• 23 Aug 2019

    Cities + hacking & ransomware: what’s really going on?

    I do a lot of work for municipalities - cities, towns, and county governments - and I've concluded one thing: I don't envy those in charge of their IT and security. Apparently, municipal hacking is all the rage. At least that's what the media is currently portraying. For example, it's on the front page of today's New York Times: Ransomware Attacks Are Testing Resolve of Cities Across America The hacking ...

    Continue Reading...
  • 18 Jul 2019

    How does your incident response program measure up?

    I've heard it said that experience is something you don't get until just after you need it. Incident response is one of those things. How do you fully prepare for something that you've never had to deal with? Well, there are ways, but you have to prepare before the going gets rough. The best thing you can do is to define what "incident" means, think through the scenarios, and create ...

    Continue Reading...
  • 13 Jul 2019

    IT and computer security career tips & resources

    In preparation for my upcoming webinar on information security careers (check that out, by the way!), I was updating my website with IT and security career-related articles. Since I last updated my careers page, I've written 35 new pieces...35! Wow, apparently I need to go back and read some of my own tips on time management. :-) Enjoy and I hope to see you this coming Tuesday (July 16, 2019) ...

    Continue Reading...
  • 04 Jun 2019

    Here’s a BIG mobile security exposure you may be overlooking

    With security, if your goal is to minimize your maximum regret, there's a lot to be thinking about. User behaviors involving mobile devices are at the heart of some of the larger business risks, especially if you're like the majority of businesses I see and support bring your own device (BYOD) For phones and tablets. Well, here's something that you may have thought about in passing but haven't done anything ...

    Continue Reading...
  • 30 May 2019

    Networking + learning at the 2019 SecureWorld Atlanta show

    Before I went out on my own and started my own information security consulting business, I learned two things: 1) I work in information security but I'm really a sales professional (everyone is in sales whether they like to believe it or not) 2) It's not about who I know but also who knows me I found that practicing and growing these aspects of my career is as important as ...

    Continue Reading...
  • 30 Apr 2019

    Healthcare’s latest (ridiculous) proposal to improve security in that industry

    For years, I've ranted about the rebranding of information security to "cybersecurity". This strategy is nothing more than a means to redirect attention - even create confusion - over what we do so that something shiny, new, and sexy can be sold to those who are buying. It's bad for what we're trying to accomplish in this field. We need less confusion rather than more. Well, here's a new set ...

    Continue Reading...
  • 29 Apr 2019

    I’m IT…Respect my authoriTAH!

    If you've watched the animated TV show, South Park, you'll appreciate this. I just came across an article titled The Importance of Respecting Expertise in IT Professionals by Michelle Rakoczy. It's a thoughtful and well-researched piece on why people outside of IT need to respect the guidance/opinions of IT professionals (yet often don't). In my years of information security consulting and observing human behaviors as they relate to the field, ...

    Continue Reading...
  • 11 Apr 2019

    WP Security Audit Log – a must for WordPress security oversight and resilience

    Not long ago I moved my information security consulting business website to WordPress - something I thought I'd never do. The burden of hosting it myself combined with the hassles of working with Dreamweaver forced the change. I wasn't initially a big fan of WordPress...it's almost too much to take on. This coming from a technical guy who hosted Apache on Windows and did most of my administration at the ...

    Continue Reading...
  • 08 Apr 2019

    Hacking For Dummies in India

    Signed copies of my books have made it to some far-reaching places but I believe this one takes the cake. I was excited to see that my good friend, Jeff Jenkins, recently delivered copies of Hacking For Dummies to his team in Bengaluru! Thanks Jeff and thanks team - I hope you enjoy it!...

    Continue Reading...
  • 19 Mar 2019

    Good, old-fashioned, boring passwords – the key to good security

    Many people are quick to proclaim that passwords are dead...that SSO, MFA, and related technologies are THE solution. Not so fast. Passwords, as we've known them for decades, are not going away anytime soon. Sure, I'll embrace the technologies that help take the pain out of passwords and password management. Hopefully we will be password-free in the next few decades. Still, pragmatism will win out over presumed quick fixes every ...

    Continue Reading...