Hot Topics

John Bruggeman

I am a veteran technologist, former CTO and CISO, with nearly 30 years of experience building and running enterprise IT. I have developed and supported information security programs, helping them mature and succeed by using industry standards like ISO27K and NIST CSF.
I am very familiar with regulatory compliance requirements from PCI-DSS, HIPAA, FERPA, A133 to privacy related requirements like GDPR and CCPA. I earned several GIAC certifications (GSEC, GCIH and GCWN) and I am active in the local information security community, through groups like Infragard and the Higher Education Security Council for EDUCAUSE.
Connect on LinkedIn
Visit CBTS Security website

API Noname CrowdStrike data discovery supply chain zero-days fuzz appsec

Is Your Supply Chain Secure?

John Bruggeman | January 10, 2022 | Kaseya supply chain ransomware attack, Ransomware, Secure Supply Chain, SolarWinds MSP

In 2021, there were a number of major supply chain attacks that crippled multiple companies. Think back to the Kaseya attack in July, or, even before that, the SolarWinds attack that came to light in December 2020. In October 2021, Broward Health in Florida was compromised through a third-party supply ... Read More

Security Boulevard

A Deeper Dive Into the Value of Centralized Logging

John Bruggeman | January 6, 2022 | event logging, Network Security, Ransomware, SIEM

In my previous blog post, I talked about the value of centralized logging, a high-level, non-complex overview of how centralizing your logs can help you determine if your security controls and defensive tools are working as expected. Now, let’s go a bit deeper and discuss some best practices regarding centralized ... Read More

Security Boulevard

How to Determine if Your Network Security is Working

John Bruggeman | December 15, 2021 | cybersecurity defense, event logging, Network Security, web access firewall

In my previous blog post, I talked about the MITRE ATT&CK framework and how it can help you determine possible threats and threat actors’ techniques so that you can better focus your limited resources on the more likely threats. The next question you might have is, “Am I being attacked?” and ... Read More

Security Boulevard

Improving Cybersecurity With MITRE ATT&CK Framework

John Bruggeman | December 1, 2021 | Cybersecurity, Logs, MITRE ATT&CK, Phishing Techniques, tactics

In my previous blog posts, I’ve talked about the NIST CSF and another framework from the nonprofit Center for Internet Security (CIS), which has a smaller set of controls to help companies and organizations secure their environments. Now, I want to talk about the MITRE ATT&CK framework. But let’s start ... Read More

Security Boulevard

Falco Edgio Salt Security APIs, organizations, Open APIs API CIS COVID-19 cybersecurity

Can you Become Ransomware-Proof? Part 2: CIS Controls

John Bruggeman | November 4, 2021 | CIS Benchmark, cis controls, NIST Cybersecurity Framework, Ransomware

In my previous post, I talked about the NIST Cybersecurity Framework (CSF). Some of you, I am sure, Googled “NIST CSF” after reading it and found tons of information from NIST on the framework. Then, as you looked at the details, you might have felt intimidated by the five functions ... Read More

Security Boulevard

Can you Become Ransomware-Proof?

John Bruggeman | October 26, 2021 | Cyber Risk Management Frameworks, NIST, NIST Cybersecurity Framework, Ransomware

Wouldn’t it be great if you had enough confidence in your information security program that if a criminal gang attacked you, you would be able to defend yourself, keep your business going and notify the appropriate legal authorities and any vendor partners that might be impacted? With a mature information ... Read More

Security Boulevard