Last updated 2024-09-02
Nothing on this page is sponsored. All links to books will be to the Kindle versions where possible simply for speed of accessibility and my personal preference.
- Links to sites & online tools
- Tools & Utilities
- Applications & Platforms
- Reading & reference material
Links
Microsoft
| Azure Portal | https://portal.azure.com/#home |
| Intune Portal | https://endpoint.microsoft.com/#home |
| Microsoft 365 Admin Center | https://admin.microsoft.com/Adminportal/Home#/homepage |
Email & DNS
| MX Toolbox | https://mxtoolbox.com/EmailHeaders.aspx |
| ICANN | https://lookup.icann.org/en |
| Email Checker – check if an email address exists | https://email-checker.net |
| Unbound Test – check verbose DNS records | https://unboundtest.com |
Web tools
| DownDetector – check if a site or service is down (manual public report of outages accepted) | https://downdetector.com |
| Wake-on-LAN over the internet | https://www.depicus.com/wake-on-lan/woli |
| USB ID Database – look up vendor & product ID values (VID & PID) | https://the-sz.com/products/usbid/index.php |
| Time.is – easy time lookup with a few default time zones | https://time.is/ |
Tools & Utilities
Application tools
- Core Temp – CPU temperatures
- CPU-Z – various hardware stats
- CrystalDiskInfo – hard drive stats
- DesktopOK – saves & restores desktop icon arrangement. While restores can be hit or miss, it’s better than nothing.
- PortableApps – run applications without install from portable media (or simply on a PC without install privileges)
- AutoHotKey – bind actions to keystrokes, including keystrings
- TestDisk – suite of data & partition recovery tools for several platforms
- YUMI – multiboot tool
- Nmap – network mapping tool
- PuTTY – SSH & telnet client
- Notepad++ – lightweight text editor with syntax highlighting plug-ins for extra features
- OEM driver updaters
Applications & Platforms
Password Managers
1Password is easily my #1 pick.
- Flexible cross-platform support
- Standard end-to-end encryption with no unencrypted data stored at any point
- Highly usable browser extensions (Edge, Chrome, Firefox, Brave)
- Easy, printable emergency kit (with private key, QR code, and space for you to include your password) for when you can’t access a device with 1Password
- Extremely affordable pricing with both personal & enterprise options
- In the only even semi-related compromise I’m aware of (Okta, a vendor of theirs, had its ticketing system compromised after successful exploit of that vendor’s product), 1Password wrote a fantastic blog post informing customers and including a wonderfully concise security incident report with all critical executive & administrator details, a major plus in my book.
- Unfortunately not FIPS 140-2 certified as of 2023 when I contacted 1Password support. They also specified they have no current plans to become certified as it would require too much re-work of the product and limit development flexibility if achieved. If you require such FIPS certification as part of US federal regulation (e.g., NIST 800-171/172, CMMC 2.0 Level 2/3), 1Password does not, in my estimation, seem compliant when used to access, store, process, or generally touch Controlled Unclassified Information (CUI). I include this detail here chiefly because I could not confirm it using public sources.
Endpoint protection
There is no shortage of detailed discussion on this topic which evolves as products and the global security landscape evolve. This short section is no substitute for due diligence and product testing, and no product is a substitute for meaningful security baselines throughout your environment.
For personal or very small business requirements, Windows Defender and SmartScreen can be an excellent option for standard protection in a Windows environment not requiring advanced protection (or where investment of time and money is limited). It is by no means the best protection available, but customized and used correctly, it can cover quite a bit of low-hanging fruit scenarios.
For small & medium business with average needs, products like Microsoft 365 Defender for Endpoint or VMWare’s Carbon Black can meet most if not all requirements.
For enterprise or more advanced needs, the big names are Sentinel One and CrowdStrike’s Falcon platform for good reason. Both provide excellent capabilities in protection, configuration, and reporting. It comes down to your exact needs and budget, as CrowdStrike is considerably more expensive for a similar capability set (and may not allow direct sales for fewer than a few hundred endpoints), but exclusive features may tip the scales for you. On top of the standard protections we expect in the modern enterprise environment such as active process monitoring and execution prevention powered by heuristic analysis and machine learning, both platforms detail full process execution history, user authentication logs, removable data write events, granular custom rule and grouping options, and more on supported Windows, macOS, and Linux platforms. My professional experience with CrowdStrike also attests to their capable human incidence response team who will contact you within minutes of a potential compromise with meaningful follow-up. (Yes, this is still my opinion in a world after the CF 291 incident, something I dealt with in my organization at the time. You get to mess up that bad exactly once by considering it an extremely expensive lesson.)
VPN
Personal
A touchy topic to be sure, being in a sea of options who seem to guarantee protections until tested to any extent, whether by individual user, security expert, or authority.
Prime features to look for are sufficient data transfer rates and caps for your scenario and no logging of your user activities. Many claim the latter and are, years later, caught logging (sometimes knowingly and sometimes through genuine misconfiguration). Some providers are required by law to retain such logs.
Always do your due diligence, as this listing may not be consistently updated.
At the time of writing, my preference for a personal VPN solution is FastVPN under Namecheap. Unlimited bandwidth, very affordable pricing, several servers across several regions to choose from, and no logging (or at least, no logging that’s been discovered).
Enterprise
I freely admit enterprise networking is not my strongest skillset. There is also no shortage of available enterprise VPN solutions, many of which will be unusable after considering their technical options compared against your existing environment. Those listed here may well fall into that category for different environments and needs.
Several large contenders exist due to their existing enterprise networking options with VPN easily available on the same platform, but more dedicated options are available.
- Cisco’s Meraki VPN documentation or dedicated AnyConnect options
- SonicWall with its several VPN clients
- Palo Alto Networks’ GlobalProtect solution
- OpenVPN is more streamlined and quite affordable, but in my personal experience, their support can be exceptionally lackluster with deeper questions and issues
Reading & reference
Books
Before any particular books, it’s important to recognize The Cybersecurity Canon. This a collection of books maintained by Ohio State University for security practitioners and learners everywhere, from entry-level to highly technical topics. Absolutely check it out.
The Phoenix Project
by Gene Kim
Read it, learn it, love it.
This is a fantastic look at a large company well on its way through a downward spiral soon to close business. The IT side of the business suddenly has its 2 top-level managers dismissed. A manager is reluctantly promoted to VP from within and must contend with the extreme disarray with a deadline of just a few months to turn things around.
Big realizations include IT not being just another business unit able to silo itself with minimal repercussion, but being tangled up and interwoven with all other aspects of the business. A major theme is organizing types of work to maximize throughput in the face of doubting the feasibility. Failure on these fronts can (and often does) cause incredible pains and bad business outcomes in the real world. I found myself frustrated for the main character Bill and relating way too closely and too easily to the stresses, obstacles, and differing interests in office politics throughout. Despite originally being published in early 2013, the lessons hold quite well still today.
My review of The Phoenix Project is not without critique. Sure, there are a few typos and characters are generally one-dimensional, but I’m far less concerned with composition than takeaway content. The setting and characters implied that all the employees at the company were competent at their technical work and very motivated to get it done, working long hours and weekends with minimal mention of outside pressures. Absent were family emergencies, incompetence, laziness, and departures (with one exception not relevant to my concerns). I also quite disliked the wise sage character several times throughout with his highly dismissive and needlessly combative dialogue. Easily the worst was a particular scene sharing personal stories of the employees during an activity which much of HR would have a field day blocking. However, I believe the principles and strategies on display are extremely valuable.
I recommend both the text and audiobook versions.
Project Zero Trust
by George Finney
Project Zero Trust follows a fictional large company in need of improving IT, but with a focus on information security. The main character starts work the day of a ransomware attack that would ultimately pivot his role at the company from what he signed up for to a new one focused on managing and improving information security, primarily implementing zero trust network architecture. The book emphasizes zero trust as a strategy to be implemented at the top of the business involving IT, Security Operations, Development, HR, Finance, Legal, and other business units.
Like many, prior to this book I saw the phrase “zero trust” as pure marketing jargon with no concrete definition, entirely unaware that the plans for it went back years to John Kindervag (and to at least 1994 prior with its precursor, de-perimeterization). However, the content is not limited to pure zero trust. Strategies such as tabletop simulations, regulatory requirements, considerations of legacy systems, resource constraints, and others appear throughout. The pride & joy of this book, in my opinion, is the “Key Takeaways” section at the end of each chapter, which I now regularly reference.
Project Zero Trust trades some of its approachability for a more concise length (just over 200 pages/about 8 hours of audio) and use of industry terms throughout. While this may dissuade newer or less technical practitioners, I would estimate that most people with about two years of at least somewhat technical experience in any area of IT should get along without much issue. Similar to The Phoenix Project, the story loses some realism in its depiction of all employees at the company being, competent, diligent, and without complication (such as a personal emergency or sudden departure) in their roles. Characters are also more thin.
While I recommend the text version, the audiobook is phenomenal. Daniel Thomas May absolutely knocks it out the park, keeping consistent and unique voices for the laundry list of characters throughout, making them more real and relatable to your own experiences in the workplace.
Reference
| SS64 – CLI reference | https://ss64.com/ |
| Ultimate IT Security’s Windows Security Log Events search | https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/ |