What Cyber Security Certification Do We Need?

Updated 15 January, 2019 That is the question (or something very similar) that I invariably get after presenting the results of a security engagement where the seemingly obvious were exploited.  These are the kinds of exploits that lead to administrator-level access to systems in hours (or even minutes), and that could expose sensitive organizational data … Continued

A Head in the Sand Approach Leaves Many Networks Vulnerable

Many responsible for networks security take a “Head in the Sand” approach to ‘Cybersecurity Risk Assessments’! Following a previous information security breach, I was speaking with an industry colleague who shared with me that he had been in discussions with the victim organization regarding a technology that would allow them to identify and address vulnerabilities … Continued

Social Engineering: Hacking the Human Brain

How do you hack a network with every modern safeguard and tool in place and a seasoned team of veteran professionals at the helm of your IT department? Surprisingly enough it doesn’t take that much. After all, who needs to be an all-star hacker looking for a small crack to wiggle through if they can … Continued

The Equifax Hack – A Huge Deal

Important Updates 9/13/17  – Since the last posting it was discovered that Equifax had the default login credentials of “admin” for user and password on an Argentina server which exposed the personal information of 14,000 employees. 9/14/17  – The actual exploit that disclosed the 143 million US credit records was CVE-2017-5638. It was announced/released March … Continued

Cybersecurity Cultures Aren’t Built in a Day

Do your users look at every link in every email with suspicion – even if it appears to come from an internal email address?  Do they look at each social media link as a potential danger to the well being of their friends and family? Or do they think it’s crazy they can’t share the … Continued