center (CSOFC), which functions as a centralized mechanism responsible for monitoring, detecting, protecting, and raising awareness about present and resolved cyber threats. In the realm of cybersecurity, it is of paramount importance for professionals to disentangle the convoluted landscape, thus facilitating a more coherent understanding by those seeking to protect digital assets and information (O’Connor and Robertson, 2020). One way to achieve this simplification is through the establishment of a CSOFC, a centralized hub that synergistically combines the monitoring, defense, and communication of awareness regarding new, extant and resolved cyber threats.

The CSOFC unites the proven capabilities of Security Operations Centers (SOCs) and Fusion Centers, creating a cohesive entity that not only bolsters the defense of an organization’s digital assets but also proactively identifies potential threats based on multiple threads of collected intelligence. This central defense mechanism relies on the seamless collaboration among various teams and the utilization of state-of-the-art technologies designed for threat detection, analysis, and remediation. Fusion Centers, which have gained prominence since the 9/11 attacks in the United States, can serve as a critical element in the cybersecurity ecosystem. They gather, analyze, and actively employ intelligence data to identify and classify risks and threats. By comparing gathered data against an organization’s systems and assets, Fusion Centers can drive proactive remediation of potential issues. Integrating Fusion Centers into SOCs enables a more com- prehensive and proactive approach to cybersecurity, leading to a more robust and well-rounded cyber-defense mechanism. Moreover, the integration of Threat Intelligence Center (TIC) process’ and techniques within the CSOFC framework significantly enhances the overall effectiveness of cybersecurity operations. TICs collect and analyze threat data from various sources, thereby enabling organizations to stay abreast of the ever- evolving cyber threat landscape. By incorporating TIC methods and Fusion Center integration into the SOC, organizations can better anticipate potential threats and implement proactive measures to protect their digital assets.

As the world becomes more reliant on technology and digital systems, the need for effective cybersecurity measures has never been greater. One of the most significant challenges in cybersecurity is the threat posed by insiders – IT (Information Technology) professionals who may have access to sensitive information and systems, and who may be tempted to engage in malicious activities (Fink et al., 2019). This is why it is crucial to understand the conditions that may lead to such behavior. To address this challenge, cybersecurity professionals like Dr. Kevin Lynn McLaughlin have emphasized the importance of integrating diverse information from various sources. This cross-functional approach involves gathering and analyzing data from multiple sources, such as employee behavior, network activity, and threat intelligence feeds, to build a comprehensive picture of potential insider threats. One example of how this approach can work is the deployment of a CSOFC. By fusing the best practices of Security Operations Centers (SOCs), Fusion Centers, and Threat Intelligence Centers (TICs), organizations can develop a more proactive and comprehensive approach to cyber defense. The CSOFC will serve as a central hub for collecting, analyzing, and sharing information across multiple teams and departments within an organization. By integrating diverse sources of data, such as log files, system events, and user activity (Chen et al., 2019), the CSOFC can identify potential threats and respond to them quickly and effectively (Langton and Slay, 2020).

The world of cybersecurity is multifaceted and constantly evolving, presenting significant challenges for organizations seeking to protect their digital assets and information. The advent of generative Artificial Intelligence (AI), Machine Learning (ML) and quantum computing is compounding the complexity. However, cybersecurity professionals recognize the need to simplify this complex landscape to facilitate a more coherent understanding of potential risks and threats. The establishment of a CSOFC is a powerful way to achieve this simplification. The CSOFC combines the proven capabilities of Security Operations Centers (SOCs) and Fusion Centers, creating a cohesive entity that not only bolsters the defense of an organization’s digital assets but also proactively identifies potential threats based on multiple threads of collected intelligence. Integration is the key component of this work. The CSOFC relies on seamless collaboration among various teams and the utilization of state-of-the-art technologies designed for threat detection, analysis, and remediation (Bhattacharya & Khan, 2019). The integration of Threat Intelligence Center (TIC) processes and techniques within the CSOFC framework significantly enhances the overall effectiveness of cybersecurity operations. TICs collect and analyze threat data from various sources, thereby enabling organizations to stay abreast of the ever-evolving cyber threat landscape. By incorporating TIC methods and Fusion Center integration into the SOC, organizations can better anticipate potential threats and implement proactive measures to protect their digital assets.

As the world becomes more reliant on technology and digital systems, the need for effective cybersecurity measures has never been greater. The establishment of a CSOFC is a significant step in simplifying the complex landscape of cybersecurity, allowing organizations to take a more proactive and comprehensive approach to cyber defense. By leveraging the power of integration, organizations can build a more robust and well-rounded cyber defense mechanism that protects their digital assets and information from potential risks and threats. This is just one potentially helpful piece of an extraordinarily complex puzzle for defending an organization’s data and assets (Almalki & Hussain, 2019).

ORCID

Kevin Lynn McLaughlin  http://orcid.org/0009-0009-8367- 5292

REFERENCES

Almalki, F., & Hussain, R. (2019). Cybersecurity fusion centers: A systematic literature review. In Proceedings of the Future Technologies Conference (FTC 2019) (pp. 627–639). Springer. https://doi.org/10.1007/978-3-030-32520-6_48

Bhattacharya, I., & Khan, L. (2019). A framework for collabora- tive cyber threat intelligence fusion. In 2019 IEEE International Conference on Big Data (Big Data) (pp. 5104–5109). IEEE. https://doi.org/10.1109/BigData47090.2019.9006290

Chen, X., Wang, L., & Khan, L. (2019). Cyber threat intelligence fusion and analytics. In 2019 IEEE International Conference on Big Data (Big Data) (pp. 4268–4273). IEEE. https://doi.org/10. 1109/BigData47090.2019.9006295

Fink, G. A., Best, D. M., Manz, D. O., Popovsky, B., & Endicott- Popovsky, B. (2019). Predicting the “breaking bad”: Conditions that influence IT professionals’ propensity to go rogue. Computers & Security, 87, 101578. https://doi.org/10.1016/j. cose.2019.101578

Langton, J., & Slay, J. (2020). Cybersecurity fusion centers: Enhancing collaboration and information sharing. Journal of Information Security and Applications, 52, 102495. https://doi. org/10.1016/j.jisa.2020.102495

O’Connor, R., & Robertson, D. (2020). Cybersecurity fusion cen- ters: An integrated approach to threat detection and response. Computers & Security, 92, 101771. https://doi.org/10.1016/j. cose.2020.101771

Posted in Uncategorized | Leave a comment

Sometimes you need a who, A what, no – a who, oh ok 

Posted on February 17, 2023 by mclaukl

It always surprises me when I meet a novice or someone who is new to a field or new to a role and they are embarrassed to ask for help. Even worse is when they are afraid that receiving feedback and being less than perfect is a sign of failure or ineptness. I always just want to say, hey let’s go grab a coffee and talk. And in that talk, I would explain to them that when you are new at something it is unrealistic to expect to know how to do the work, the task, etc. without help or in a perfect way and to think otherwise is putting so much pressure on themselves that I can’t understand how they cope.  

When you are first starting an endeavor, you often need a who. No, not a what – a who. As John Strelecky wrote in his book “The Why Café” we often need a Who, a person who already has the skills and knowledge in an area to help us, if we want to become competent in a new endeavor. But here’s the thing, the same person who will get scuba lessons, take pilot lessons, go to a music teacher, etc. Is the same one that will take a new role in their work career and decide that they need to figure it out on their own because if they don’t folks will think they are not capable or that they are a failure.  

So here is my advice. As a novice or someone who is new to a field or a role, it is perfectly normal to not know everything and need help. In fact, it is crucial to seek guidance and feedback, especially at the beginning of a new endeavor. Don’t be afraid to ask for help and seek out a “who” – someone who already has the skills and knowledge in the area that you want to become competent in. It is important to recognize that expecting perfection without guidance is unrealistic and can put an enormous amount of pressure on yourself. You may find yourself struggling to cope with the expectations that you have set for yourself. Just like how you wouldn’t try scuba diving without lessons or attempt to fly a plane without first taking pilot lessons, you should not expect to know everything and be able to succeed in a new role or field without seeking help. It is okay to ask questions and learn from others who have more experience. Remember, asking for help is not a sign of failure or ineptness. In fact, seeking feedback and guidance from those with more experience can help you learn and improve much faster than if you were to go at it alone. Don’t let the fear of appearing incompetent prevent you from seeking the help you need to succeed.  

So, go ahead and ask for that coffee meeting with a more experienced colleague or mentor. You might be surprised at how much you can learn and grow from the experience. #seekcoaching, #becoachable 

Posted in Uncategorized | Tagged , , , , , | Leave a comment

Pollyanna Leadership?

Posted on February 14, 2023 by mclaukl

“Positive leadership isn’t just about being optimistic, it’s about acknowledging challenges while emphasizing resilience and a can-do attitude. It empowers individuals and inspires teams to take risks, embrace change, learn from mistakes and work together to overcome obstacles. Unlike authoritarian leadership, positive leadership creates a more fulfilling and satisfying work environment while driving success.”- Dr. Kevin Lynn McLaughlin, PhD

Let’s talk about positive leadership and how it doesn’t mean that leaders ignore mistakes and not hold team members responsible. Positive leadership, which creates a supportive and constructive work environment where team members feel valued and respected, is better in the long-term for team morale and retention than authoritarian or command and control leadership. This is because positive leadership fosters trust and transparency, which leads to improved communication and collaboration, increased job satisfaction, and a lower likelihood of turnover.  Authoritarian leadership focuses on control and punishment, which can lead to a negative and demotivating work environment. 

Positive leadership is a critical component of building a strong and successful team, but it is important to understand what it is and what it is not. Positive leadership does not mean that you never hold team members accountable or that you are always behaving in a Pollyanna manner. On the contrary, positive leadership means creating a supportive and constructive work environment where team members are encouraged to learn, grow, and succeed. This includes holding team members accountable, when necessary, but doing so in a way that is respectful, supportive, and focused on growth and improvement. Cybersecurity leadership is about creating a culture of trust and transparency, where everyone feels valued and respected. When your cybersecurity team members trust their leaders and feel valued, they are more likely to be open and honest about their challenges and mistakes, which creates opportunities for growth and improvement. This does not mean ignoring coaching for improvement and learning opportunities nor does it mean you allow them to cover up mistakes. On the contrary, positive leaders must address concerns and mistakes, learn from them, and drive on to be better. This requires leaders to be honest, transparent, and constructive in their approach. Positive leadership is about creating a supportive and constructive work environment that fosters trust, transparency, and growth.Positive leadership is not about ignoring accountability or behaving in a Pollyanna manner, but rather it is about approaching challenges and mistakes with a positive and constructive mindset.  One extremely important concept in all of this is to follow the tenet of praising in public and coaching/mentoring in private.  Public shame and embarrassment seldom lead to high team morale and high team retention rates.

Posted in Uncategorized | Tagged , , , , | Leave a comment

Retaining Cybersecurity Talent

Posted on February 9, 2023 by mclaukl

.    

Kevin M’s Tips For Retaining Top Cybersecurity Talent

As the cybersecurity threat landscape continues to evolve, it’s important to have a talented and skilled team in place to protect your organization’s assets and data. However, finding and retaining cybersecurity talent can be a challenge.

The following best practices can help ensure your top performers stay with your organization for the long term:

  • Provide competitive compensation and benefits packages

This includes not only salaries and bonuses, but also benefits like healthcare, retirement plans and paid time off. 

  • Create a supportive and inclusive work environment

This can be done by ensuring your team members feel valued and respected. They should be able to see a clear path for professional growth and advancement within the organization. This can be achieved through regular performance evaluation, opportunities for skills development and recognition for a job well done.

  • Offer flexible work arrangements 

This includes hybrid, remote work, and onsite options as well as flexible schedules to meet the needs of your team – which is especially important post-covid.

  • Develop a strong company culture 

This can be done by encouraging open communication, promoting teamwork and collaboration, and fostering a sense of community amongst your team members. This not only helps to create a positive work environment, but it also helps to build strong relationships and a sense of belonging across the team. 

  • Invest in your team’s professional development 

This can be done through a comprehensive and continuous learning program that offers opportunities for your team members to expand their skills, learn about modern technologies and stay up-to-date with the latest industry trends.  Offering a combination of in-person training sessions, online courses, and hands-on experiences with innovative technologies is a great way to implement this program. Providing your team with the resources and support they need to grow and develop professionally can increase job satisfaction and help foster a sense of pride and ownership within your organization. 

Threat actors are working diligently every day to find new ways to compromise sensitive data and assets. Therefore, it is essential to have a strong cybersecurity team in place to protect your organization. Prioritizing the above best-practices is a great way to keep your team members engaged and motivated, which will increase the likelihood of retaining your top cybersecurity talent for the long-term.    

Thank you to my friend and colleague Ibn Akbar at Nice Touch Editing Services for helping me with the edits for this entry.

Posted in Uncategorized | Tagged , , , , , , , | Leave a comment

AI and Cybersecurity

Posted on January 31, 2023 by mclaukl

I would like to discuss the advantages and disadvantages of using AI technologies in the field of cybersecurity. On one hand, AI technologies can greatly enhance the capabilities of cybersecurity professionals in detecting and responding to security incidents. AI algorithms can analyze vast amounts of data in real-time, allowing for more accurate and faster threat detection. AI can also automate repetitive tasks, freeing up security teams to focus on more strategic initiatives. Further, AI technologies such as machine learning, deep learning, and natural language processing can help automate tedious and repetitive tasks, allowing cybersecurity professionals to focus on high-priority activities that require human decision-making and expertise. AI can help detect and respond to cyber threats in real-time, freeing up valuable time for cybersecurity professionals to focus on more complex security issues. AI-powered systems can also analyze vast amounts of data, identify patterns and anomalies, and quickly detect potential security risks, making it easier for cybersecurity professionals to respond to threats before they become major incidents. AI can help improve the accuracy and efficiency of cybersecurity operations. By using machine learning algorithms to identify known security threats and anomalies in data, AI can help reduce false positive alerts, freeing up cybersecurity professionals to focus on high-priority incidents.

However, there are also challenges associated with the use of AI in cybersecurity. One of the biggest challenges is ensuring the accuracy of the algorithms and avoiding false positive or false negative results. This can be difficult because AI relies on data inputs, and if the data is biased, the AI output will also be biased. In addition, AI algorithms can be vulnerable to manipulation, and there have been instances where AI systems have been exploited by attackers to bypass security controls. Some of the primary challenges associated with the use of AI in cybersecurity include:

  1. Bias in the data: AI algorithms are only as good as the data they are trained on. If the data used to train these algorithms is biased in some way, then the results produced by the AI will also be biased. This can lead to incorrect or misleading results and could potentially compromise the security of an organization.
  2. False positives and negatives: One of the biggest challenges of using AI in cybersecurity is the issue of false positives and negatives. This refers to the possibility that an AI system might detect a threat that doesn’t actually exist, or fail to detect a real threat. This can be a major challenge, especially in the context of cybersecurity, where false positives can lead to false alarms and wasted time and resources, while false negatives can result in serious security breaches.
  3. Lack of transparency: Another major challenge associated with the use of AI in cybersecurity is the lack of transparency in the decision-making process. This makes it difficult for cybersecurity professionals to understand how the AI algorithms are making their decisions and to determine whether the results produced by these algorithms are accurate and reliable.
  4. Integration into existing systems: Finally, another major challenge of using AI in cybersecurity is the integration of these systems into existing infrastructure and processes. This requires a significant investment of time, resources, and expertise, and can be a major barrier to the widespread adoption of AI in the field of cybersecurity.

In conclusion, while AI technologies offer many benefits for cybersecurity professionals, it is important to approach their use with caution and carefully consider both the advantages and challenges. Cybersecurity professionals must be vigilant in monitoring the accuracy and effectiveness of AI algorithms and ensure that they are used in a manner that aligns with the organization’s security goals and objectives.

Posted in Uncategorized | Tagged , , , | Leave a comment

Zero Trust

Posted on July 15, 2022 by mclaukl

For the past few years I was puzzled by the concept of Zero Trust (ZT). I thought it was this big, nebulous thing that I just could not wrap my mind around.  Every time I asked a vendor partner for a definition I received a different one, and each one just lead me to having more questions.   I finally sat down with a group of trusted practitioners and vendor partners and forced a meeting that lasted as long as it took for me to understand what is meant by ZT.  Here is what I came up with.  Hopefully, you will find it to be somewhat useful if you are just now starting your look into ZT for your organization, and if you are not – you should be.

ZT is not a single architecture but a set of guiding principles for workflow, system design and operations that can be used to improve security posture (NIST 800-207).  ZT follows three core principles of: assume breach , explicitly verify, and least privilege.  Core parts of ZT are privileged access management, placing cybersecurity controls at the perimeter, on the end points, and building out your defense in depth architecture.  ZT is having items such as the following in place:

  • MFA
  • Mobile Device Security
  • EDR/Advanced EDR
  • CASB
  • Email Security
  • Privileged Access Management
  • Clean Admin Workstations
  • Tools to protect or secure legacy infrastructure and apps
  • Going passwordless should be strongly considered. –
  • NAC
  • DLP
  • IPS and AV at the Perimeter level and server host level
  • Network segmentation
  • Management of Special through their life-cycle
  • Removing Admin from the users that don’t need it: removing unnecessary services, ports, protocols or applications (principle of least privilege)
  • Just in Time (JIT)  – this is providing elevated privileges only when required and then removing them. 

In reading through this list, most of you have already put in place most or all of the items on this list.  Which means that you are well on your way or have pretty much completed your ZT journey. 

Other items of possible interest:

  • Continuously communicate and start communications with regional and country counsel as early as possible.  Keep them informed of the ZT journey and how/why the environment is changing.
  • NIST 800-207 is a short read about ZT
Posted in Uncategorized | Tagged , , , | Leave a comment

A Risk Approach to Cybersecurity Vulnerability Management McLaughlin, 2022

Posted on May 13, 2022 by mclaukl


When first arriving at an organization that has not invested in a major cybersecurity program and then looking at the sheer number of computer vulnerabilities in the environment a sense of feeling overwhelmed is a common initial response. In many cases the numbers can be upwards of one million vulnerabilities that need to be remediated. My advice is to keep a couple of concepts in mind, kaizen or continuous improvement over time and the old saying that you eat an elephant one bite at a time. As a practitioner who has faced this task many times over the past 30 years, I can tell you that it is not as daunting to complete or to get alignment and buy-in from your Information Technology (IT) colleagues to complete as it first appears.
The National Vulnerability Database (NVD) is part of US government repository of standard-based vulnerability data and is part of the National Institute of Standards and Technology (NIST). This vulnerability database enables automation of vulnerability management, security measurement, and ensures standard compliance. (Wang 2009) NVD contains a list of vulnerabilities, exposures, and an associated risk score for each vulnerability. This risk score is known as a CVE score is an integral part of the NVD and Common Vulnerability Scoring System. Most commonly used vulnerability scanning tools and services make use of this CVE scoring system to assign a risk number or indicator to the vulnerabilities it finds. The higher the CVE score the greater the risk and in general the more urgent it is for you to remediate.
I recall arriving at one company in an operational IT security role and during my first morning one of the cybersecurity team members came by with a cart, in the cart was an extremely large number of papers, about 10,000 pages to be exact. The guy looked at me, said good morning and then started to leave without taking the cart, I asked him why he was leaving the cart and he said “oh, those are all the vulnerabilities you need to tell IT to fix”. I did take a quick look and there were about 30 per page of all criticalities. I took the cart to the loading dock, found a dumpster, and dumped the pages into the dumpster. I then scheduled a meeting with the cybersecurity vulnerability team to talk about a process for handling vulnerabilities that would actually work. The process we aligned on looked something like this, and it is one that has proven effective across multiple companies. As the ultimate goal is to reduce overall risk, we started by agreeing that the risk listed in our current tool as Catastrophic would be the most important ones to fix first as they would reduce the highest level of risk in the shortest amount of time. As a bonus, many of the patches that resolved those types of risk overlapped in resolving some of the lower-level risk as well. At first there were always a staggering number of catastrophic risks to resolve, though not as staggering as a 10,000-page hardcopy PDF manual. We then agreed that the patches which needed deployed would be deployed in the order that hit the greatest number of systems versus those a patch that only impacted one or two; in many cases a patch to resolve a vulnerability is needed across all the Windows servers for example vs only one older version of the Server Operating System. Once the Catastrophic vulnerabilities were eliminated, we agreed that we would move to Critical, then high, then medium and eventually low. As our tool provided an executive summary of the vulnerability and a recommended patching solution along with a breadth of details that were very interesting but not relevant to the IT patching team, we further aligned that the electronic report the vulnerability remediation team received would show: System name, IP Address, MAC Address, OS Level, Vulnerability, and the recommended patch to be deployed along with a status and comment column. Lastly, we aligned the number of patches that IT was willing to deploy during their weekly or monthly maintenance window. Following this approach, in all the cases that I participated in, the number of Catastrophic vulnerabilities across the infrastructure was reduced to near zero within 12 months. Some of you may question if that is good or not or if that took too long but keep in mind that also in every case these same patches had been left, in general, unattended and unpatched for years as the sheer volume of patching that IT was being asked to do was just overwhelming.
Some readers are most likely questioning why IT would not just patch systems regularly and are most likely wondering why systems would be left unpatched and be left in states of vulnerability. Yes, automatic patching should be highly encouraged and should be used across the majority of organizational systems, but the simple truth is that system patching can and does break an IT system, not as much in modern days as in the past but I can recall reading recently where this OS patch, or that Application patch needed to be pulled back because it caused a major system failure. ITs job is to keep their Organization up and running so they are hesitant to complete broad based patching for every issue on a weekly basis. By taking and aligning on a risk-based approach that provides a manageable and workable solution for the IT patching team / support staff we are more likely to get the cooperation needed to drive vulnerabilities downwards and reduce overall risk. IT leaders in the organization are very security conscious and they really do want to be great security stewards, but they also are driven to keep the business systems up and running and therefore making money for the organization. To simply dictate an unreasonable course of action and then throw our hands up in disgust when they don’t engage and do what we ask is not being a trusted and helpful cybersecurity partner to IT or to the business. As Stephen Covey said in his book The Seven Habits of Highly Effective People, if we want to reduce risk (Vildal 2012)we need to work towards the win-win solution (Covey 1989) and then aggressively drive that forward while monitoring and adjusting the results as needed. By driving this one-team, one-goal approach to reducing risk through reduction of cybersecurity vulnerabilities the chances of a successful outcome are maximized. Do this work right and you end up with a metric that looks like the one below, which is a great story to share with your executive leadership team.





Covey (1989). The Seven Habits of Highly Effective People.

Vildal, M. (2012). “A systems thinking approach for project vulnerability managment.” Kybernetes Emerald.

Wang (2009). OVM: An Ontology for Vulnerability Management. Marietta, GA, Southern Polytech State University.


Denotes steady state showing new vulnerabilities that are discovered and then removed at next patching cycle
Posted in Uncategorized | Leave a comment