• 01 Jul 2021

    People talking used to be a phishing defense…what can you do now?

    I was speaking with a client recently about when their users receive phishing emails, they will typically yell to others across the room and down the hallway to be on the lookout. But, the days of everyone being in the office at the same time and users having that luxury are gone. At least for now... As we get back to our old normal (I refuse to refer to it ...

    Continue Reading...
  • 20 Jun 2021

    The 21 Best Ways to Lose Your Information, revisited

    With all the crazy incidents and breaches brought about by so many unfortunate "glitches" combined with how I continually harp on the importance of mastering the information security basics, I thought it'd be appropriate to re-post the content of an article I wrote for Computerworld back in 2002... This piece was the second article I ever wrote. Little did I know that, nearly two decades later, every single one of ...

    Continue Reading...
  • 03 Jun 2021

    How to network to boost your IT career

    If you asked me what the one critical element is for maintaining a successful career in IT, I’d say networking. No, I’m not talking about the Ethernet, layer 3 switch, and VLAN type of networking. Rather, I’m referring to staying in touch with existing colleagues and attending networking events (presentations, seminars, conferences, etc.) with the intent of meeting new people who can, ultimately, help you accomplish your career goals. The ...

    Continue Reading...
  • 11 May 2021

    A great read on the Great Reset

    Here on my blog, I normally post about information security...often with a sprinkling of psychology and the political nonsense of the world and how they impact security in business. Now, though, I want to share what I believe is a great read on this "Great Reset" that's going on in society right now. I can't share it on social media - Big Tech likes to block stuff like this for ...

    Continue Reading...
  • 30 Apr 2021

    Networked IP cameras as vulnerable as ever…no excuses these days.

    You've likely heard the news about security cameras being vulnerable to exploits like what was covered in this piece: https://threatpost.com/breach-verkada-security-camera-tesla-cloudflare/164635/ I feel like I'm always talking in circles when it comes to security...stop repeating history, focus on the basics, do what you know needs to be done...It's especially true for vulnerabilities in network security cameras. A little over nine years ago I wrote about this problem with cameras that I ...

    Continue Reading...
  • 24 Mar 2021

    If you mastered nothing else but this one thing, you’d be ahead of the security curve

    In my virtual CISO consulting engagements and vulnerability and penetration testing, the process of patch management ALWAYS comes up for discussion. Given the threats, the vulnerabilities, and the risks – everything that's at stake – I cannot think of any single aspect of a well-functioning information security program that's more important than patch management. It's one of a few things in security that you CAN control! The absolute last thing you ...

    Continue Reading...
  • 10 Feb 2021

    Review of Corporate Directors’ & Officers’ Legal Duties for Information Security and Privacy: A Turn-Key Compliance Audit Process

    One of the great tragedies impacting businesses today is the disconnection between executive leadership and the information security function. The general assumption has long been that technical staff have everything under control and, therefore, management doesn't need to get all that involved in IT security and compliance related initiatives. I first noticed this situation in the late 1990s working on information security security projects with clients. Shortly thereafter, I wrote ...

    Continue Reading...
  • 04 Nov 2020

    Stanley Roberts – catching people misbehaving digitally too

    A few weeks ago, I promised my friend, Stanley Roberts (a well-known journalist who uses video to capture people doing dumb things) that I would post about a Facebook scam that he recently encountered. And then life got in the way...but here it is. Given the tie-in with what I do in my work, I thought it would be a good opportunity to share his example of how so many ...

    Continue Reading...
  • 13 Aug 2020

    TikTok app privacy. Is it really a big deal?

    I was recently interviewed for a news segment about privacy concerns over TikTok...is it a problem? What makes it different from typical social media data collection? First off, I'm still trying to figure out more about the story behind TikTok bypassing Android's controls and accessing MAC addresses....and why Google didn't do anything about it and, really, why that exploit is available in the first place...That could be a big deal. ...

    Continue Reading...
  • 03 Jul 2020

    The miracle of COVID-19 testing: more tests= more cases. (It works for security too!)

    I'm no jet fuel genius. Nor am I a statistician. I'm certainly no epidemiologist. I don't even consider myself to be one of the smartest people in my own field. But I do know enough to realize that when a problem exists (even if it's yet to be acknowledged), once it's sought after, it will be uncovered. And once it uncovered, does this newfound knowledge actually change anything? Not necessarily. ...

    Continue Reading...