Red Flags Reimagined; The Evolution of Insider Threat

Employees are choosing permanent remote work, the ‘great resignation’ is overwhelming offboarding resources, nation states and criminal groups are getting bolder at recruiting employees to steal and ransom data, and COVID and political divisions are increasing employee stress, distraction, and disenfranchisement. To borrow from the cybersecurity ‘CIA Triad’ model, the Confidentiality, Integrity and Availability of […]

Security Convergence Fireside Chat w/ John McClurg

We live in exponential times. In our generational lifetime, we have seen innovations such as the internet and smartphones transform and enable business in ways never seen before. As part of the modernization transformation, we have had to grapple with the digital shifts in technology we never had to deal with previously, and inheriting the […]

What happens when 911 gets Hacked?

911 emergency call delivery systems are currently transforming to a next generation of call delivery technology known as Next Generation 911 (NG911). 911 emergency call systems have typically been protected from cyber-attack because 911 calls were delivered through a traditional telephone company landline system a/k/a ‘Legacy 911’ which relies on dedicated circuits and analog data […]

Why Companies Fail PCI DSS Assessments

Having performed hundreds of PCI DSS assessments as a PCI QSA (Qualified Security Assessor) and signed just as many Attestation of Compliance (AOCs), we have identified common reasons why companies fail PCI DSS assessments. Some are technical in nature but a significant number of them is the ever-present question on scope. All of these have […]

UAV / Drone Future Threats

Unfortunately, people and organizations will use the latest cool technology for malicious purposes and drones are certainly no exception. Further, current laws, regulations, and countermeasures are aligned with current or historical threats rather than future threats. Defenders of critical infrastructure must overcome opposing forces as well as a national inability to empower the defenders with […]

Patch Overload: How to Manage the Deluge of Vulnerabilities

Over the past two years, the cybersecurity threat landscape has changed dramatically. COVID, ransomware, supply chain vulnerabilities, and the threat of hybrid war have caused organizations to put their Shield Up and prioritize the growing volume of cybersecurity work. Last year alone we saw more than 20,000 vulnerabilities disclosed. That’s an average of more than […]

12 Monkeys: Curtains for Security Theatre

The desire to be secure has been replaced by the desire to be blameless. Return to the original purpose of security; protecting people. Then explore the convergence of compliance and technical security capabilities as they relate to business, data, people, and processes. What is our ultimate goal? How do we reshape the governance landscape to […]

When sh** gets real – Real-world implications of cyber badness

For many people ‘cyber’ things are still very abstract, and difficult to put into context. This is clear when the direct correlation between a mouse click, and a potential loss of life becomes a head-scratcher for so many people. This chasm is also a major reason ‘security training’ fails so often – it’s just not […]

Impactful Cybersecurity Tabletops

Table top exercises are a great tool to identify gaps and improve security posture. Sometimes mandated by regulations while other times directed by the board. They consume a lot of time and pull key people away from their daily jobs. Learn how to make them worth it and gain buy in from other areas across the organization. Learning Objectives: Effective planning leading up to […]