With all the crazy incidents and breaches brought about by so many unfortunate "glitches" combined with how I continually harp on the importance of mastering the information security basics, I thought it'd be appropriate to re-post the content of an article I wrote for Computerworld back in 2002... This piece was the second article I ever wrote. Little did I know that, nearly two decades later, every single one of ...
Continue Reading...If you asked me what the one critical element is for maintaining a successful career in IT, I’d say networking. No, I’m not talking about the Ethernet, layer 3 switch, and VLAN type of networking. Rather, I’m referring to staying in touch with existing colleagues and attending networking events (presentations, seminars, conferences, etc.) with the intent of meeting new people who can, ultimately, help you accomplish your career goals. The ...
Continue Reading...Here on my blog, I normally post about information security...often with a sprinkling of psychology and the political nonsense of the world and how they impact security in business. Now, though, I want to share what I believe is a great read on this "Great Reset" that's going on in society right now. I can't share it on social media - Big Tech likes to block stuff like this for ...
Continue Reading...You've likely heard the news about security cameras being vulnerable to exploits like what was covered in this piece: https://threatpost.com/breach-verkada-security-camera-tesla-cloudflare/164635/ I feel like I'm always talking in circles when it comes to security...stop repeating history, focus on the basics, do what you know needs to be done...It's especially true for vulnerabilities in network security cameras. A little over nine years ago I wrote about this problem with cameras that I ...
Continue Reading...In my virtual CISO consulting engagements and vulnerability and penetration testing, the process of patch management ALWAYS comes up for discussion. Given the threats, the vulnerabilities, and the risks – everything that's at stake – I cannot think of any single aspect of a well-functioning information security program that's more important than patch management. It's one of a few things in security that you CAN control! The absolute last thing you ...
Continue Reading...One of the great tragedies impacting businesses today is the disconnection between executive leadership and the information security function. The general assumption has long been that technical staff have everything under control and, therefore, management doesn't need to get all that involved in IT security and compliance related initiatives. I first noticed this situation in the late 1990s working on information security security projects with clients. Shortly thereafter, I wrote ...
Continue Reading...A few weeks ago, I promised my friend, Stanley Roberts (a well-known journalist who uses video to capture people doing dumb things) that I would post about a Facebook scam that he recently encountered. And then life got in the way...but here it is. Given the tie-in with what I do in my work, I thought it would be a good opportunity to share his example of how so many ...
Continue Reading...I was recently interviewed for a news segment about privacy concerns over TikTok...is it a problem? What makes it different from typical social media data collection? First off, I'm still trying to figure out more about the story behind TikTok bypassing Android's controls and accessing MAC addresses....and why Google didn't do anything about it and, really, why that exploit is available in the first place...That could be a big deal. ...
Continue Reading...I'm no jet fuel genius. Nor am I a statistician. I'm certainly no epidemiologist. I don't even consider myself to be one of the smartest people in my own field. But I do know enough to realize that when a problem exists (even if it's yet to be acknowledged), once it's sought after, it will be uncovered. And once it uncovered, does this newfound knowledge actually change anything? Not necessarily. ...
Continue Reading...It's a tired subject at this point. Still, I still wanted to share some pieces that I've written on security awareness/training and security policies over the years that your business might benefit from to help get (keep) your arms around your remote workforce and overall information security program...no need to buy anything or hire anyone to help. The following are all you need to get rolling and/or fine-tune: Security Awareness ...
Continue Reading...