Hello Hak5 enthusiasts-
I'll start with the question and end with more information about myself.
I just recently accepted a new job as an IT Security Analyst. The job is somewhat entry level, but I am being asked some high-level questions and for the most part, I am getting through them with just a little bit of research. So, my question is, what do I do first? Is there a list of "Must haves" that anyone has that can help point me in the right direction for locking down my business?
About myself and the company. I have Security+ certification through COMPTIA (the lifetime cert back I got back in 2010). I am currently enrolled in University of Phoenix and taking the Information System Security bachelors degree. My knowledge/skill level could be considered Entry to Intermediate. I am a 25U in the US Army and I work side by side with out network admins, but my network skills are most definitely entry level. I have no problem learning new things related to IT, I learn very fast, but I feel like I am a bit lost and overwhelmed.
My company has about 450 users, we are using cloud based services along with our own local physical servers/firewalls. We use Barracuda and we have had some issues, but for the most part it works pretty well. I've already created an AUP (Acceptable User Policy), SRP (Security Response Plan), BCP/DR (Business Continuity Plan and Data Recovery Plan), Removable Media Policy, Password Requirement Policy, and I just finished our TT&E guide which I referenced NIST 800-84 for a lot. Oh.. and I am the ONLY Security guy. I work closely with our Sr. IT Analyst as he is our "network" guy and we also have an SCCM guy that builds our images and pushes updates.
I would really appreciate any input you guys have to help me secure my network.
-L
