Category: InfoSec
-
I recently published over on my company’s blog: Building a Strong Foundation With the Information Security Accelerator For mid-market companies and SMBs, building a solid Information Security program can seem impossible without the resources of a Fortune 500 enterprise. Business email compromise, ransomware, data breaches… the threats in the headlines can seem overwhelming, leading to…
-
I recently published over on my company’s blog: Hardening Backups Against Ransomware Organizations should assume that a successful ransomware attack will corrupt and take offline all core IT capabilities. Active Directory & other identity systems. File servers. Line of business applications. Databases. Internal networking. Password managers and Privileged Access Management (PAM) systems. Et cetera. To…
-
I recently hosted a webinar at work: Defending Backups Against Ransomware Ransomware is a Different Beast Human-operated ransomware represents a unique challenge to backup infrastructures. Unlike other disaster scenarios, a ransomware attack specifically targets and attempts to destroy backup systems to increase the likelihood of a victim organization paying the ransom. This type of threat…
-
I was recently part of a webinar at work: Data Loss Prevention in a Remote-Work World With more employees working from home and public places, often on less secure networks, it has become vitally important to ensure confidential data is not being leaked or exfiltrated in this hyper-connected world. Data Loss Prevention (DLP) solutions promise…
-
My daughter was given an iPad for educational games. Here's my attempt at locking down the device's privacy and security. Scenario & Objectives Device for pre-elementary child Emphasis on security, privacy, and sensitive content protections Usability for Kiddo also critical Physical Protections A case… because kids… Sliding webcam cover on the front facing camera. I…
-
Authy TOTP multifactor app does not provide the ability to export or download the tokens for use in a different TOTP app. Authy also requires Google Play Services to run on Android, so if de-Googling, Authy will display error messages every time the app is opened. Here's how I got the data out of Authy…
-
This summer, I had the immense pleasure of taking “Getting Started in Security with BHIS and MITRE ATT&CK,” presented by John Strand and Black Hills Information Security. Sixteen hours of non-stop useful content — four intense afternoons! My full notes are on GitLab here: Getting Started In Security BHIS To give you a sense of…
-
This article from WIRED’s Andy Greenberg is a must-read for anyone remotely interested in technology or how what someone does to a computer system can have massive financial and geopolitical implications.