Yes can run the whole thing through a set of AWS lambdas, pull basic sec platform alerts from your GSuite and so on, dump all them into slack webhooks, dump into slack sec channels, align any sec IR processes to you Ops IR processes which you’ll need anyway.
From there, be disciplined about password managers early, get on at least separate OS logins if still doing BYOD, link up 2FA via Google auth, and figure out your email infra and where the root email that matters for infra is. Enterprise sec up and running.
Dude. I do not trust Lambdas. I've seen way too many CTFs and Cloud privesc paths to know how one even slightly misconfigured Lambda can led to full admin access.
We have a more local solution to query our security logs.
dogman144|1 year ago
From there, be disciplined about password managers early, get on at least separate OS logins if still doing BYOD, link up 2FA via Google auth, and figure out your email infra and where the root email that matters for infra is. Enterprise sec up and running.
neochris|1 year ago
We have a more local solution to query our security logs.