• 28 Feb 2024

    3 resources to help with the SEC’s cybersecurity ruling on incident reporting

    There's been a lot of buzz in recent months regarding the new US Securities and Exchange Commission (SEC) cybersecurity ruling involving incident resporting. Check out the following resources I created for the folks at web application and API vulnerability scanning vendor Probely. We help you cut through the noise and understand what really matters in the context of incident reporting/response and, especially, its impact on overall application security. SEC Cybersecurity ...

    Continue Reading...
  • 27 Aug 2023

    Cybersecurity All-In-One For Dummies – a new book my vulnerability and penetration testing content is featured in

    I was recently surprised to find out about this new book - Cybersecurity All-In-One For Dummies - that much of my Hacking For Dummies content is featured in. The following chapters from my book are included: Introduction to Vulnerability and Penetration Testing Cracking the Hacker Mindset Developing Your Security Testing Plan Hacking methodology Information Gathering Social Engineering Physical Security With all the other content included, this book is a very ...

    Continue Reading...
  • 15 Mar 2012

    Flaws, compliance and the Cybersecurity Act of 2012

    Here are some new pieces I've recently written that you may be interested in...big things in security we need to have on our radar: Six Security Flaws on Your Network Right NowFind the Most Flaws By Balancing Automated Scans with Manual AnalysisCompliance is just the beginningNew and not-so-new security twists in the Cybersecurity Act of 2012Enjoy!Be sure to check out www.principlelogic.com/resources.html for links to all of my information security whitepapers, ...

    Continue Reading...
  • 23 Jan 2011

    Cybersecurity schmybersecurity

    Here are a couple of #cybersecurity pieces I authored for TechTarget's SearchCompliance.com regarding the proposed Rockefeller-Snowe Cybersecurity Act of 2009 (Senate Bill 773) and Lieberman-Collins-Carper Protecting Cyberspace as a National Asset Act of 2010 (Senate Bill 3480):Why the Cybersecurity Act is better for government than businessIs the latest cybersecurity bill an Internet takeover by the fed?You know how I am about government growth and its intrusion into the free market. ...

    Continue Reading...
  • 28 Sep 2010

    Cybersecurity Act of 2009 – It’s great for government growth!

    You may already know how I feel about our out of control government. Well here's a new piece I wrote about the Cybersecurity Act of 2009 - legislation that'll make your head spin.Why the Cybersecurity Act is better for government than businessIn subsequent edits to this article I had added some material on the new Lieberman-Carper-Collins legislation Protecting Cyberspace as a National Asset Act of 2010 (a.k.a. Senate Bill 3480) ...

    Continue Reading...
  • 20 Sep 2010

    Silent tyranny in the name of “cybersecurity”

    I just finished a new article on the Cybersecurity Act of 2009 (a.k.a. Rockefeller-Snowe Cybersecurity Act or S. 773) and the equally scary Protecting Cyberspace as a National Asset Act of 2010 (a.k.a. Lieberman-Carper-Collins or S. 3480).Goodness gracious folks. Have you read these pieces of legislation yet? Are you tracking what's going on?There's some serious government control headed our way if we sit back at let politicians force these policies ...

    Continue Reading...
  • 30 Apr 2021

    Networked IP cameras as vulnerable as ever…no excuses these days.

    You've likely heard the news about security cameras being vulnerable to exploits like what was covered in this piece: https://threatpost.com/breach-verkada-security-camera-tesla-cloudflare/164635/ I feel like I'm always talking in circles when it comes to security...stop repeating history, focus on the basics, do what you know needs to be done...It's especially true for vulnerabilities in network security cameras. A little over nine years ago I wrote about this problem with cameras that I ...

    Continue Reading...
  • 10 Feb 2021

    Review of Corporate Directors’ & Officers’ Legal Duties for Information Security and Privacy: A Turn-Key Compliance Audit Process

    One of the great tragedies impacting businesses today is the disconnection between executive leadership and the information security function. The general assumption has long been that technical staff have everything under control and, therefore, management doesn't need to get all that involved in IT security and compliance related initiatives. I first noticed this situation in the late 1990s working on information security security projects with clients. Shortly thereafter, I wrote ...

    Continue Reading...
  • 07 Mar 2020

    Speaking engagement for ALAS in Phoenix was a big success!

    I had the opportunity to be invited to speak at the Attorney's Liability Assurance Society (ALAS) 2020 Cybersecurity Conference in Phoenix, AZ last week, and it was awesome. With a great group of 220 law firm IT leaders and general counsel professionals, I presented Beyond the Policies: Top 5 Security Findings (that I see in literally every security assessment I perform). I also served as a panelist for a lively ...

    Continue Reading...
  • 30 Apr 2019

    Healthcare’s latest (ridiculous) proposal to improve security in that industry

    For years, I've ranted about the rebranding of information security to "cybersecurity". This strategy is nothing more than a means to redirect attention - even create confusion - over what we do so that something shiny, new, and sexy can be sold to those who are buying. It's bad for what we're trying to accomplish in this field. We need less confusion rather than more. Well, here's a new set ...

    Continue Reading...