In my virtual CISO consulting engagements and vulnerability and penetration testing, the process of patch management ALWAYS comes up for discussion. Given the threats, the vulnerabilities, and the risks – everything that's at stake – I cannot think of any single aspect of a well-functioning information security program that's more important than patch management. It's one of a few things in security that you CAN control! The absolute last thing you ...
Continue Reading...One of the great tragedies impacting businesses today is the disconnection between executive leadership and the information security function. The general assumption has long been that technical staff have everything under control and, therefore, management doesn't need to get all that involved in IT security and compliance related initiatives. I first noticed this situation in the late 1990s working on information security security projects with clients. Shortly thereafter, I wrote ...
Continue Reading...A few weeks ago, I promised my friend, Stanley Roberts (a well-known journalist who uses video to capture people doing dumb things) that I would post about a Facebook scam that he recently encountered. And then life got in the way...but here it is. Given the tie-in with what I do in my work, I thought it would be a good opportunity to share his example of how so many ...
Continue Reading...I was recently interviewed for a news segment about privacy concerns over TikTok...is it a problem? What makes it different from typical social media data collection? First off, I'm still trying to figure out more about the story behind TikTok bypassing Android's controls and accessing MAC addresses....and why Google didn't do anything about it and, really, why that exploit is available in the first place...That could be a big deal. ...
Continue Reading...I'm no jet fuel genius. Nor am I a statistician. I'm certainly no epidemiologist. I don't even consider myself to be one of the smartest people in my own field. But I do know enough to realize that when a problem exists (even if it's yet to be acknowledged), once it's sought after, it will be uncovered. And once it uncovered, does this newfound knowledge actually change anything? Not necessarily. ...
Continue Reading...It's a tired subject at this point. Still, I still wanted to share some pieces that I've written on security awareness/training and security policies over the years that your business might benefit from to help get (keep) your arms around your remote workforce and overall information security program...no need to buy anything or hire anyone to help. The following are all you need to get rolling and/or fine-tune: Security Awareness ...
Continue Reading...I recently had the opportunity to write an article for Ross Bentley's Speed Secrets Weekly newsletter. It's one of the most popular newsletters in motorsports with a ton of visibility. Ross was kind enough to let me reshare my article here...I wanted to share it with you because it relates to IT and security just as much as it does to racing a car. Being a professional writer in information/computer ...
Continue Reading...“The hardest thing to explain is the glaringly evident which everybody had decided not to see.” – Ayn Rand Interesting how the world has changed in the past couple of weeks, huh? Here in the U.S., we went from a thriving economy and living in what might be described as the best time to be alive to what seems like an abrupt halt - doom and gloom - all within a couple of ...
Continue Reading...I had the opportunity to be invited to speak at the Attorney's Liability Assurance Society (ALAS) 2020 Cybersecurity Conference in Phoenix, AZ last week, and it was awesome. With a great group of 220 law firm IT leaders and general counsel professionals, I presented Beyond the Policies: Top 5 Security Findings (that I see in literally every security assessment I perform). I also served as a panelist for a lively ...
Continue Reading...I recently had the most amazing opportunity to learn more about becoming a better speaker. I got to spend two full days sitting around a conference table and in the studio with the one and only Brian Tracy. I've been speaking professionally for the past decade and a half. As with many of the important things in my life such as information security consulting, car racing, and personal relationships, I've ...
Continue Reading...