We all get excited and respond to 0-Day vulnerabilities. But what about vulns with patches that have been out for 3-years? As Nationwide Insurance found when they were breached, an unpatched is just as risky as unpatchable.
Watch more videos on my YouTube channel.
Amazon Simple Storage Service (Amazon S3) is an easy way for apps to store data in the cloud. Too easy. And not only easy to use, but also, easy to misconfigure. Verizon learned this the hard way when a third-party’s S3 bucket was found left open, resulting in a breach of six million subscribers. (Pro-tip: use scripts like Bucket Finder to check for open S3 instances.)
Watch more videos on my YouTube channel.
Oldies but goodies. Three ways DNS can be abused, and three counters for protection.
Watch more videos on my YouTube channel.
Overnight successes take decades work. Daily effort, consistently, in the face of delays and setbacks. That’s problematic in an industry where the average tenure of Chief Information Security Officers is less than two years. So stick to it, and let me know your years’ long overnight successes.
Watch more videos on my YouTube channel.
When HBO was hacked last month, 1.5 terabytes of data was stolen. Exfiltrated right out from their networks. This contained Game of Thrones episodes and more. Here’s one way to catch such huge data thefts.
Watch more videos on my YouTube channel.
Ever notice new stuff is immune to so many attacks and threats? Here’s why, and how to make it work for you.
Watch more videos on my YouTube channel.
A fake email goes from Jared Kushner to Tom Bossert. Another fake email goes from Reince Priebus to Anthony Scaramucci. Another goes out pretending to be the Ambassador for the Russia-designate Jon Huntsman Jr. Oh, and why not email the Trump family? All this goes to show, we need email security awareness training for the top people and the highly visible people.
Watch more videos on my YouTube channel.
Microsoft has recognized my work in Cloud Computing security with a 2017-2018 Microsoft Valuable Professional (MVP) award. I’ve long relied upon the guidance and advice from MVPs. It’s a fantastic program. I’m honored to now be included, specifically under Enterprise Security.
We might not get our own soundtrack. We may not have a 9-pack of abs. But by treating security controls like Lego blocks, we can build programs and strategy like Batman.
Watch more videos on my YouTube channel.
Much of our frameworks and standards have roots in the golden age of computing. Modems, floppy disks, and hand cranked computers were all the rage. A lot has changed. Some IT controls need to be rethought to be applicable in the modern times.
Watch more videos on my YouTube channel.