How to best approach starting secops in a small indie gamedev studio. We don’t even have a sysadmin, and our boss mostly also does most of our infra together with one of the programmers.
We would love to start setting up some basic security setup, ideally FOSS based, and while I work there as a programmer, I do have 5 years of experience working as pentester and doing red teamings, so I kind of have an idea about what we could have. But I never did anything from blue team side, and also worked for large corporations, so most of the tools and solutions I’ve encountered are waaay over the budged of 20 man indie gamedev studio.
How would I even start? Are there any frameworks that would help but arent aimed at large corporations? What of the buzzwords we even need? Do I start with hardening group policies, get rid of local admins, then set up some kind of log management/SIEM, then IDS? And it’s so hard to google for, because every blog post I found is just a disguised ad for a company that does Security as a Service. Why isn’t there some kind of easy 10 step program that would tell you “step 1. Harden configuration. Step 2. Install <one of many security tooling acronyms>.”
I vaguely know that most of the buzzwords that are thrown around have some dependencies, but what? Does IDS needs logs from SIEM, or is it the other way around? I’m obviously not qualified for this, but i dolid get time to research it, and some DIY attempts is definitely better than having no security in place at all. And, I know very well how to actually hack and test our security setup, so I can at least tell if something I’ve done is shit or useless :D
How to best approach starting secops in a small indie gamedev studio. We don’t even have a sysadmin, and our boss mostly also does most of our infra together with one of the programmers.
We would love to start setting up some basic security setup, ideally FOSS based, and while I work there as a programmer, I do have 5 years of experience working as pentester and doing red teamings, so I kind of have an idea about what we could have. But I never did anything from blue team side, and also worked for large corporations, so most of the tools and solutions I’ve encountered are waaay over the budged of 20 man indie gamedev studio.
How would I even start? Are there any frameworks that would help but arent aimed at large corporations? What of the buzzwords we even need? Do I start with hardening group policies, get rid of local admins, then set up some kind of log management/SIEM, then IDS? And it’s so hard to google for, because every blog post I found is just a disguised ad for a company that does Security as a Service. Why isn’t there some kind of easy 10 step program that would tell you “step 1. Harden configuration. Step 2. Install <one of many security tooling acronyms>.”
I vaguely know that most of the buzzwords that are thrown around have some dependencies, but what? Does IDS needs logs from SIEM, or is it the other way around? I’m obviously not qualified for this, but i dolid get time to research it, and some DIY attempts is definitely better than having no security in place at all. And, I know very well how to actually hack and test our security setup, so I can at least tell if something I’ve done is shit or useless :D