- 29
- 78 527
Mark Simos
เข้าร่วมเมื่อ 15 ก.ย. 2021
"Every poem is a momentary stay against the confusion of the world." - Robert Frost
I believe making complex topics like cybersecurity accessible to more people.
I find joy in my professional life by creating clarity to help banish the suffering caused by confusion. Life is too short to wrestle with confusion at work, especially on important topics like cybersecurity where the stakes seem to increase regularly.
Making cyber accessible to more people makes us all better - opening doors for more people to help and to bring their diverse experiences, skills, and fresh perspectives. This leads to a more rewarding work experience and puts us on a path to stronger, simpler, and more sustainable solutions.
For a link to many of works, see aka.ms/markslist
I believe making complex topics like cybersecurity accessible to more people.
I find joy in my professional life by creating clarity to help banish the suffering caused by confusion. Life is too short to wrestle with confusion at work, especially on important topics like cybersecurity where the stakes seem to increase regularly.
Making cyber accessible to more people makes us all better - opening doors for more people to help and to bring their diverse experiences, skills, and fresh perspectives. This leads to a more rewarding work experience and puts us on a path to stronger, simpler, and more sustainable solutions.
For a link to many of works, see aka.ms/markslist
CAF Security Operations
Overview of the Security Operations (SecOps/SOC) discipline in the Secure Methodology of the Cloud Adoption Framework (CAF) with John Dellinger and Mark Simos. This rich discussion focuses on real world lessons learned for a security operations program including key cultural elements, critically important success metrics, and points of integration with business processes. Mark and John also discuss a reference team model built around 'jobs to be done' in security operations-- handling high volume vs. high complexity incidents, coordinating incident response with organizational stakeholders, and sharing threat intelligence insights to inform decision makers within security, IT, and business leadership.
มุมมอง: 718
วีดีโอ
CAF Security Governance
มุมมอง 1643 ปีที่แล้ว
Overview of the Security Governance discipline in the Secure Methodology of the Cloud Adoption Framework (CAF) with Abbas Kudrati and Mark Simos. This discussion covers how security governance bridges the worlds of business and technology with architecture and policy, as well as defining the practice of posture management. Posture management allows governance to grow beyond a passive and reacti...
CAF Security Integration
มุมมอง 4183 ปีที่แล้ว
Overview of Security Integration guidance in the Secure Methodology of the Cloud Adoption Framework (CAF) with James Ringold and Mark Simos. This includes a frank and honest discussion of the current state of security-business process integration and internal security team integration at many organizations and how to improve that using the concept of healthy friction. . Mark and James share sto...
CAF Security Governance
มุมมอง 3053 ปีที่แล้ว
Overview of the Security Governance discipline in the Secure Methodology of the Cloud Adoption Framework (CAF) with Abbas Kudrati and Mark Simos. This discussion covers how security governance bridges the worlds of business and technology with architecture and policy, as well as defining the practice of posture management. Posture management allows governance to grow beyond a passive and reacti...
CAF Security Governance
มุมมอง 663 ปีที่แล้ว
Overview of the Security Governance discipline in the Secure Methodology of the Cloud Adoption Framework (CAF) with Abbas Kudrati and Mark Simos. This discussion covers how security governance bridges the worlds of business and technology with architecture and policy, as well as defining the practice of posture management. Posture management allows governance to grow beyond a passive and reacti...
CAF Risk Insights
มุมมอง 3203 ปีที่แล้ว
Overview of Risk Insights guidance in the Secure Methodology of the Cloud Adoption Framework (CAF) with Sarah Armstrong-Smith and Mark Simos. This is a rich discussion of security as a business risk covering how organizations should integrate security risk into their thinking and management frameworks, what types of threat actors organizations face, and many real world pitfalls to avoid and les...
CAF Intro
มุมมอง 2.3K3 ปีที่แล้ว
Introduction to the Cloud Adoption Framework (CAF) Secure Methodology with Shawn Anderson and Mark Simos. This video introduces the overall reference model for a security program, how it links to digital and cloud transformations, tips on organizing and running a security program, the business asset-centric nature of security (often data-centric), and how each of the security disciplines fit to...
CAF Innovation Security (DevSecOps)
มุมมอง 3203 ปีที่แล้ว
Overview of the Innovation Security discipline in the Secure Methodology of the Cloud Adoption Framework (CAF) with Victoria Almazova and Mark Simos. This includes a discussion of what innovation security and DevSecOps are, how attackers are targeting development processes and software supply chains, how securing DevOps is different from (and much better than) classic waterfall approaches, and ...
CAF Business Resilience
มุมมอง 3753 ปีที่แล้ว
Overview of Business resilience guidance in the Secure Methodology of the Cloud Adoption Framework (CAF) with Marcello Zillo Neto, Minoru Hanamura, and Mark Simos. They share insights through a rich discussion of how to think about business resilience during each lifecycle stage before a security incident, during an incident, after the incident (getting quickly back to business operations), and...
MCRA Zero Trust Overview
มุมมอง 5K3 ปีที่แล้ว
Summary of Zero Trust and Rapid Modernization Plan (RaMP) with Dan Menicucci and Mark Simos. This video covers why organizations need zero trust, definition of zero trust, zero trust principles, comparison of when to use network and identity access controls, and planning guidance to quickly get you started with the Zero Trust RaMP.
CAF Asset Protection
มุมมอง 3343 ปีที่แล้ว
Overview of the Asset Protection discipline in the Secure Methodology of the Cloud Adoption Framework (CAF) with Mark Simos. This includes what asset protection is, which teams are typically responsible for it, what good looks like, and how asset protection relates to other disciplines like security governance, access control, security operations, and innovation security.
MCRA Security Roles
มุมมอง 3.3K3 ปีที่แล้ว
Overview of the roles and responsibilities in a security program and how they are evolving to meet the needs of modern attacks, cloud technology, and zero trust with Sarah Armstrong-Smith and Mark Simos. This is a top to bottom view of roles including the board and executives, technical/security executives, and security functions like security operations (SecOps/SOC), governance, compliance, se...
MCRA Zero Trust The Open Group
มุมมอง 2K3 ปีที่แล้ว
Overview of the perspective of The Open Group on Zero Trust from Cyril Voisin and Mark Simos. The Jericho Forum® created the original Jericho Forum® Commandments that have become the de facto foundation of modern zero trust approaches, and this Forum later merged into the Security Forum at The Open Group. Mark and Cyril discuss how The Open Group views the challenges of securing a modern connec...
MCRA Securing Privileged Access
มุมมอง 3.1K3 ปีที่แล้ว
Overview of Microsoft's securing privileged access guidance with Jim Moeller and Mark Simos. This video includes a frank and direct discussion of how these attacks are used in ransomware/extortion and nation state attacks as well as an overview of the guidance that includes a strategy, tactics, detailed plan with defined technical profiles for security levels, and automation to make implementat...
CAF Access Control
มุมมอง 5343 ปีที่แล้ว
Overview of the Access Control discipline in the Secure Methodology of the Cloud Adoption Framework (CAF) with Mark Simos. This describes how Access Control strategies shift with Zero Trust, details on how authentication-authorization evolves into known-trusted-allowed (comparable to airport security evolution), and a business-centric access model designed to address the needs of a complete mod...
thank you for this! it was helpful even if a bit verbose.
I love that Mark had to pause to remember his own last name lol
Good progress but still missing controls around Service Principal, sure there is Workload Identities for internally registered apps, but then for external app integration, you are basically handing off the keys to your vendors and praying that they also have Workload Identities. Why is Workload Identities an extra license is another issue.
Would love to get an update to this following the MCRA dec 2023.
In a design being deployed by my com-any just now, we are seeing a variety of outbound traffic to a widely dispersed array of receiving IPs. We are looking to identify and separate the telemetry and user data in order to understand where the user data is actually going. What indicators might there be in the dump of traffic generated during a simple upload to OneDrive? Which appears to be populating via sharepoint as OneDrive seems to be blocked at this time.. any direction would be appreciated.
Where can I get this topic on Microsoft Learn?
great intro to the concept!
This right ? right ? Guy is so irritating … can’t watch
Would be awesome to have a repo where we can download these diagrams
aka.ms/MCRA has links to download the original PowerPoint
This is a gem. I
Great information thanks
These videos are gold