person in black long sleeve shirt using macbook pro
Photo by Towfiqu barbhuiya

Take the BAIT?

I’m starting something new on my frivolous blog!

I had the fortunate opportunity to create ‘breach impact assessment reports’ in one of my past roles. I really enjoyed creating these!

I would gather as much information about publicly disclosed breaches that happened at organizations similar to ours (or close enough) and would create a single page debrief on what happened. The ultimate goal was to learn from these unfortunate events and map our own security posture against the disclosed breach. This would allow us to better understand our strengths, weaknesses, opportunities, and threats. Yup, essentially a SWOT analysis.

The out of this would be 1/ recommendations of what needs to be done to fill any gaps, 2/ a preemptive narrative on how we would respond to a similar incident, and 3/ package any threat intelligence to help create preventive controls.

As breaches at organizations around the world continue to happen (what seems like daily), I find myself going through all details of such disclosures. I’ll often think about what could have been done to prevent the breach altogether and/or what detective controls could have been in place to stopped the incident as early in the killchain as possible. Essentially I’m doing a breach impact assessment for my own education and the simple fact I geek out for things like this.

Image 1: Killchain graphic | source:

So, what I’m a newly starting? I’m calling it BAIT: Breach Analysis & Intelligence Transcript.

I’ll select breaches and incidents that have significant impacts (or personal interests) and collect various resources around the web to combine them into a BAIT report.

Since this new, I’ll start start with the below structure for these types of posts.

I. Executive Summary
II. Who/What/When/Where/Why
III. Flow of Attack
IV. Red/Blue Team Perspective
V. Call to Action

Stay tuned! First BAIT entry is in the works!

Leave a reply

Your email address will not be published. Required fields are marked *