The insider threat – the vulnerability that’s coming from inside the house

The insider threat: it’s one of the biggest and most persistent issues in cybersecurity. There have been multiple, recent high-profile cases – Manning, Snowden, and others. And these cases have both kept the issue in the public eye and kept…

Zero Trust: Buzzword or hack-buster?

Trust but verify: a Russian proverb Ronald Reagan often used to characterize U.S.-Russia relations, especially regarding nuclear weapons. The Internet has made it clear that the “trust” part of the proverb may not work so well. Today, we may have…

Polymorphic defense – making your systems “moving targets”

In my recent article on the GovCybersecurityHub entitled, “Solid foundations + innovation = stout cybersecurity,” I talked about cybersecurity can be somewhat unfair. That’s because the economies of scale favor our adversaries. I also talked about the importance of security…

Ten steps to avoiding ransomware

Recently, 22 different cities across the State of Texas were hacked and hit with simultaneous ransomware attacks – attacks where computer systems or data are effectively held hostage for a monetary ransom. And Texas isn’t the only victim. According to…

Compliance – is it becoming too big of a thing?

You have heard it enough to make you aim a fire extinguisher at your firewall: “compliance does not mean security.” Compliance work can consume up to 70 percent of security budgets in federal government agencies, and it is common to…

Security and compliance – they’re not the same thing

News Flash: Being compliant doesn’t mean you’re secure, any more than implementing security guarantees that you’re compliant. That’s right, compliance does not equal security. Compliance and security are separate and distinct goals. So, what is the difference? Compliance requires that you meet…

Why multi-factor authentication is essential for IAM

Identity and Access Management (IAM) is the art and science of ensuring that someone is who they say claim to be. This ensures that they have the correct level of access to systems and data – enough to do their…

Why security takes a backseat in IoT devices

The “Internet of Things,” or IOT: we’ve all heard the term, but what does it really mean? More importantly, how do we secure all of these … “things”? First, a stab at defining the term and its components. The term…