Protection Of The Castle Starts With Cyber

Whether you are the president of a SOF Contracting firm to an Elite Executive Protection Operation the coup de grace of today are the SheepDogs gone bad. This is nothing Ive read in a book, your hearing it from the Jackal, to Lone Wolf, to Jaded Sheepdog Ive been it all, most of us have in one aspect or another. Relatively young and full of emotions with a know how coupled with a penchant to outmaneuvering an advisory makes for a unique mold to cause any institution, CEO, or Outfit a significant amount of damage.

First, lets not get off on the wrong foot, I nor my boutique outfit represent the big bad wolf. We do however play in the terrain where they do, daily, everyday, and we are hired from time to time to find them for high net worth individuals, government contractors and civilian institutions. Or to be more accurate, hired to identify ways a sneaky wolf would exploit them, yeah thats better. {i can hear my lawyers red pin cap coming off }

One of the most startling observations Ive gleaned from my career is the “gonna be blunt here”, sheer amount of invincibility that security companies think they have. While quite logical in the security economy to have a bit of bravado on the battlefield or in the operation landscape, the “castles” or “HQ” of these institutions aren’t nearly as protected as they portray themselves to be online. Now before one of you 6’5 snake eating ninjas get all emo n/ ago and think it suitable to spew a retort or forge a professional vendetta against my firm first understand that fire burns, and there are no nails over here for your antiquated hammers, AND we are on your side.

Figure this, there are 4π steradians in a sphere, and most of the outfits Ive worked with or in tandem with down range are masters of their 75% of their tactical sphere domain. Best of Breed for everything you can fathom, shooters, force protectors, operators, or otherwise some of the baddest nail eating, meta humans on the planet.

The other %25 percent that is defined below, are completely forgotten or just not thought about. Why? Well Counter Social Engineering Acting Training, or conducting a warm audit of a companies reputation management position is not as cool as running snatch drills or acrobating the range for that super tactical Zero Dark Thirty operation that all the movies and Call of Duty semantics display in your social media programming. This in lays the problem, because its not cool or in more professional terms, because its not a core competency for your organization some believe its not important. How far from the truth that is…..Enter the Jackall who looks nothing like you, knows a gun fight with you and your team is a suicide mission, but you left your door wide open. Your passwords are simple to exploit, they are federated across all your tech, your corporate network is the doing of a cousin of a friend from one of the “teams” and or a local IT Consulting company that has NO CLUE what the importance of your Castle really is, and you have no way to check it. You’ve been nicked and cut by every IT contractor you’ve met and think they all are just blood sucking vampires, because, truth is thats the reputation they made for themselves in the last 12 years. I digress.

For those who understand the following phrase understand the silence after the period. Intel, drives ops. Not the other way around….. both are equally important, one is the capitol letter one is the period, the Alpha and Omega of a complete successful mission.

So, if your intelligence, your secrets, your castles blueprints

• Internal Networks Security
• Employee Onboarding Procedures
• Communication and Telecommunication Plan
• Corporate Intelligence and Intellectual Property
• Hidden Material Risks from a Regulatory Compliance Perspective
• Information Security Plan & Implementation

Are as put together as say, a coked out chinchillas nest, you may have a problem. Force Protection, or Counter Intelligence Briefings and OSPEC or Operational Security training is not even close to the edge of what is needed to protect the base of your operation.

How do I know this, because I watch, I study, Ive spent most of my life observing weaknesses. There is nothing under the Sun that cannot be exploited, flipped, turned inside out. For one, the human element is the biggest weakness due to #EGO and other factor. The below scenarios and examples should help materialize the contract of the message we are trying to convey.

Jokes aside, the #TRUTH remains the same, read on.

TOᗪᗩY, ᗯE ᗩᖇE TᗩᒪKIᑎG ᑭOᔕT TEᖇᗰIᑎᗩTIOᑎ ᗩᑕTIOᑎᔕ. #ᑎOEGO #ᑎOᖴᖇIᒪᒪᔕ ᗩᑎᗪ YOᑌᖇ ᗷᑌᔕIᑎEᔕᔕ IᑎᔕᑌᖇᗩᑎᑕE ᑕOᗰᑭᗩᑎY ᗯIᒪᒪ ᑎOT ᕼᗩᐯE ᗩᑎYTᕼIᑎG TO ᔕᗩY ᗩᗷOᑌT TᕼIᔕ EITᕼEᖇ

1. Make sure you have a corporate policy for Employee Termination. “shooting from the hip” makes for a difficult battle with a savvy, Racial Discrimination play at the EEOC. “They treated me different because im a sexy black man, my awesome blackness is why they came to my desk with 4 armed security guards and escorted me to the door.No, well yes, I am a sexy black man, but the Termination Policy states that all Tactically Trained or Persons Working in a Combat Arms position are to have XYZ take place when termination occurs. Check with your legal counsel or call bits&digits if you want some LEGAL, Time Tested Termination Policies.
2. Time to inventory and Swap Keys: There is a specific reason in the classified areas of our wonderful United States Intelligence Community these control systems are used TPC or Two Person Control and TPI Two Person Integrity. One reason is, so that no one person can go in and steal safe secrets without another person “Colluding” with them. The other is for KEY CONTROL Maintenance, soon enough you will have an employee or operator or snake eater or whatever you guys like to be called barking up at Management asking for another person to help run inventory in the gun locker or whatever you dudes do. Helps for accountability as well. Trust me, this is not something Ive read in a book.
3. ₵Ⱨ₳₦₲Ɇ ₮ⱧɆ Đ₳₥₦ ₱₳₴₴₩ØⱤĐ₴: Only because Ive been working to get people to read my article about the 1.5 Billion passwords that Im going to OVER ILLUMINATE THIS ONE because its the most relevant. “But Jay, some of those passwords are old” We had a thing back on the rez, Superseded Crypto is the MOST VALUABLE of them All. Think Replay Attacks and Im going to leave it there. How many of you in your Active Directory or Samba environments force Password History requirements of about 25? You know what the average tumble of a password is 3, thats just basic human laziness. Its how “we roll” nice I know jajaja. So you give me a list of passwords of a user profile, Ill almost be able to guess their next password. And when you set passwords requirements, make sure they are complex. Im talking 12 Min, Special, Upper, lower. etcetera and etcetera.

There are a million other things you should do but quite frankly Im not a charity operation. I love you all, hope you get the above top three as they are VERY CRITICAL. Now I have to go get my Tai Chi on before my employees call me things other that Bad Black Panther Mofo, actually we all know I tell myself that in the mirror.

‍