Mark Simos , a Chief Security Advisor at Microsoft and a great friend of mine recently shared a very useful resource list which I want to re share with you .
Here is Mark Simos Resource List
Enjoy!
Recent Updates
- Added CDOC blog link for “Zen and the Art of Threat Hunting“
- Fixed some broken links
Incident Response and Recovery
- IR Reference Guide – Lessons learned and recommendations from Microsoft, EY, Edelman, and Orrick to manage major incidents based on our collective experience (technical, operational, legal, and communications)
- NIST Guide for Cybersecurity Event Recovery – https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-184.pdf
- Microsoft’s Detection and Response Team (DART) – https://aka.ms/DART
Cybersecurity for Business Leaders
- Security Return on Investment (ROI) Video (1.5 minutes) – https://www.youtube.com/watch?v=maQh35MdFKY
- Cybersecurity Resilience – https://docs.microsoft.com/en-us/security/ciso-workshop/ciso-workshop-module-1#part-2-cybersecurity-resilience-1350
Mitigating Ransomware and Rapid Cyberattacks (Petya, WannaCrypt, etc.)
Roadmap of recommendations to protect against these attacks (30 days, 90 days, and beyond) put together by Microsoft, NIST, CIS, and DHS NCCIC (formerly US-CERT)
- Webinar – https://aka.ms/rapidattack-webinar
- Download slides (including detailed notes) – https://aka.ms/rapidattack-slides
Microsoft Security Guidance
- Security Documentation Main Site – https://aka.ms/securitydocs
- Best Practice Documentation and Videos – https://docs.microsoft.com/en-us/security/compass/microsoft-security-compass-introduction
- Cybersecurity Training (CISO Workshop) – https://aka.ms/CISOWorkshop
Cybersecurity Reference Architectures
- Microsoft Cybersecurity Reference Architecture (MCRA) Slides – http://aka.ms/mcra
- Security Operations Center (SOC) – Slide 72 of Slides | Video
- Zero Trust Access Control – Slide 14 of Slides | Video
- Mapping to NIST CSF and ISO 27001 – https://aka.ms/CyberMapping
Security Operations [Center] (SOC)
- CDOC Blog Series – Part 1 | Part 2a | Part 2b | Part 3a | Part 3b | Part 3c | Part 3d
- Video from Microsoft’s Virtual Security Summit (starting at 1:05:48) – https://info.microsoft.com/US-SCRTY-WBNR-FY19-04Apr-16-01MasterTheVirtualSecuritySummit-MCW0012180_02OnDemandRegistration-ForminBody.html
- Poster – https://aka.ms/minutesmatter
Zero Trust Resources
- Zero Trust Landing Page – Overview and links to resources, assessments, etc.
- CISO Workshop Slides/Videos – Zero Trust strategy and application to modern identity architecture
- Microsoft’s IT Learnings – from (ongoing) Zero Trust journey
- Vision Paper – Microsoft’s maturity model describing the Zero Trust journey
- eBook – summarizing dynamics of Zero Trust and how Microsoft technology supports it today
Enterprise Patch Management
Identity and Passwords
- Your Pa$$word Doesn’t Matter – https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Your-Pa-word-doesn-t-matter/ba-p/731984
Microsoft Azure
- Azure Security Compass (and tracking spreadsheets) – https://aka.ms/azuresecuritycompass
- Security Architecture Guidance (similar to AWS well-architected framework) – https://aka.ms/AzureSecurityArchitecture
- Azure Security Documentation – http://aka.ms/AzureSecInfo
- Feature Updates – https://azure.microsoft.com/en-us/updates/?status=all
Azure Sentinel
Microsoft’s Cloud Native SIEM and SOAR capability
- Azure Sentinel Documentation
- Project VAST dashboard – Discover old insecure protocols creating risk
Office 365 Security
- Prioritized Recommendations – Roadmap of security recommendations for protecting Office 365 against top attacks and prioritize by things to do in the first 30 days, first 90 days and beyond.
- Feature updates – https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=
Application/Development Security
The Secure DevOps Toolkit for Azure (AZSK) is the set of documentation and scripts that Microsoft’s IT organization used to secure the DevOps process on Azure
- Website – https://azsk.azurewebsites.net/
Securing Privileged Access
Recommended roadmap for securing privileged access
- Roadmap – Prescriptive roadmap of steps in priority order (first 30 days, 90 days, and beyond) – http://aka.ms/SPAroadmap
- Credential Theft Demonstration (~10 minutes) – http://aka.ms/credtheftdemo
- RSA Conference Presentation – Co-presentation with Tony Sager of the Center for Internet Security (CIS) on this aspect of critical hygiene – https://aka.ms/criticalhygiene-rsac
