Welcome to the latest of my Security Bytes posts, where I dig into areas of interest in Infosec/CyberSec, and offer my opinion. In my last post, I talked at a high level about what Least Privilege actually is. In this post, I’ll explore common approaches taken/tooling used to address some of …

Welcome to the latest of my Security Bytes posts, where I dig into areas of interest in Infosec/CyberSec, and offer my opinion. In my last post, I talked at a high level about the history of computers and privileged access. In this post, I want to get into a term you may hear a lot of if you work in …

This post is the first in a series of posts on the challenges of balancing privileged access with a robust security posture and a challenging delivery pipeline. It is also the first of my Security Bytes posts, where I dig into areas of interest in Information Security/Cyber Security, and offer my …

Intro I recently managed to pass the Microsoft Certified : Identity and Access Administrator (SC-300) exam. Preparation This time around I prepped a little differently. I attended the Microsoft SC-300 training course last week (Monday through Thursday). I took the evenings off to let my brain relax. …

Intro I recently managed to pass the Microsoft Certified : Azure Security Engineer Associate exam. Those of you that know me well will know that I’m not normally an exam/certification junkie - I’ve avoided them since high school all the way through my professional career until I went for …

Intro If you need to capture network traffic from a Windows server, you may find that that standards or controls in your organisation prevent or forbid you from installing tools such as Wireshark on your Windows servers. This may be enforced by AppLocker or other controls. However, if you do have …