Test your defenses

Should have mentioned this before but Red Canary and Atomic Red Team share test steps you can use to verify if your detection architecture works properly. Both for windows and linux. And of course they also cover cloud, e.g., for Azure. They publish, together most of the tests on GitHub for you to play with and some on their website, nice!

Security Compliance Chaos Made Simple?

Any way that makes security compliance easier is always welcome I think. Reporting on or even assessing compliance to more than one standard is common if you at least are a service provider; ISO, NIST, ISF SoGP, GDPR, PCI DSS, CSC etc.

ComplianceForge makes this at least slightly simpler with their immense guidelines and tools for mapping most common standards. Most is not free, however, some of their material is and it is a great start. Would also recommend CIS Securitys Compliance mapping.