Articles about Cybersecurity and Information Technology
The data management side of GRC is not a hard problem to solve. This is why, for many small companies, an Excel spreadsheet is the tool-of-choice. But, as Security professionals know (or quickly find out), Excel GRC still comes with a bunch of downsides (e.g. Task...
"SBOM"—or "software bill of materials"—is one of the hottest new buzzwords in cybersecurity today, and for good reason. Each day brings new headlines about the latest supply chain attack, followed by a slew of security pundits with various ideas about how to protect...
Every day we’re inundated with news reports about the latest high-profile hack or malware outbreak. We hear how companies get shut down or have to pay large sums of money just to get their own data back. We read these articles like thriller novels — eager to hear how...
Many years ago, while working in an Army lab, I had the need for classification backgrounds. I thought I had seen them somewhere, but no one was able to point me to them when I needed them. Years later I learned that my backgrounds had been used in labs everywhere!...
Many years ago I created an Acceptable Use Policy (AUP) template that was intended for use by my small business clients. I wanted a policy that was short, understandable, and written to be read (not just for compliance). Over the years, I've seen pieces of this policy...
IT and Security are both high-growth industries. It's easy to understand that times change, technologies change, and vendors change. It inevitable, and a certain degree of change is always expected. As IT and Security professionals, we expect that continuous education...
Nearly a decade ago I was approached by a defense colleague with this crazy idea of creating a high school cybersecurity summer camp program. We knew it would be a lot of work, but we also knew there was a very real need in our industry: we just don't have enough...
The occurrence of data breaches has been on a continual rise over the past 18-24 months. Some of this is arguably due to increased reporting, but what about the rest? How do some of the largest companies in the world manage to get breached by so-called “advanced”...
Stanford recently published a new security policy allowing their users to choose length over complexity. Password complexity has always been the go-to answer for creating secure passwords. Of late, there has been a big push to change that; and for good...
My second presentation at BSides Orlando 2014 was on Open Source Enterprise security solutions. The idea was to present a number of tools to help the struggling small business meet enterprise security objectives. It’s easy to forget that many (most?)...