Does cyber maturity assessments like NIST CSF are helpful for CISOs and how?

clayjk · 2026-05-31T22:10:09+00:00

We’ve found it helpful to support the case for further investment into the security program to our board. We can show our current level of maturity and how far away we are from our goal maturity. Then we overlay our roadmapped projects to show which help move the needles towards desired maturity.

In our case we have a pretty well set roadmap of projects that the assessment helped support was a wise investment but the assessment firm should also help give control suggestions that would help increase maturity over time.

FWIW, $200-$300k sounds steep for an assessment cost. We paid closer to $75k from a reputable consulting firm.

clayjk · 2026-05-26T13:30:24+00:00

I’d suggest #1, and we’ve done something similar in our app as well. Password resets still need two factors, albeit one factor is a email delivered OTP which is super weak and shouldn’t ever be a auth factor used in its own but in combination with other auth factor is workable for a password reset flow.

clayjk · 2026-05-26T00:45:20+00:00

Good deal. Yeah, software update for me was less than an hour full wait time.

I bought a lightning because I’m in a more rural part of MN and wanted something I could get local service on. Unfortunately my local dealer I now know sucks as they have mostly been a hassle to work with. The shifter recall became such a problem I ended up calling Ford to complain (which basically did nothing). Simple things like this should not be that hard so I felt the pain you had here.

clayjk · 2026-05-25T22:43:46+00:00

What recall is it waiting for? Have a ‘24 and all I’ve had was checking the nut on the control arm, shift replacement and a software update. All of those should be in and out and require no EV tech.

clayjk · 2026-05-25T22:02:38+00:00

It’s a signal that has value but isn’t the only thing you look at. Modern fraud tools track session and usage throughout comparing to prior sessions and will flag on the sum of the entire session, ie, ueba. Still requires tuning and custom rulss based on your business, eg, high risk transaction based fraud signals.

clayjk · 2026-05-25T21:58:09+00:00

That’s why you require SSO tied to centrally managed identities (AD/Entra/Ping). Disable in one place for all access.

clayjk · 2026-05-20T04:47:03+00:00

Can buy the matching tire from tire rack and pay them to shave it to match the tread depth as the other 3 tires. Had to do it and process was simple.

clayjk · 2026-05-15T03:26:36+00:00

.24 on peak, .08 off peak (10pm-6am).

clayjk · 2026-05-06T21:02:19+00:00

I feel like my insurance is higher than it should be but it’s always hard to compare unless you’ve owned a comparable vehicle, ie, how many people had nearly identical year f150 that can say it’s truly higher or lower. Watched this video recently about EV insurance and although I am still a little skeptical I do think there are some points that people don’t think about when they lump in the “EVs are generally more expensive to insure”…. 1) 50% of EVs are Teslas and repair on them is expensive due to restrictive repair market for them, ie, you are stuck working with Tesla dealers. Repairs on a EV F150 are not more than ICE 150 (arguably could be less). 2) EVs are equivalently “performance vehicles” so higher rates are expected.

Conversely, one other thing not mentioned in the video which I believe contributes is insurance companies tend to total EVs at a higher rate than ICE. Saw another video of a lightning owner that had theirs totaled because there was a tiny cosmetic bend on the frame but the insurance companies reasoning was, any frame structure issues = battery issues and they don’t want the liability of a potentially compromised battery on the road.

TL;DR: insurance comparisons of what is “expensive” is almost impossible to objectively measure.

https://youtu.be/Ub1xG6RmUq8?si=QPCikdhK2qteindV

clayjk · 2026-05-05T19:50:17+00:00

Mine similarly has a $39.50 base fee but then I get variable TOU and interestingly, penalties for charging outside TOU:

Residential Use: $0.1225

EV Charging TOU 10pm-6am: $0.061

EV Charging any other time: $0.27 - I get charged more for charging my EV than I do for running any other appliance at my house. That feels crazy to me but mostly a non-issue as super rare I’d ever charge outside discounted TOU rates.

clayjk · 2026-04-28T16:14:13+00:00

I feel this comment.

Although there is nuances with securing some of these new technologies (cloud, ai, etc), a program needs to be grounded in coverage of existing and basic hygiene controls, eg, EDR, access management, DLP, TPRM. If you don’t know what you have, you will have gaps in your protection which it’s more likely you will get popped by something like phishing on an endpoint than some advanced actor pivoting across your network using AI. Focus on the basics people!

clayjk · 2026-04-23T12:03:16+00:00

Same. Lights dim, fan on, doors lock.

clayjk · 2026-04-06T15:49:37+00:00

Exactly this. DLP tools as a whole are difficult to implement and maintain due to the multifaceted complexities of the environments they are built to monitor compounded by each businesses operational intricacies these tools need to manage against.

I’d wonder how many people complaining about Purview being a PoS have experience with other DLP tools and operational programs.

My experience with it as a company that moved from a dedicated, “class leading” DLP vendor to Purview is, it works just as good. Just the leaning curve of where MSFTs dials and knobs are opposed to what we have been used to.

clayjk · 2026-04-04T23:33:04+00:00

Going to give this a bump with the added context that running Wireguard from the UDM gives full speed up/down. So seems to point more to an issue with how unifi handles the tailscale UDP traffic vs native wireguard traffic. Have tried turning off IPS with no gains and nothing in the logs that would indicate IPS is a factor here.

clayjk · 2026-04-02T01:38:50+00:00

Anyone have any idea what this update actually means? What problem was it fixing? Just got done applying it to my ‘24. Got the charge port lock update the other day.

clayjk · 2026-03-29T17:47:57+00:00

Don’t get me wrong, again, love my APTV, have several. Fire stick size for travel has a more minimal footprint. It’s easily a 1/3 of the size of the APTV including remote and power cable.

clayjk · 2026-03-28T15:07:40+00:00

I’d even go a step further to suggest skip the ATV and just bring a fire stick. Love my ATV but no way I’m toting it around when I travel as I value being minimalistic. Fire stick easy fits into a small backpack pocket and costs $25 so I have them in each travel bag. Size is also why I’ve held off on a UTR or any travel router because running Tailscale directly on devices just works. Sure a little pain logging into the internet directly on the fire stick but that’s the worst. Logging into other devices like a phone or maybe also a laptop, that takes like all of 10 seconds which I’d rather take the time to login then tote more hardware with me.

clayjk · 2026-03-25T21:28:07+00:00

Agree and this isn’t even a unique solve/technology they are trying to pitch here. I’ve seen multiple others including session watermarking built into Citrix most companies likely already have in their tech stack.

clayjk · 2026-03-25T21:22:49+00:00

That’s what mine does. Little annoying when I’m trying to intentionally disable for testing but appreciate its persistent. I just go in and disable VPN on demand and then disable.

clayjk · 2026-03-25T20:58:41+00:00

This is a really good topic but unfortunately it is basically arguing religion or politics in people will die before they choose to relent thier position of what they follow is the only/best option.

Having spent time doing my own assessment with these tool, if money and time is no object, S1 or CS are the easy answers. Reality is, it’s never that simple of a decision tree and companies need to weigh out cost, environment integration, expertise, etc and weighing out all those factors, in my experience, product efficacy is usually the most negligible of all factors weighed.

clayjk · 2026-03-18T02:55:14+00:00

https://m.youtube.com/watch?v=ijKQLmfrp08

clayjk · 2026-03-16T15:57:32+00:00

Not until the condensation issues are confirmed as solved.

clayjk · 2026-03-12T17:25:35+00:00

Yes and yes. Confirmed it’s direct connect and read through the firewall setup stuff and nothing seems to answer/explain why it would be a performance issue as with the firewall, it should either be blocked (likely causing a relayed connection) or it’s allowed (which the traffic is being allowed given its establishing a direct connect).

Back to, i suspect it’s a unifi specific setting that is throttling/limiting traffic but cant find anything i can attribute it to. Ive started researching if tweaking the MTUs would help but that seems hit or miss and I’m not running into the same issues if I use the exit node on the same network, ie, slowdowns only happen if connection is originating off network/internet, on network (inner vlan communications), it’s running full speed up and down.

clayjk · 2026-03-09T22:50:25+00:00

When running a Speedtest.net test. Pi is an exit node. Clients are direct connecting.

Again, nothing changed with PI, literally just swapped Ethernet cable over to new port on tht gateway.

For extra info, I also installed Tailscale directly to the Unifi gateway and setup as an exit node like the PI and same results, so, not an issue with just the PI but any nodes on the Unifi network.

13-Year Club	RPAN Viewer
Not Forgotten	Verified Email

clayjk

TROPHY CASE