How Resilient is Your Business?
20th January 2022
Up until about 10 years ago, I played a lot of basketball — three times a week, sometimes more. One day, something went very, very wrong. I don’t know what happened, but I more or less had to drag my right leg off the court at the end of the game. Happily, within just a…
-- READ MORE
B2B Customers want cybersecurity compliance: MASV’s TPN Story.
13th January 2022
Cybersecurity doesn’t have to be a drag on business, it can be an accelerator that helps companies better serve their customers. MASV (pronounced Massive) is an api-based large file transferring SaaS company that recently completed a unique cybersecurity compliance assessment to help enable its growth. MASV specializes in transferring the massive files that raw 2K,…
-- READ MORE
54 months in: what I’ve learned starting a cybersecurity company.
6th January 2022
This article is written as advice for aspiring Virtual CISOs (vCISO) – but it will hopefully be relatable and helpful to other small and midsize business leaders. I am long overdue in writing this article (this is the fourth part of a series). I haven’t done one of these in 2 years. In that time…
-- READ MORE
Top Fractional CISO Blogs of 2021
30th December 2021
With 2021 coming to a close and 51 new blog entries in the books, we are going to engage in our now-annual practice of revisiting the top articles we published this year.
-- READ MORE
What does a bad auditor mean for your business?
22nd December 2021
Cybersecurity compliance evaluations like SOC 2, ISO 27001, and HIPAA might have one set of standards set by one overseeing organization, but the independent auditors who audit companies for these standards can have drastically different approaches. The result? Programs that are compliant being forced to do extra, meaningless work – or worse – companies that…
-- READ MORE
One Size Fits Nobody
16th December 2021
Once again, basketball season is upon us. With it comes the sound of shoes squeaking, balls bouncing, nets swishing, and rims rattling beneath the force of ferocious dunks. Well… maybe not the dunks, since I’m actually talking about my third-grade daughter’s team, of which I am the coach. This year, the girls are behind where…
-- READ MORE
Log4Shell Logo
14th December 2021
I have been surprised how the Log4Shell vulnerability has not made it in the mainstream press more. This is one of the most serious vulnerabilities I have seen in my career. When I talk to my non-tech friends and family members, they haven’t heard of Log4Shell or Log4j. One of the successes of the Heartbleed…
-- READ MORE
Serious vulnerability: Log4J
11th December 2021
We sent the following notice to all Fractional CISO clients yesterday. We are sending this notice to all Fractional CISO clients to inform them about an extremely critical zero-day vulnerability that requires immediate attention – right now, not on Monday. This vulnerability is pervasive, Internet-facing, and easily exploitable by anybody with limited hacking experience. What’s…
-- READ MORE
What are the best Google Workspace security settings?
9th December 2021
Which of these scenarios sounds scarier: A bad guy manages to compromise an employee’s email account. A bad guy manages to compromise an employee’s Google Workspace account. If you’re a Google business, hopefully you picked the second option! While business email compromises are always bad, Google Workspace’s functionality as an online office suite and document…
-- READ MORE
3 Advanced Incident Response Tabletop Exercise Scenarios
23rd November 2021
Incident response tabletop exercises are a great way to safely practice your cybersecurity Incident Response plan before a real emergency strikes. Just prepare a few scenarios, and then have your team role play how they would use the plan to guide their response. The simple act of talking through a few incident response tabletop exercise…
-- READ MORE
