20 YEARS OF EXPERIENCE IN ITS SECURITY AUDITS
I was going to try to put together some chores about things that I learned after almost 20 years of experience in technical cyber security audits from my time in, among other things. FRA, the Swedish Armed Forces and now as self-employed. The older I get, the more time I spend reflecting on and drawing conclusions on an overall and broader level. It may not sound like important, but trying to estimate and prioritize the time you have allocated for the assignment is important. Not to spend too much time on things that can lead to a dead end. Calculate time Let the tools work for you and automate as much as you can, and in this way you can focus on things that require manual work, such as understanding an underlying logic in a system or software. However, do not rely solely on automated tools but always verify and double check the results. Communication Establishing a good deliverable such as documentation (report) and being able to communicate this deliverable to