Blog

22nd September 2022

The Apple MDM market leaves a lot to be desired.

On April 21, 2022, Apple made an announcement that screwed many of its business customers: The company was shutting down Fleetsmith, its in-house Mobile Device Management (MDM) solution for Macs. MDMs are essential IT tools for businesses. They help admins automate device setup, updates, patching, security, and other management tasks for company-owned devices. With Fleetsmith…

15th September 2022

Cybersecurity is a team sport, so who are the players?

It’s back to school time (parents, try to conceal your understandable excitement). For my 11-year-old son, the best part about going back to school is playing cello in our town’s middle school orchestra, a spot he earned over the summer despite (pardon me while I brag) being a sixth grader in competition with 7th and 8th…

8th September 2022

Open Source Dependencies: Built Like a House of Cards

The world of modern software is built like a house of cards. Software development in the modern age is heavily reliant on open source libraries and tooling. Open source code projects are often built upon layers of dependencies – a broad engineering term for the libraries or collections of code that a larger project reuses….

7th September 2022

Fractional CISO’s Risk Monitoring Tooling

At Fractional CISO, we use a handful of third-party tools to help improve our clients’ cybersecurity posture. One such tool is Black Kite, a cyber risk monitoring and threat intelligence platform. In particular, Black Kite’s scans help us identify vulnerabilities in our clients’ systems and their vendors’ systems. We use this information to prioritize, plan,…

1st September 2022

Cybersecurity Game Theory in Incident Response

A panicked employee walks into your office and tells you that several of your systems have been locked up by ransomware. What happens next? What should you do? What will the attacker do? An example of this happened last year during the Kasaya attack. Malicious actors targeted the remote system management software Kasaya in hopes…

25th August 2022

Communication, not computers, is the key cybersecurity leadership skill.

CFO: You’re asking for a security budget increase of 20% from last year and we’ve already reached our ratio on technology spend. CISO: …but our budget was cut 30% the year before due to other strategic projects and we haven’t addressed some key gaps… CFO: We didn’t have any security issues last year though and…

18th August 2022

Nudge your way to better Cybersecurity

Our local post office parking lot was under construction for many months. I have no idea what they were working on and it would not be notable except… … it used to be super-convenient to mail letters* there. [*Yes, those physical paper things. What can I say, I have a certain nostalgia for an age gone…

11th August 2022

The Makeup of a Great SOC 2 Risk Assessment

Not all risk assessments are created equal. Some are low and others are high. Yeah, that’s really helpful. Right? Risk assessments are so crucial to information security that the American Institute of Certified Public Accountants (AICPA) requires them from every single company seeking SOC 2 compliance. SOC 2 Risk Assessments fall primarily under the Security…

4th August 2022

Browser password managers – flawed security, by design!

This article addresses a very serious and pervasive business data risk, so let’s get right to it: The default password management features available in Chrome, Firefox, and Edge browsers only provide the appearance of secure password storage. In reality, they provide absolutely no meaningful protection for stored user passwords. Business leaders take note: if your…

28th July 2022

Congrats to Kulsoom Matin! 2022 vCISO Cybersecurity Scholarship Winner

Congratulations to Kulsoom Matin of Pakistan on being awarded Fractional CISO’s 2022 vCISO Cybersecurity Scholarship! Kulsoom came to the United States in 2015 to study at the University of Houston. Around this time, she was the victim of a data breach and began to learn about cybersecurity. Now, she is pursuing a Master’s in Cybersecurity…

1 2 3 … 18 Next