Profile

CommunityPlatform_1350x900.jpg

Jesse Moore

Edit My Profile

My Content

1 to 20 of 25 total

RE: GRC and employee training recommendations?

Posted By Jesse Moore 11-28-2023 03:12:04 PM
Found In Egroup: Cybersecurity \ view thread
Hi Timothy, There are some info here including my thoughts: https://connect.educause.edu/discussion/it-risk-management-software Thank you, Jesse Moore, (Pronouns: he/him) MSc Cybersecurity & Info Assurance Over 50+ Certifications including GCFA, GPEN, EnCE ------------------------------------------------- ...

RE: Standardized list of risk factors?

Posted By Jesse Moore 10-03-2023 12:54:48 PM
Found In Egroup: Cybersecurity \ view thread
Hi Timothy, Not sure I can find a comprehensive list. What is the definition of "risk factors" There is lot to say potentially. And the below is not comprehensive by no means. There are a lot of Standards and Risk factors depending on industry. Lots of different NIST-800-* could produce risk factors. ...

RE: Bogus Ransomware Payment Requests

Posted By Jesse Moore 08-24-2023 05:22:43 PM
Found In Egroup: Cybersecurity \ view thread
Here is, to my knowledge what I understand as the fake ransome note. Does this look similar to what you saw? Thank you, Jesse Moore, (Pronouns: he/him) MSc Cybersecurity & Info Assurance Over 50+ Certifications including GCFA, GPEN, EnCE ------------------------------------------------- Office ...

RE: Bogus Ransomware Payment Requests

Posted By Jesse Moore 08-24-2023 01:54:55 PM
Found In Egroup: Cybersecurity \ view thread
Are you able to share the actual fake ransomware email with sensitive data removed? I heard of another college getting what is thought of as a fake ransomware (scareware) email. Thank you, Jesse Moore, (Pronouns: he/him) MSc Cybersecurity & Info Assurance Over 50+ Certifications including GCFA, ...

RE: IT Risk Management software

Posted By Jesse Moore 08-23-2023 03:42:29 PM
Found In Egroup: Cybersecurity \ view thread
Hi Rusty, I'm a tad bit late to the show. I am Interested in all the GRC platform software out there too. I did a walk through on the Free version of SimpleRisk back in May, here is the YouTube video from the non-profit group, https://www.youtube.com/watch?v=djS16IIpk7Q  Cyber Security Risk Management ...

RE: Cybersecurity/IT Security Tools

Posted By Jesse Moore 07-24-2023 10:38:51 AM
Found In Egroup: Cybersecurity \ view thread
Hi Ron, Thank you for the additional context about FTC Safeguards rule. I need a bit more context to contribute, as there is a lot to cover in the FTC Safeguards Rule. Sounds like you got some things covered. Do you have a specific area you are trying to address in this checklist? https://www.vi ...

RE: Security Advice - Working Remotely from Other Countries

Posted By Jesse Moore 03-10-2023 10:32:55 AM
Found In Egroup: Cybersecurity \ view thread
Hi Ron, Hope all is well. Checkout UW's website on traveling tips: Tips for Traveling – Office of the Chief Information Security Officer (uw.edu) Tips for Traveling Risk Advisory ciso.uw.edu Looking forward to other perspectives and feedback. Jesse Moore, (Pronouns: he/him) MSc Cybersecurity & ...

RE: LastPass Breach

Posted By Jesse Moore 01-06-2023 01:36:12 PM
Found In Egroup: Cybersecurity \ view thread
Thanks Clyde, for your detailed info. I appreciate your share. Disclaimer: This is my own opinion and perspective: I am of the belief that no product will be unbreachable (one way or another) and jumping to another product might be more dangerous as the company has not had to look at themselves in ...

RE: University/college SIEM Deployments

Posted By Jesse Moore 11-22-2022 01:07:25 PM
Found In Egroup: Cybersecurity \ view thread
Hi Stephen, I would suggest finding a way to relate your KPIs into defense implementations. Example: Alert: SIEM alerts on non-patched Windows 10 machine that has been exploited. Defense Implementation: Add GPO to add Windows Update For Business to Patch OS and drivers automatically across fleet ...

RE: Incident Response Playbook for Email Account Compromise

Posted By Jesse Moore 09-26-2022 09:40:59 AM
Found In Egroup: Cybersecurity \ view thread
Hi Scott, This process looks very familiar. I used to be on the Digital Forensics team and dealt with this stuff. Thanks for sharing this. Looking at the last two; I would provide more specifics, such as... Process to identify initial attack vector (phish email, patient zero) <--Use Digital Forensics ...

RE: CIS controls - Has anyone implemented them?

Posted By Jesse Moore 08-05-2022 09:27:00 AM
Found In Egroup: Cybersecurity \ view thread
Hi Tim, Please contact me off list so we may setup a Zoom/teams/ etc to talk in person as there is so much to say around this topic. You may email me at moorej1@uw.edu Jesse Moore, (Pronouns: he/him) College Degrees: MSc Cybersecurity & Info AssuranceB.Sc. Information Technology SecurityAssociates ...

RE: Authenticated vs. Unauthenticated Scans - Vulnerability Management

Posted By Jesse Moore 07-26-2022 04:02:00 PM
Found In Egroup: Cybersecurity \ view thread
Hi Ali, I have experience with (1-2 year) NeXpose and mostly Tenable.io (2-ish years) using Agents, UnAuth and Auth scans in a University environment. I'm going to focus on this part of what you said-> "accurate assessment " && "were authenticated vulnerability scans valuable to maintain the security ...

RE: CIS controls - Has anyone implemented them?

Posted By Jesse Moore 07-26-2022 10:06:00 AM
Found In Egroup: Cybersecurity \ view thread
Hi Timothy, I may assist with questions. I have been heavy involved with CIS-GPOs (I have gotchas you need to know), and CIS-CAT, and using CIS-Benchmarks and TOP 18. Side note: Example video of CIS-CAT usage: https://screencast-o-matic.com/watch/cFj6F7qjgf Let's talk more! Jesse Moore, (Pronouns: ...

RE: Email Scam - student awareness

Posted By Jesse Moore 07-08-2022 10:38:00 AM
Found In Egroup: Cybersecurity and Privacy Awareness and Education \ view thread
Hi Neal, Uni of WA has a page where we provide the actual email or phishing lure (text message) of student/staff/faculty here: https://ciso.uw.edu/education/phishing-examples/ Phishing Examples - Office of the Chief Information Security Officer Recent Catches (Click on each example to zoom) Often gift ...

RE: BYOD AV Offering

Posted By Jesse Moore 05-12-2022 11:38:00 AM
Found In Egroup: Cybersecurity \ view thread
Hi Andrew, UW has a page where students could go to and download the free version of Sophos. Here is what our page looks like for more of the details: https://itconnect.uw.edu/uware/sophos-anti-virus/ Sophos Anti-Virus | IT Connect The Sophos product suite includes stand-alone and managed anti-virus ...

RE: Invitation to Cyber Security Virtual Symposium

Posted By Jesse Moore 02-24-2022 10:48:00 AM
Found In Egroup: Cybersecurity \ view thread
Thanks Brian! I hope this is recorded as I would like to vet it before sending it to our Chancellor or other leaders. Jesse Moore, (he/him/his) College Degrees: MSc Cybersecurity & Info AssuranceB.Sc. Information Technology SecurityAssociates of Technical Arts in Information Security & Digital ...

RE: Simulated phishing: How do you handle "clickers"?

Posted By Jesse Moore 02-22-2022 12:12:00 PM
Found In Egroup: Cybersecurity \ view thread
Hi Michael, I welcome disagreements and insights as this provides more conversations and deeper discussion that may help others in the long run take in all perspectives to formulate their own approach. Thank you for your feedback. Side Note: The below is based on my experience being an Ex-Admin, Ex-Digital ...

RE: Simulated phishing: How do you handle "clickers"?

Posted By Jesse Moore 02-18-2022 04:49:00 PM
Found In Egroup: Cybersecurity \ view thread
Hi Timothy, Do you not have a email filter such as Sophos Messaging or ProofPoint, etc? Are you only relying on Gmail or Microsoft filters to catch regualr Phishing? Where does KnowBefore send its phishing from? maybe there is an Exception to allow that address and its content? If that is the case, not ...

RE: GRC Platforms?

Posted By Jesse Moore 02-17-2022 03:47:00 PM
Found In Egroup: Cybersecurity and Privacy Governance, Risk, and Compliance \ view thread
Hi Mollie, I would be happy to talk further on this. I'm usually partial to budget friendly software (like Excel �� ), but SimpleRisk seems to be the next runner up. SimpleRisk is one option that can be budget friendly. SimpleRisk has free versions (https://www.simplerisk.com/download) of ...

RE: Simulated phishing: How do you handle "clickers"?

Posted By Jesse Moore 02-17-2022 03:43:00 PM
Found In Egroup: Cybersecurity \ view thread
Hi Timothy , I'm wondering what Email filtering you got? For instance, if you have ProofPoint then regular Metasploit Pro Phishing emails will get caught so you need to actually make something an attacker would..... to get past your email filtering defenses. However, if you are going after users for ...