data security

Professionally Evil CISSP Certification: Breaking the Bootcamp Model

ISC2 describes the CISSP as a way to prove “you have what it takes to effectively design, implement and manage a best-in-class cybersecurity program”.  It is one of the primary certifications used as a stepping stone in your cybersecurity career.   Traditionally, students have two different options to gain this certification; self-study or a bootcamp.  Both …

Professionally Evil CISSP Certification: Breaking the Bootcamp Model Read More »

Compliance is not Security

Many folks get confused about the difference between security and compliance. Many, especially those less technically inclined, assume that fulfilling compliance obligations sufficiently addresses security. Unfortunately, that’s not true as demonstrated by the continuing rise of security breaches each year. In this post, I’ll briefly explain the difference between security and compliance, and then outline …

Compliance is not Security Read More »

Ransomware Intelligence Briefing

Ransomware Intelligence Briefing Media reporting on the WannaCry ransomware campaign has contained exaggeration, bad information, and fear tactics. This Bulletin seeks to provide Secure Ideas partners situational awareness about malware, ransomware, and phishing campaigns in the wild, and to provide a basic plan for businesses. The Secure Ideas Perspective Coverage of the WannaCry ransomware campaign has …

Ransomware Intelligence Briefing Read More »

Are we a Target?

2014 has started out with a bang in terms of publicly disclosed compromised systems.  We entered the year with a slew of privacy events starting with Target’s massive breach, followed by other retailers such as Neiman Marcus and Michael’s and a current investigation with lodging and food services giant White Lodging.  The Syrian Electronic Army (SEA) has …

Are we a Target? Read More »

Industry Issues: New Vulnerabilities and Marketing Problems

As a consultant, I spend a lot of my time working with organizations and staff to help them improve their security.  I do this via a number of methods including consulting, penetration testing, training, and other services.  But the foundation of what I do is explain the what, why, and how of information security.  And …

Industry Issues: New Vulnerabilities and Marketing Problems Read More »

Defending Against Pass-the-Hash (PtH) Attacks

Pass-the-Hash (PtH) attacks have become probably the most common form of credential attacks used in the hacking community. Especially in  Microsoft Windows environments, PtH tools are so popular and easy to use, that many attackers no longer even bother to crack passwords anymore. Why waste the time when an administrator’s hash is just as convenient, …

Defending Against Pass-the-Hash (PtH) Attacks Read More »

Your Passwords Were Stolen: What’s Your Plan?

If you have been glancing at many news stories this year, you have certainly seen the large number of data breaches that have occurred. Even just today, we are seeing reports that Drupal.org suffered from a breach (https://drupal.org/news/130529SecurityUpdate) that shows unauthorized access to hashed passwords, usernames, and email addresses. Note that this is not a …

Your Passwords Were Stolen: What’s Your Plan? Read More »

The Watering Hole: Is it Safe to Drink?

How many times have you been told you have a vulnerability that you just don’t understand  its relevancy?  Cross-Site scripting comes to mind for many people.   Sure, they get the fact that you can execute scripts in the user’s browser, but often times they really don’t fully understand the impact.  Of course, we determine that …

The Watering Hole: Is it Safe to Drink? Read More »

Scroll to Top