So, as I wrote in my first blog-entry, this next one would be about a challenge I got... Though I haven't overcome this challenge yet, I still want to share a bit about it, since it influence what it is that I do as a SE.
As a SE (Security Engineer), I believe that the most important thing, in my daily work, is the ability to tell customers about what Check Point can to to help them secure their infrastructure etc. In that lays the ability to translate the high-technical stuff, to a level where everybody can follow and understand, what it is and why it is important to take it into consideration when they look to secure their environment.
But I guess that the more you get used to something, the more you talk about a Technic or a product, the more you lean to thing that it's every-mans knowledge which shows in the way you present and talk about IT-security etc. Maybe that's what had happen to me, I don't know... the fact is that I was challenged, even challenged on the one thing that I take the most pride in getting right - so I take it very serious!
I was challenged during a meeting where I did a presentation of a Security Checkup. In case you guys don't know what that is, I'll start with that...
A Security Checkup is a "service" that Check Point offer to any klient, that would like to learn a bit more about what's going on on the network.
To give you an idea of what we look for during a checkup, I'll do a list showing the key things we look for:
- Downloads of known and unknown malware
- Access to high-risk web applications
- Malware-infected computers
- Exploited vulnerabilities and attacks
- Data leakage incidents
All in all, what we do, is that we put a Check Point gateway on a SPAN port, which monitors the client network access to and from the internet. We send the traffic through all of our security features and show the findings in a nice report.
An example of the summary in such a report:
So why is this a good tool...
- Immediate awareness to security risks the organization is exposed to
- Single easy-to-read report that includes all security threats
- Include recommended remediation steps
- No risk to the network environment (Mirror Port used)
- The service is free of charge
Need say more?
The checkup can be done by a local Check Point rep. or a partner. Both new and existing customer can get a Security Checkup!
If interested, sign up and learn more on this page:
If already a customer, there's a couple of ways to do the above... if you want to hear more, don't hesitate to contact me and I'll give the introduction and make sure you're guided to the correct people within Check Point.
If you'd like to do a "checkup" yourself, you could try running another nice little tool we've got called "CheckMe".
CheckMe runs a series of simulations that test if your existing security technologies can block standard and advanced attacks.
Try it here:
So now you know a bit about that
Let's go back to the meeting... I was almost through the presentation of a report, generated during a Security Checkup, when the COO looks at me and say; "Niels, I don't understand what it is that you're showing and telling me...?".
This, of course, took me a bit out of focus... Luckily he went on an explained his comment, which gave me some time to regain my focus and continue with the presentation. Though the comment, I had no other way to present the report - the report is what it is - so had to just continue. This was the beginning of the challenge... at the end of the meeting he stood up and said that if we (I) where to change anything... it would be the way we present, it had to be in terms and context that makes sense to the business.
This means I have to tell it another way, so that everyone understands what it is I'm saying and why it's important, to the company, the things that I'm showing. So that's the challenge...
I've decided not to think about the other 40 checkups I've done and afterwards the presentation... did any of them sit back and had the same feeling; what did he just tell me?
So I'm grateful for his comment - else I'd continued doing it as always!
Maybe this was not a lot about the challenge itself... but hey, that's not where the hard work lies... the hard work lies in the efforts I have to do to overcome the challenge. I've already startet... this blog is one of the steps.