If you’ve checked out my portfolio blog akylphillips.info you’ve read about my thoughts on the cybersecurity skills gap, and delivering cybersecurity services. Here is the short version: consumers have to trust their information security to the individual vendors that they have bought the products from. That’s bullshit and here is another option. (It’s my Substack; I’ll say bullshit if I want).

Now that we’ve set the tone let's get into the first challenge of this MSSP. A consumer model would have different devices that speak different languages. In this case, if the devices can’t be the same that the tools can be.

Here is the problem broken down a little bit more: Let’s say you are doing Windows event monitoring for a small clinic. What operating system are they using? That’s right; Window. Windows machines speak a common language amongst the types of events a security analyst would look for.

Follow the methodology of Spotting the Adversary from the NSA and call that a day. Simple infrastructure, simple solutions.

That is not realistic. It ignores the 29% of the market owned by Mac Os, and the 7% of Chromebooks. These devices do not speak the same language. I’m not the guy that prefers to learn 5 languages, I struggle with engrish, so instead, I am working with this:

Let’s teach our machines SQL (Structured Query Language) using OsQuery. Since all security analysts need to recognize SQL to detect injection attacks, and all of the SIEMs use SQL as a foundation for their languages this is a win. This now allows us to query various devices using the same language.

That solves the first challenge.