TICKETS: This Week In The Queue

A weekly column in which Cybersecurity Smith reviews real (fake) tickets filed between IT and Security.

TICKET #SEC-4471

From: Brad Thornwell-Pierce, CISSP
To: IT Operations
Priority: P1 — CRITICAL
Subject: Concerning login activity

Body: I noticed unusual login activity on my account this morning. Please investigate immediately. This may indicate a sophisticated APT.

IT Response (resolved, 11 minutes): That was you. You logged in. From your office. At 8:47 AM. Using your laptop.

TICKET #SEC-4472

From: Brad Thornwell-Pierce, CISSP
To: IT Operations
Priority: P1 — CRITICAL
Subject: Re: Concerning login activity

Body: Understood. However, I would like a formal RCA documenting why the system allowed this login.

IT Response (resolved, 4 minutes): Because your password was correct.

TICKET #SEC-4473

From: Tyler M., SOC Analyst I
To: IT Operations
Priority: P2 — HIGH
Subject: Suspicious traffic to external IP

Body: Detected outbound traffic to an unknown external IP. Need IT to block immediately and investigate. Possible C2 channel.

IT Response (resolved, 2 minutes): That's Microsoft.

TICKET #SEC-4474

From: Brad Thornwell-Pierce, CISSP
To: IT Operations
Priority: P3 — MEDIUM
Subject: Password reset

Body: I'm locked out. Please reset.

IT Response (resolved, 47 minutes — included one phone call, one Teams message, and one in-person visit during which Brad was asked twice to confirm his identity): Done. Please don't write the new one on a sticky note this time.

Cybersecurity Industry Marks 15 Consecutive Years Of Demanding More Cybersecurity Professionals, Asks For 16th

Filed by Cybersecurity Smith ALEXANDRIA, VA. — The International Information System Security Certification Consortium, known as ISC2, released its annual Cybersecurity Workforce Study this fall, marking the fifteenth consecutive year in which the cybersecurity industry has called for an immediate and substantial increase in the number of cybersecurity professionals. ISC2 is

IT Department Achieves SOC 2 Compliance After CEO Asks Them To "Lean In" For Sixteenth Consecutive Quarter

Filed by Cybersecurity Smith CHARLOTTE — The information technology department at a mid-sized SaaS company successfully achieved SOC 2 Type II certification on Friday, sources confirmed, following an eight-month engagement during which the four-person team was asked to "find efficiencies," "do more with less," and ultimately "

POSTMORTEM: The Great Outlook Incident Of Q3

A reconstructed incident report, obtained by Cybersecurity Smith. Severity: SEV-1 Duration: 4 hours, 17 minutes Affected systems: Microsoft Outlook (corporate) Affected users: All of them, loudly 13:42 — Karen in Marketing reports Outlook is "doing the thing again." 13:43 — Help Desk asks what "the thing"

THOUGHT LEADERSHIP: 5 Lessons From The Breach We Didn't Have

From the LinkedIn of Brad Thornwell-Pierce, CISSP, CISM, CRISC, CISA, CCSP, CEH, Sec+, and recent recipient of the "Cyber Visionary Under 50" award from a publication he had not previously heard of. 5 Lessons From The Breach We Didn't Have This week, our organization successfully prevented

Read more

Cybersecurity Industry Marks 15 Consecutive Years Of Demanding More Cybersecurity Professionals, Asks For 16th

IT Department Achieves SOC 2 Compliance After CEO Asks Them To "Lean In" For Sixteenth Consecutive Quarter

POSTMORTEM: The Great Outlook Incident Of Q3

THOUGHT LEADERSHIP: 5 Lessons From The Breach We Didn't Have