WELCOME TO CRONINITY

Within the CISO MindMap, Security Operations encompasses three major domains: Threat Prevention, Threat Detection, and Incident Management. This article focuses specifically on the Threat Prevention domain and examines several maturity models that apply to key subdomains within this area. Threat Prevention Threat Prevention spans a broad range of capabilities and is heavily influenced by an organization’s operational environment and technology stack. While many subdomains hav

One of the first areas of the CISO MindMap we will examine is Team Management, which encompasses both Information Security Budget Management and Staffing and Talent Management. There is no single, universally adopted “Security Budget Capability Maturity Model” dedicated specifically to IT or information-system security budgeting. However, several established capability maturity models include budgeting, financial governance, or resource optimization as part of broader securit

CISO MindMap Overview A few years ago, I came across the CISO MindMap, “What Security Professionals Really Do?”, developed by Rafeeq Rehman. It remains an excellent reference for cybersecurity practitioners, especially those in leadership roles. The MindMap is available publicly and continues to be updated as the field evolves. Cybersecurity professionals often develop deep expertise in one or more domains, but may not have full visibility into the breadth, interdependencies,

Today’s AI Systems and need for High-speed interconnects Modern AI systems resemble supercomputers far more than traditional web-scale architectures. This is because AI workloads, especially distributed training using data-parallel, model-parallel, or tensor-parallel techniques, place enormous demands on east-west bandwidth between GPUs. These GPU-to-GPU exchanges include: Gradient sharing Parameter synchronization Checkpointing and state transfers Collective operations such

AI's Multiple Networks: Understanding the Layers of Connectivity Modern AI infrastructure uses multiple specialized networks, each with distinct performance, reliability, and cost requirements. These networks are typically organized into four or five tiers, ranked below from lowest to highest by speed, performance demands, and connectivity needs. Because each network tier has different requirements, they use different cabling and hardware at varying price points. Within each

The Critical Role of Networking in AI Beyond power and cooling, and beyond the specialized servers and AI accelerators themselves, one of the most essential, and often underestimated, components of any AI infrastructure is the network fabric that interconnects those systems. In NVIDIA’s AI Factory reference model, the network is not a supporting element; it is a core pillar that determines how efficiently AI workloads scale, communicate, and perform. Just as AI chips continue

Security CoPilot - Reference Diagram Overview The component labeled “Security Copilot” functions primarily as an orchestrator that bridges the Microsoft environment with the OpenAI LLM operating within Microsoft’s secure ecosystem. In Microsoft Security Copilot, Copilots function primarily as orchestrators rather than traditional AI models using embeddings or vector databases. Instead of performing semantic searches or querying internal data stores, Copilots leverage plugins

Standard IR Data Analysis phases A practical way to evaluate AI’s impact on incident response (IR) is by examining how it enhances the data analysis phases that analysts perform during alert triage and incident handling. These are analytical stages, distinct from the traditional IR lifecycle of Identification, Containment, Eradication, Recovery, and Lessons Learned. The core data analysis phases include: Planning, Search (including Data Collection and Parsing), Normalization,

Test Plan - Test 1: Installation and Configuration of Microsoft Security Copilot and Applicable Plugins Background Microsoft Security Copilot leverages AI-driven orchestration across Microsoft security tools using integrated plugins and agents. Its performance depends on Security Compute Units (SCUs), the measure of compute capacity required to run Copilot workloads. SCUs are billed per hourly activation, not per-minute increments. Each activation incurs a minimum charge of o

CRISC IT Systems Topic areas: Information Technology Principles Enterprise architecture: Managing and governing the overall structure of an organization's IT systems. IT operations management: Handling the day-to-day IT processes, such as change management, IT asset management, and incident management. Project management: Applying risk management principles throughout the system development life cycle (SDLC). Disaster recovery management (DRM): Creating and maintaining a plan

Moving from Risk Assessment to Risk response & Reporting Once a risk has been identified and assessed, the next step is to ask: What will we do about it? This is where risk treatment or risk response comes into play, selecting the most appropriate action to manage the risk. Risk Response Risk and Control Ownership: Assigning accountability for risks and the controls that address them. Risk Treatment/Response Options: Deciding on the appropriate strategy for addressing ident

Risk Evaluation & Risk Assessment Once the scope of the risk analysis is clearly defined, the next critical phase is Risk Assessment & Evaluation. This stage involves assessing the potential risks to the organization's people, assets, and data within the context of the defined system or environment. Risk Assessment & Evaluation serves as the analytical core of any cyber risk management process. While much of the industry content and discussion around cyber risk tends to focus

CRISQ Topic area overview Cyber risk management often feels complex due to the variety of frameworks, terminology, and implementation approaches in circulation. This article serves as a study aid for the Certified in Risk and Information Systems Control (CRISC) certification by breaking down key concepts within a simplified, practical risk management framework. At a high level, effective risk management can be distilled into four core functions: Risk Governance – Define the m

Security Copilot Product Testing These concepts are presented to establish a foundation for evaluating what Security Copilot can do today, the effort required to implement those capabilities, and how that may evolve with future enhancements. For instance, the transition from the Planning phase to Data Search may not yet be fully dynamic, particularly when the data required for analysis originates outside the Microsoft ecosystem. Microsoft has long incorporated guided response

The Microsoft SC-100 'Microsoft Certified: Cybersecurity Architect Expert' credential is a Microsoft expert level credential that...

broser extensions detections https://github.com/elastic/protections-artifacts/blob/b427449015fcbd81bbf2f0aa5f4dc800f64ccb96/behavior/rules/macos/persistence_suspicious_browser_preference_file_modification.toml?utm_source=substack&utm_medium=email brwoser crdes stealing https://github.com/elastic/protections-artifacts/blob/b427449015fcbd81bbf2f0aa5f4dc800f64ccb96/behavior/rules/windows/credential_access_failed_access_attempt_to_web_browser_files.toml?utm_source=substack&utm_me

Understanding Identity in Transit vs. Identity at Rest: The Session Hijack Problem This article breaks down a key issue in modern identity protection: the critical difference between “Identity at Rest” and “Identity in Transit.” 1. Identity at Rest Identity at rest refers to credentials stored on systems or in databases, password hashes, key material, etc. Traditional attacks here include: Breaches targeting hashed credentials. Well-defined defenses exist for this space: Stro

I recently came across a post about the Netherlands passing a stricter espionage law, explicitly extending to cyber activities, and it...