I recently had someone contact me claiming he needed to validate my CISSP certification for a client of mine via the (ISC)² verification page. Apparently, this validation was needed for an audit he was doing. He said the Credly badge (ISC)² offers that I have on my website was not good enough without him having to perform a "risk assessment" on that company. 🙄 I wasn't comfortable giving out my ...
Continue Reading...Not long ago, I performed what I call a security operations review where I asked various questions about how IT and security are managed within an organization I was working with. One of the topics was on patching and vulnerability management. I got a lot of good information, including specific details on how Windows, macOS, and even third-party patches are taken care of. Everything sounded great and I expected to ...
Continue Reading...Macs are secure! Right...? They don't really need to be tested...including them in an overall vulnerability management program is likely overkill. It's an age-old philosophy coming from those who need some enlightenment...perhaps get caught up on their reading. The next time someone tells you that macOS is secure, respectfully push back and ask: How do you know? Here's a screenshot of the Tenable.io findings from just one scan of a ...
Continue Reading...Something I found about not long ago is that Veracode is now offering a 114 day free trial of their Security Labs Enterprise appsec training program. Given the importance of application security and, especially, the big application security challenges I'm seeing in my work, this could be something beneficial for you and your team. Here's the link: https://info.veracode.com/security-labs-free-trial.html Hope this helps!...
Continue Reading...I recently upgraded my Spec Miata race car to a newer (1999) model. I decided that life was too short to have to drive my older (1990) Spec Miata 100+ percent all the time just to keep up with my competitors who were not having to work as hard. Although my car was really nice with its blue and orange Gulf Oil livery (pic below), it just wasn't me. So, ...
Continue Reading...I was speaking with a client recently about when their users receive phishing emails, they will typically yell to others across the room and down the hallway to be on the lookout. But, the days of everyone being in the office at the same time and users having that luxury are gone. At least for now... As we get back to our old normal (I refuse to refer to it ...
Continue Reading...With all the crazy incidents and breaches brought about by so many unfortunate "glitches" combined with how I continually harp on the importance of mastering the information security basics, I thought it'd be appropriate to re-post the content of an article I wrote for Computerworld back in 2002... This piece was the second article I ever wrote. Little did I know that, nearly two decades later, every single one of ...
Continue Reading...If you asked me what the one critical element is for maintaining a successful career in IT, I’d say networking. No, I’m not talking about the Ethernet, layer 3 switch, and VLAN type of networking. Rather, I’m referring to staying in touch with existing colleagues and attending networking events (presentations, seminars, conferences, etc.) with the intent of meeting new people who can, ultimately, help you accomplish your career goals. The ...
Continue Reading...Here on my blog, I normally post about information security...often with a sprinkling of psychology and the political nonsense of the world and how they impact security in business. Now, though, I want to share what I believe is a great read on this "Great Reset" that's going on in society right now. I can't share it on social media - Big Tech likes to block stuff like this for ...
Continue Reading...You've likely heard the news about security cameras being vulnerable to exploits like what was covered in this piece: https://threatpost.com/breach-verkada-security-camera-tesla-cloudflare/164635/ I feel like I'm always talking in circles when it comes to security...stop repeating history, focus on the basics, do what you know needs to be done...It's especially true for vulnerabilities in network security cameras. A little over nine years ago I wrote about this problem with cameras that I ...
Continue Reading...