• 13 Aug 2018

    CNN news story on Omarosa getting fired from the White House that quotes me on the reality of security culture

    Security culture is everything. If you work in security, you probably already know that...For business executives, though...well, that mindset is largely absent. In fact, as this new CNN piece I'm quoted in about Omarosa secretly recording her firing in the most "secure" room of the White House highlights, talk is cheap. IT and corporate security professionals can evangelize the importance of security - especially security culture - all day long, ...

    Continue Reading...
  • 24 Jul 2018

    Check out my webinar on the big risks involving unstructured information – 2pm ET today (reading assignment links)

    Join me today at 2pm ET for my Ziff Davis webinar Addressing the Security Risks Around Unstructured Information sponsored by Citrix ShareFile. Unprotected files scattered about the network environment is one of the biggest vulnerabilities I see...and it continues to create tangible business risks for every organization. I'll talk about the risk, share some examples of what I'm seeing in my work perform security assessments, and provide some ideas on ...

    Continue Reading...
  • 17 Jul 2018

    Join me at 2pm ET today for a discussion on data breaches + reading assignment links

    The data breach numbers we see in the studies and headlines every year (day!?) are pretty amazing...It's clear that we have not just an IT challenge on our hands but a true business problem... What's behind all of the incidents and breaches? Why does it seem to be getting worse? Is there anything that can be done about it? Well, that and more is what I''l be discussing in my ...

    Continue Reading...
  • 13 Jul 2018

    Introducing my brand new vulnerability and penetration testing book: Hacking For Dummies, 6th edition

    Want to learn the essentials of vulnerability and penetration testing? Looking for insight into which testing tools you need to use to get the job done right? Maybe you need help in determining the difference between the vital few security vulnerabilities and the trivial many that sidetrack so many people? Perhaps you need help selling information security to management and keeping them on board with what you're doing? Well, if ...

    Continue Reading...
  • 21 Dec 2017

    Web application and mobile app security testing – Are you on board?

    Here are some recent pieces I've written regarding web application and mobile app security based on the work I do that you might be interested in: How security controls affect web security assessment resultsThe importance of integrating mobile apps into your security programHow automated web vulnerability scanners introduce risksAddressing web server security vulnerabilities below the application layerDon’t sweep web application testing under the rugYou may not be in control but ...

    Continue Reading...
  • 14 Oct 2017

    When PR spam is actually amusing

    I get spammed by PR firms all the time - quite likely a dozen or more emails from them in my business inbox every day. I think I get on their radar because certain articles I write happen to be related to what these spammers are trying to promote. Well, I recently got this spam message via email from a PR firm regarding an upcoming security conference. Looks interesting. But ...

    Continue Reading...
  • 12 Oct 2017

    Hacker Halted – a security show worth attending

    I've been a big advocate of attending security shows in order to learn, network, and see/hear about the latest technologies. There are a ton of these shows each year - some are a good fit, others not so much. Well, there's one show that I just attended in Atlanta this week that's worth my mentioning and recommendation. It's called Hacker Halted. Put on by the EC-Council (Certified Ethical Hacker) folks, ...

    Continue Reading...
  • 27 Sep 2017

    SEC, Equifax, what’s next? Focus on – and fix – the stuff that matters in security.

    I recently consulted with a client on the SEC and Equifax breaches and had some thoughts that I left with that I wanted to share here:Your security program is only as good as your day-to-day processes and people. No amount of policies, plans, and technologies is going to prevent you from getting hit. Reactive security is apparently the new norm, at least according to SEC chairman Jay Clayton. I don't ...

    Continue Reading...
  • 31 Aug 2017

    HIPAA and data encryption – what you need to know

    When I co-wrote the first edition of the book The Practical Guide to HIPAA Privacy and Security Compliance, both HIPAA and data encryption were a big deal. Fast forward nearly 15 years and they're still a big deal, yet many people are still struggling with both. If you're looking for some insight/guidance on HIPAA compliance, data encryption, or security intelligence in today's business environment, here are a few new pieces that ...

    Continue Reading...
  • 16 Aug 2017

    Hacking For Dummies featured in new Lifetime movie Running Away

    I had the neat opportunity to recently see my book, Hacking For Dummies,  featured in this summer's Lifetime movie called Running Away. I've known that it was a possibility for some time but it was cool to see it on the screen! Here's the scene it's featured in:You can see more about - and purchase - Hacking For Dummies (currently in its 5th edition) on Amazon by clicking the graphic ...

    Continue Reading...