data security – Professionally Evil Insights

Professionally Evil CISSP Certification: Breaking the Bootcamp Model

December 11, 2018 December 11, 2018 / By Kevin Johnson / 2 Comments

ISC2 describes the CISSP as a way to prove “you have what it takes to effectively design, implement and manage a best-in-class cybersecurity program”. It is one of the primary certifications used as a stepping stone in your cybersecurity career. Traditionally, students have two different options to gain this certification; self-study or a bootcamp. Both …

Professionally Evil CISSP Certification: Breaking the Bootcamp Model Read More »

Compliance is not Security

November 29, 2018 November 27, 2018 / By Nathan Sweaney / Leave a Comment

Many folks get confused about the difference between security and compliance. Many, especially those less technically inclined, assume that fulfilling compliance obligations sufficiently addresses security. Unfortunately, that’s not true as demonstrated by the continuing rise of security breaches each year. In this post, I’ll briefly explain the difference between security and compliance, and then outline …

Compliance is not Security Read More »

Ransomware Intelligence Briefing

May 17, 2017 August 7, 2017 / By Secure Ideas / Leave a Comment

Ransomware Intelligence Briefing Media reporting on the WannaCry ransomware campaign has contained exaggeration, bad information, and fear tactics. This Bulletin seeks to provide Secure Ideas partners situational awareness about malware, ransomware, and phishing campaigns in the wild, and to provide a basic plan for businesses. The Secure Ideas Perspective Coverage of the WannaCry ransomware campaign has …

Ransomware Intelligence Briefing Read More »

Are we a Target?

February 18, 2014 September 11, 2015 / By Jason Gillam / Leave a Comment

2014 has started out with a bang in terms of publicly disclosed compromised systems. We entered the year with a slew of privacy events starting with Target’s massive breach, followed by other retailers such as Neiman Marcus and Michael’s and a current investigation with lodging and food services giant White Lodging. The Syrian Electronic Army (SEA) has …

Are we a Target? Read More »

Granular Privacy Controls

February 11, 2014 September 11, 2015 / By Nathan Sweaney / Leave a Comment

Have you seen glympse.com? It’s a location-sharing site designed to let users share their GPS data with others for a set period of time. The idea is that I can enable the service on my phone for 30 minutes and then send you a link to view my exact location. That way if you’re waiting …

Granular Privacy Controls Read More »

Industry Issues: New Vulnerabilities and Marketing Problems

September 10, 2013 September 11, 2015 / Leave a Comment

As a consultant, I spend a lot of my time working with organizations and staff to help them improve their security. I do this via a number of methods including consulting, penetration testing, training, and other services. But the foundation of what I do is explain the what, why, and how of information security. And …

Industry Issues: New Vulnerabilities and Marketing Problems Read More »

Defending Against Pass-the-Hash (PtH) Attacks

August 6, 2013 September 11, 2015 / By Nathan Sweaney / 1 Comment

Pass-the-Hash (PtH) attacks have become probably the most common form of credential attacks used in the hacking community. Especially in Microsoft Windows environments, PtH tools are so popular and easy to use, that many attackers no longer even bother to crack passwords anymore. Why waste the time when an administrator’s hash is just as convenient, …

Defending Against Pass-the-Hash (PtH) Attacks Read More »

Red Dawn: Protecting small organizations from attacks

June 18, 2013 September 11, 2015 / Leave a Comment

Secure Ideas spends a lot of time working with organizations both large and small. And during this work, we deal with and help people trying to figure out what the threats and risks are in the wild today. For larger companies, this exercise is something they deal with often, but smaller organizations may not …

Red Dawn: Protecting small organizations from attacks Read More »

Your Passwords Were Stolen: What’s Your Plan?

June 5, 2013 September 11, 2015 / By Secure Ideas / Leave a Comment

If you have been glancing at many news stories this year, you have certainly seen the large number of data breaches that have occurred. Even just today, we are seeing reports that Drupal.org suffered from a breach (https://drupal.org/news/130529SecurityUpdate) that shows unauthorized access to hashed passwords, usernames, and email addresses. Note that this is not a …

Your Passwords Were Stolen: What’s Your Plan? Read More »

The Watering Hole: Is it Safe to Drink?

May 7, 2013 September 11, 2015 / By Secure Ideas / Leave a Comment

How many times have you been told you have a vulnerability that you just don’t understand its relevancy? Cross-Site scripting comes to mind for many people. Sure, they get the fact that you can execute scripts in the user’s browser, but often times they really don’t fully understand the impact. Of course, we determine that …

The Watering Hole: Is it Safe to Drink? Read More »