How to get a SOC 2 certification: A comprehensive guide.
6th April 2022
Your growing company is hitting a sales plateau – it’s becoming difficult to close deals with security-conscious customers. Your sales and technical teams are getting bogged down with cybersecurity questionnaires and questions about a “SOC 2.” You need to know how to get a SOC 2 certification so you can remove this roadblock your company…
-- READ MORE
I have “Zero Trust” in VPNs.
24th March 2022
You should probably have zero trust in your VPN service: You’re enjoying a quiet Friday afternoon in your office when you receive a stomach-dropping alert from one of your systems. A co-worker of yours, Jane, has exfiltrated thousands of your customer records from the company database. A distraught Jane is questioned by human resources, she…
-- READ MORE
Don’t be an Attacker’s First Option
17th March 2022
Longtime readers of this blog (thank you!) know that for the past several years, I have been coaching the basketball teams of both of my children. When the kids were really little, it was mostly about teaching fundamentals and getting them comfortable with the rules of the game. However, now that my son is playing…
-- READ MORE
Gmail vs Outlook for Business Email Security
10th March 2022
We recently had this exchange regarding email security with a client: Client (Microsoft user): We got acquired and now our parent company wants us to move from Microsoft Office 365 to Google Workspace. vCISO and me: Oof, that sounds like a lot of work! But frankly, we’re a little relieved to hear that. Why would…
-- READ MORE
Are you tracking root logins in AWS?
3rd March 2022
The root account in AWS is the master key to all of your organization’s cloud-hosted systems, activities, and services. If an attacker gets in: game over. It must be well-protected. A properly configured AWS setup will require very infrequent root logins. Most responsibilities should be doled out to other users with fewer permissions. The root…
-- READ MORE
E-commerce Fraud and how your Business can Avoid it
24th February 2022
Last week, your business’s e-commerce sales were much higher than forecasted and it seemed that orders would continue to fly in – that is until you received a notification from customer support informing you that there’s been an influx of customer complaints and credit card chargebacks. What could have gone wrong? Was there an issue…
-- READ MORE
The Asset of Asset Management
17th February 2022
Can you guess what is the most feared day in the Black Family household? If you said, “Any day in which Rob needs to shovel two feet of snow,” we are going to give you partial credit. But no, it’s actually … “library book due day!” We visit our local library frequently. Most times, my…
-- READ MORE
Doing the Legwork Once, for Everyone; Laika’s Vendor Database
10th February 2022
Disclosure: After we published the Comparison of SOC 2 Compliance Software Vendors white paper, Laika approached us and asked if we’d like to collaborate with them on content creation. They gave us a demo of their program. While we did not discover them in-time for last year’s white paper, we are considering including them in…
-- READ MORE
Security’s Chicken and Egg: Operationalizing the Security Maturity Model
3rd February 2022
It’s a classic case of the chicken and the egg: How do I justify the cost of security tooling when I don’t have a security program? How do I measure my security program if I don’t have security tooling? The Organizational Security Maturity Model (OSMM) was exactly what I needed to communicate information security to…
-- READ MORE
