Open Letter to Congressman Tom Graves on the “Active Cyber Defense Certainty Act”

|
To the Honorable Tom Graves:In November of 2015 I was invited to the now retired Congressman Steve Israel’s Cyber Consortium to participate with other security professionals in the community to discuss cyber security related issues affecting both our organizations and communities. During this meeting you were invited to speak about ... Read More

The Equifax breach – Now what?

|
By now we’re all probably very aware of the massive Equifax hack that exposed 143 million American's social security numbers, birth dates, addresses and drivers’ licenses. There was also a small subset of credit cards and personal identifying documents released with limited personal information to an uncertain amount of Canadian and UK ... Read More

How do network management systems simplify security?

|
Today, many network management systems aim to increase visibility into the network and focus more on security. Since security is often left to the administrators of each department, having additional security built in to tools is becoming common.Network management systems that provide security insight are useful tools for your networking ... Read More

How can enterprises secure encrypted traffic from cloud applications?

|
With many applications being utilized in a SaaS model, it's important to encrypt the traffic between end users and applications. When personal and sensitive data is transferred, processed or stored off local premises, the connections between these points need to be secured.Many large websites default to SSL/TLS, increasing the encrypted ... Read More

Should an enterprise BYOD strategy allow the use of Gmail?

|
Creating separate accounts for business use on a third-party platform can be risky, but it depends on the context.Google offers organizations the ability to host their mail on its platform, and it also offers additional features to manage these accounts -- though these features are not part of Google's free ... Read More

What should you do when third-party compliance is failing?

|
The security of your data being held, processed or transmitted by a third party is always a security risk. Essentially, you have to trust an organization other than your own with the security and care of your data.The third party or business partner could perform security up to or even ... Read More

Security Researchers and Responsible Vulnerability Disclosure

|
I was asked to comment on the following article regarding responsible disclosure of vulnerabilities by security researchers. This is a debate that's recently been resurrected over the past couple months. In my opinion there's work to be done on both sides. Below is article I was quoted on regarding the ... Read More

Gotta Respect the Hacker Hustle

|
Many times you'll see attackers exploit low hanging fruit to breach a network, but other times they really have to work to get into a target. This due diligence has to be respected. I'm not saying hacking into an organization for malicious gain is approved, but the skills have to ... Read More
Loading...