Systems Engineering Cybersecurity Measures

Every morning before starting my day, I do a quick check across our environment to make sure everything is good. Here’s the simple checklist I stick to as a Security Engineer: - SIEM Alerts: Review critical and high-severity alerts from the last 24 hours. - Firewall & IDS Logs: Look for blocked connections, port scans, or unusual traffic. - Authentication Logs: Check for failed logins, unusual sign-ins, or access from new locations. - Endpoint Security: Ensure EDR/AV agents are active, up-to-date, and no threats are pending. - Backup Status: Confirm successful overnight backups; investigate any failures. - Patch Updates: Monitor for critical CVEs or zero-days and check update status across systems. - Threat Intelligence: Scan feeds for new IOCs or active campaigns relevant to our industry. - User Reports: Review phishing or suspicious activity reports from employees. - System Health: Make sure all key security tools (SIEM, firewalls, EDR) are running properly. - Log & Escalate: Document anything suspicious and escalate if needed. This doesn’t take long, but it helps me start the day with full visibility and peace of mind. #Cybersecurity #BlueTeam #InfoSec #SecurityEngineer #SIEM #SOC #Checklist #DailyOps

CISA has released its new Operational Technology (OT) Cybersecurity Guide, and it deserves board-level attention. For years, OT systems, the technology behind our power grids, water systems, manufacturing plants, and pipelines, were designed for reliability and safety, not cybersecurity. But as IT and OT environments have converged, the attack surface has expanded dramatically. We’ve already seen what this means in practice: ⚠️ Colonial Pipeline (fuel supply disruption) ⚠️ Oldsmar Water Plant (attempted poisoning) ⚠️ Ransomware groups are increasingly threatening physical operations to force payment. The CISA guide is a practical step forward, outlining what every OT-dependent organization should do: ✔️ Know your assets. Visibility is the foundation of OT security. ✔️ Segment IT and OT networks. Strong separation is essential. ✔️ Secure remote access. Enforce MFA, monitor, and log everything. ✔️ Patch with care. Use compensating controls when downtime isn’t possible. ✔️ Prepare for incidents. OT-specific monitoring, response plans, and recovery options must be in place. ✔️ Build resilience. Backups, redundancy, and even manual controls as a fallback. ✔️ Train people. Both IT and OT teams need a shared understanding of cyber risk. This isn’t just a technology problem. It’s a resilience problem. For executives, OT risk belongs on the same agenda as financial, legal, and regulatory risk. The impact of failure isn’t just data loss; it’s downtime, safety hazards, and national security implications. CISA’s guide is a reminder that OT security is no longer optional. It is a core part of modern business continuity. Please feel free to contact me if you need help or want more information on this. 🔔 Follow me for more real-world takes on cybersecurity, leadership, and tech strategy ♻️ Useful? Share to help others! #CyberSecurity #OperationalTechnology #RiskManagement #CriticalInfrastructure #CISA #BusinessContinuity

𝗣𝗮𝘁𝗰𝗵𝗶𝗻𝗴 𝗶𝗻 𝗢𝗧 𝗶𝘀 𝗺𝗼𝗿𝗲 𝘁𝗵𝗮𝗻 𝗮 𝗖𝗩𝗦𝗦 𝘀𝗰𝗼𝗿𝗲. 𝗜𝘁'𝘀 𝗮 𝗱𝗲𝗹𝗶𝗯𝗲𝗿𝗮𝘁𝗲 𝗽𝗿𝗼𝗰𝗲𝘀𝘀. In IT, patching can often be a race against time. In OT/ICS, it's a 𝗰𝗮𝗹𝗰𝘂𝗹𝗮𝘁𝗲𝗱 𝗱𝗲𝗰𝗶𝘀𝗶𝗼𝗻. Applying a patch without a thorough process can pose a greater risk to operations than the vulnerability itself. Before you patch that critical PLC or HMI, don't just look at the severity score. Follow a deliberate approach. Our checklist breaks it down into four key phases: Phase 1: Triage & Info Gathering Verify the vulnerability, understand the asset's role, and review the patch itself. Is it even applicable? Phase 2: Risk & Impact Analysis Assess the true operational risk. What's the impact of patching vs. the risk of inaction? A high-severity vulnerability on a non-critical, isolated asset may not be your top priority. Phase 3: Planning & Preparation Develop detailed patching, rollback, and validation plans. Schedule a maintenance window that minimizes operational disruption. Phase 4: Communication & Approval Notify all stakeholders, get formal approval through your change management process, and document the final decision. The goal isn't just to patch everything, but to patch the right things at the right time with the right plan. Liked it ? Reshare #OTCybersecurity #ICS #IndustrialCybersecurity #PatchManagement #RiskManagement #CyberSecurity #OperationsTechnology

57% of major cyber incidents involve attack types teams never rehearsed. Too many tabletop exercises rely on familiar, dramatic attack scenarios... the kind people already expect. But the real danger is in what nobody saw coming: subtle lateral movement, quiet exfiltration, or chained compromises that don’t start with a big flash. To make exercises meaningful, they have to reflect your environment, your risks, your tech, your people. Teams should test contacting people, fallback comms, expired phone lists, even burner phone logistics. Those “mundane” failures often become the real showstoppers in a crisis. Real preparation is less about scripting a perfect drill and more about building adaptability, muscle memory for surprises, and resilience when chaos hits. #IncidentResponse #CyberReadiness #TabletopExercises

Difference between NGAV, EDR, XDR & MDR. And what to choose? This is a common question asked by mid-market security teams. So, here's the what, why & when: 1) NGAV - Next Gen Antivirus What it does: → Detects and removes known viruses & malware. → Focused on signature-based identification. → Best for entry-level protection. Who is it for: → Provides basic protection against basic threats. → Very small setups or personal devices. → Suitable for low-risk environments. 2) EDR - Endpoint Detection & Response What it does: → Monitors endpoints for suspicious behavior and patterns. → Provides real-time threat detection and investigation. → Enables faster response to endpoint-specific attacks. Who is it for: → Organizations needing endpoint-focused protection. → IT teams capable of managing incidents in-house. → Suitable for critical device protection. 3) XDR - Extended Detection & Response What it does: → Combines data from endpoints, cloud, identity, network, & mobile → Integrates multiple threat vectors into a single platform. → Offers unified insights for complex attack detection. Who is it for: → Organizations combating 0-hour, multi-vector threats. → Enterprises needing cross-platform visibility. → Teams looking to reduce false positives. 4) MDR - Managed Detection & Response What it does: → Outsources incident response & tailored threat intelligence. → Includes EDR/XDR with 24/7 monitoring by experts. → Combines proactive threat hunting & analysis. Who is it for: → Organizations without internal security expertise / manpower. → Those needing rapid threat response & management. → Organizations requiring continuous monitoring. Choosing the right solution depends on resources & complexity. Basically your team's capacity to manage incidents. If your organization has a skilled security team, EDR/XDR work well. If your security team is understaffed, MDR works well. If you're still not sure what fits your needs, we'll gladly help. DM me "Endpoint". P.S. What other considerations would you add to these? ---- Hi! I’m Rajeev Mamidanna. I help CISOs strengthen Cybersecurity Strategies + Build Authority on LinkedIn.

🚀 𝐍𝐞𝐰 𝐏𝐮𝐛𝐥𝐢𝐜𝐚𝐭𝐢𝐨𝐧! 𝐈𝐧𝐭𝐞𝐠𝐫𝐚𝐭𝐢𝐧𝐠 𝐭𝐡𝐞 𝐂𝐑𝐀 𝐢𝐧𝐭𝐨 𝐭𝐡𝐞 𝐈𝐨𝐓 𝐋𝐢𝐟𝐞𝐜𝐲𝐜𝐥𝐞: 𝐂𝐡𝐚𝐥𝐥𝐞𝐧𝐠𝐞𝐬, 𝐒𝐭𝐫𝐚𝐭𝐞𝐠𝐢𝐞𝐬, 𝐚𝐧𝐝 𝐁𝐞𝐬𝐭 𝐏𝐫𝐚𝐜𝐭𝐢𝐜𝐞𝐬 Proud to share our newest peer-reviewed article in Information (MDPI), co-authored with Miguel Ángel Ortega Velázquez, Iris Cuevas Martinez, and Dr. Antonio J. Jara (myself as ISACA CISM/CISA/AAIA). 𝘛𝘩𝘪𝘴 𝘸𝘰𝘳𝘬 𝘢𝘳𝘳𝘪𝘷𝘦𝘴 𝘢𝘵 𝘢 𝘤𝘳𝘶𝘤𝘪𝘢𝘭 𝘮𝘰𝘮𝘦𝘯𝘵, 𝘢𝘴 𝘵𝘩𝘦 𝘌𝘜 𝘊𝘺𝘣𝘦𝘳 𝘙𝘦𝘴𝘪𝘭𝘪𝘦𝘯𝘤𝘦 𝘈𝘤𝘵 (𝘊𝘙𝘈) 𝘣𝘦𝘤𝘰𝘮𝘦𝘴 𝘵𝘩𝘦 𝘮𝘰𝘴𝘵 𝘪𝘮𝘱𝘢𝘤𝘵𝘧𝘶𝘭 𝘳𝘦𝘨𝘶𝘭𝘢𝘵𝘪𝘰𝘯 𝘧𝘰𝘳 𝘐𝘰𝘛 𝘮𝘢𝘯𝘶𝘧𝘢𝘤𝘵𝘶𝘳𝘦𝘳𝘴 𝘪𝘯 𝘵𝘩𝘦 𝘤𝘰𝘮𝘪𝘯𝘨 𝘺𝘦𝘢𝘳𝘴. 🔥 𝐓𝐨𝐩 𝐓𝐚𝐤𝐞𝐚𝐰𝐚𝐲𝐬 1️⃣ 𝐀 𝐜𝐨𝐦𝐩𝐥𝐞𝐭𝐞 𝐦𝐞𝐭𝐡𝐨𝐝𝐨𝐥𝐨𝐠𝐲 𝐭𝐨 𝐜𝐨𝐧𝐯𝐞𝐫𝐭 𝐥𝐞𝐠𝐚𝐥 𝐂𝐑𝐀 𝐭𝐞𝐱𝐭 𝐢𝐧𝐭𝐨 𝐞𝐧𝐠𝐢𝐧𝐞𝐞𝐫𝐢𝐧𝐠 𝐫𝐞𝐚𝐥𝐢𝐭𝐲: We introduce a two-phase framework: • Phase 1: Systematically transform CRA Articles 13–14 and Annexes into atomic, testable engineering requirements. • Phase 2: Apply Analytic Hierarchy Process (AHP) quantitative scoring to produce a defensible readiness metric. 2️⃣ 𝐀 𝐟𝐮𝐥𝐥 𝐥𝐢𝐟𝐞𝐜𝐲𝐜𝐥𝐞-𝐛𝐚𝐬𝐞𝐝 𝐂𝐑𝐀 𝐜𝐡𝐞𝐜𝐤𝐥𝐢𝐬𝐭 𝐟𝐨𝐫 𝐈𝐨𝐓 𝐩𝐫𝐨𝐝𝐮𝐜𝐭𝐬: From secure design to post-market obligations, the paper provides an actionable DevSecOps-aligned checklist. 3️⃣ 𝐀 𝐝𝐞𝐟𝐞𝐧𝐬𝐢𝐛𝐥𝐞 𝐫𝐢𝐬𝐤-𝐛𝐚𝐬𝐞𝐝 𝐰𝐞𝐢𝐠𝐡𝐭𝐢𝐧𝐠 𝐦𝐨𝐝𝐞𝐥 𝐮𝐬𝐢𝐧𝐠 𝐭𝐡𝐞 𝐀𝐧𝐚𝐥𝐲𝐭𝐢𝐜 𝐇𝐢𝐞𝐫𝐚𝐫𝐜𝐡𝐲 𝐏𝐫𝐨𝐜𝐞𝐬𝐬 (𝐀𝐇𝐏): We derive consistent domain weights, ensuring mathematically validated prioritization of CRA domains. 4️⃣ 𝐑𝐞𝐚𝐥-𝐰𝐨𝐫𝐥𝐝 𝐯𝐚𝐥𝐢𝐝𝐚𝐭𝐢𝐨𝐧 through the TRUEDATA project funded by INCIBE - Instituto Nacional de Ciberseguridad: We applied the full model to a large industrial OT cybersecurity project (water infrastructure) with Neoradix Solutions AirTrace Bersey UCAM Universidad Católica San Antonio de Murcia at the pilots with the support of the Confederación Hidrográfica del Segura, O.A., Mancomunidad De Los Canales De Taibilla, and FRANCISCO ARAGÓN. 5️⃣ 𝐂𝐥𝐞𝐚𝐫 𝐨𝐩𝐞𝐫𝐚𝐭𝐢𝐨𝐧𝐚𝐥 𝐠𝐮𝐢𝐝𝐚𝐧𝐜𝐞. The paper provides best practices for SBOM automation, PSIRT & CVD setup, Secure-by-design, OTA, monitoring, attestation, documentation and conformity assessment Our aim from Libelium with this paper is to give the industry a practical, structured, and evidence-based way to operationalize compliance and strengthen cybersecurity by design. 𝐓𝐑𝐔𝐄𝐃𝐀𝐓𝐀 𝐝𝐞𝐦𝐨𝐧𝐬𝐭𝐫𝐚𝐭𝐞𝐬 𝐡𝐨𝐰 𝐭𝐡𝐞 𝐦𝐞𝐭𝐡𝐨𝐝𝐨𝐥𝐨𝐠𝐲 𝐚𝐩𝐩𝐥𝐢𝐞𝐬 𝐭𝐨 𝐡𝐢𝐠𝐡-𝐬𝐭𝐚𝐤𝐞𝐬 𝐢𝐧𝐝𝐮𝐬𝐭𝐫𝐢𝐚𝐥 𝐬𝐲𝐬𝐭𝐞𝐦𝐬. 𝐓𝐡𝐞 𝐂𝐑𝐀 𝐢𝐬 𝐧𝐨𝐭 “𝐣𝐮𝐬𝐭 𝐚𝐧𝐨𝐭𝐡𝐞𝐫 𝐫𝐞𝐠𝐮𝐥𝐚𝐭𝐢𝐨𝐧”, 𝐢𝐭 𝐢𝐬 𝐭𝐡𝐞 𝐧𝐞𝐰 𝐛𝐚𝐬𝐞𝐥𝐢𝐧𝐞 𝐟𝐨𝐫 𝐈𝐨𝐓 𝐭𝐫𝐮𝐬𝐭 𝐢𝐧 𝐄𝐮𝐫𝐨𝐩𝐞. 👉 Download here: https://lnkd.in/dQu54qE2 European Union Agency for Cybersecurity (ENISA) Felix A. Barrio (PhD, CISM) Global Cybersecurity Forum SITE سايت Betania Allo Axon Partners Group ISACA ISACA VALENCIA

Most students study cybersecurity through theory. I decided to build it — Over the past few weeks, I’ve been working on a SOC Automation Homelab series — where I simulate real-world attacks, collect telemetry, trigger custom alerts (yep, Mimikatz too), and automate the detection process using tools like Wazuh, Filebeat, and more. If you’re curious about how blue teams operate, how SIEMs actually work, or want to build your own home SOC — this series is for you..... #cybersecurity #homelabs #medium #SEO

Most tabletop exercises fail for one boring reason. They are not exercises. They are meetings with a scary slide deck, everyone talks, nobody is tested. ENISA recently published a cybersecurity exercise methodology for planners. It treats an exercise like a product launch. You plan, scope, build, run, measure, then improve. Three things I now push in fintech, and planning time is first. It is not a vibe, it is math. ENISA suggests a minimum of six months. They even give a rough formula for preparation time. More complexity and more stakeholder groups means more months, fast. Second, scope kills more exercises than attackers. If your scope is "test everything", results dilute fast. If it is "test the email server", reality disappears. Pick two or three critical processes. Map the dependencies, including vendors, handoffs, and comms. Be explicit on who plays, who observes, and who decides. Third, evaluation is the point. Without it, you ran training, not readiness. Set smart objectives with a clear measure of success. Define indicators, then metrics, then data sources. Decide what success looks like before day one. Build injects that force real decisions, at realistic pace. Use a master scenario event list as your conductor score. Your after action report becomes evidence, not opinion. Your action plan becomes prioritised, not hand waving. If your tabletop felt pointless, this is why, make it measurable or do not run it. #ENISA

FY2026 Signals Joint Defense Tech The Pentagon isn’t looking for more tech. It’s looking for tech that fits the fight. What wins? interoperable, multi-domain, coalition-ready tech that aligns with how the U.S. and its allies will fight. Hear me out… 1. Integration Is the Mission PE 0604826J is the COG for CJADC2. It funds interoperability pilots with NATO, secure data sharing across services, and cross-domain C2 experiments like Bold Quest. Your tech needs to plug into this joint ecosystem. 2. Multi-Domain C2 Is Non-Negotiable The budget holds firm on digital datalinks, secure comms, and allied data exchange. Your tech must talk across domains and allies, don’t expect traction. 3. Rapid Prototyping Isn’t Dead—It’s Evolving RDER may be gone, but its intent lives on. The budget still backs prototypes that can shape joint force design. Demo utility in a joint context and watch your TRL skyrocket. 4. Congress ‘All In on Joint Tech’ is a buying signal. • $400M → Joint Fires Network • $400M → Joint battle management tools • $1B → Accelerated tech fielding • $2B → DIU scaling commercial tech 5. AI/ML, Autonomy, C5ISR—Joint prioritization isn’t just lip service. Budget lines explicitly call out: • Multi-service unmanned systems • Maritime robotics • Coalition-ready EW and ISR

Ukraines success on the battlefield is not only courage, motivation and determination - it is also about Data! The Ukrainian Delta is a, cloud-based, indigenous Ukrainian command-and-control (C2) and situational awareness system that integrates real-time intelligence from drones, satellites, sensors, and human intelligence on a single Google Maps-style, digital map. Developed by the Ministry of Defense and Aerorozvidka since 2021, it enables,NATO-interoperable battlefield management from tactical to strategic levels, and has been used for major operations, including the defense of Kyiv and strikes on the Russian Black Sea Fleet. Key Features and Capabilities Situational Awareness: Delta provides a comprehensive,,real-time, picture of the battlefield, allowing commanders to see enemy positions, movements, and friendly troop locations. Targeting: The system has an integrated AI-based module for automatic detection of enemy equipment, supporting the targeting of over 2,000 enemy objects daily. Platform Flexibility: Accessible via laptops, tablets, and mobile devices, it does not require specialized hardware. Interoperability: Designed to meet NATO standards, it enables joint operations and integrates with Western-provided intelligence. Scalability: Used across all levels of the Ukrainian Defense Forces, from individual,Brigades to high-level command. Operational Impact As of August 2025, the system was adopted across all branches of the Ukrainian Defense Forces. It has significantly reduced, the time required to strike targets, enhancing, operational, efficiency. The system also includes specialized modules such as, "Vezha," used for managing, unmanned, systems in maritime and land operations. #DefenseTechnology #MilitaryInnovation #CommandAndControl #BattlefieldManagement #SituationalAwareness #NATO #Ukraine Marijn Markus Roman Sheremeta Lars Raae Steen Kjærgaard Jacob Kaarsbo Carlo Lippold