Resources
Remote Access Rush
Practicing good remote access hygiene in times of uncertainty As the business world reacts to the current health crisis, companies are offering remote access to any role that can work from home....
Are we prepared?
Risks and Considerations for IT: A Pandemic What can IT do to prepare? We all know the stats of the Coronavirus, although they are changing by the minute. We know what to do personally and for our...
Stop Sharing Your Password with Everyone
Insert under image - Palo Alto Networks firewalls have the ability to create security policies and generate logs based on users and groups, and not just IP addresses. This functionality is called...
Cybersecurity Maturity Model Certification (CMMC)
From a quick assessment on what has been published thus far on the CMMC regulation and its overall goal, it appears that contractors lack of information security will no longer be tolerated by the...
AWS Metadata Endpoint – How to Not Get Pwned like Capital One
One of the greatest yet unknown dangers that face any cloud-based application is the combination of an SSRF vulnerability and the AWS Metadata endpoint. As this write up from Brian Krebbs explains,...
Understanding HIPAA: PHI and Covered Entities
Medical community challenge: In a business environment where resources are limited, compliance requirements abound, and budgets are constantly challenged to meet cost containment targets, the...
Understanding HIPAA: Starting with the Rules
Medical community challenge: In a business environment where resources are limited, compliance requirements abound, and budgets are constantly struggling to meet cost containment targets, the...
Why Microsoft Office 365 Secure Score Isn’t Enough
Microsoft Secure Score. If you’re an IT administrator or security professional in an organization that uses Office 365, then you’ve no doubt used the tool or at least heard the term. It started as...
How to Approach the General Data Protection Regulation (GDPR) With a Security Framework
GDPR has been in place since May 25th, 2018 and has already been used in legal actions against companies, with over 200,000 cases reported within this first year. The law is expected to make a...
Framework or Crash, the Choice is Yours!
Are you using a framework to establish your information security program? If not, I get it; it’s complicated. On a second thought, have you lost your mind? I’ve been there. A number of years ago,...
Lessons Learned from Pentesting – What Should Keep You Up At Night
Coming from someone who can officially say that information security has given me a few gray hairs, I'm writing this article from the perspective of someone who's been around the block. With over 15...
Characteristics of a Relevant Information Security Program: Communications
The Challenge You budget for, enable, and staff your organization’s information security program with people, technology, and visionary prowess. As you step back and observe do you find yourself...
Why 14 Characters?
Background While experts have agreed for decades that passwords are a weak method of authentication, their convenience and low cost has kept them around. Until we stop using passwords or start using...
How to build a (2nd) 8 GPU password cracker
Why? … Stop asking questions! Background In February 2017, we took our first shot at upgrading our old open-frame 6 GPU cracker (NVIDIA 970). It served us well, but we needed to crack 8 and...
DA 101 – Protecting your Domain Admin Account
At SynerComm's Fall IT Summit 2018 we presented a talk about the top 5 attacks used to compromise a Domain Administrator account. As a short recap, the top five are the following: 1.Permissive...