What’s a Virtual CISO?
SOC 2 Compliance
vCISO for SOC 2 Case Study
ISO 27001 Compliance
Cybersecurity Risk Assessments
Code of Ethics
Sitemap – Virtual CISO
Complementary RIA Cybersecurity Risk Worksheet
Cybersecurity Risk Assessment – A Better Way
Interim / Part-time CISO
QuantiShield – The Quantitative Cybersecurity Risk Assessment
Quantitative Cybersecurity Risk Assessment
Registered Investment Advisor (RIA) Cyber Security Assessment
Code of Ethics
Digital Identity: Not a Conspiracy Theory
Don’t trust that flash drive! Cybersecurity risks of removable media.
3 takeaways from the FTC’s action against Chegg for lax cybersecurity.
SOC 2 incident response: what’s required for compliance?
Three things to know about the new ISO 27001:2022 standard.
Cybersecurity risk assessments: your risk treatment map.
Modernize your Cybersecurity Measurements
Do you need a CISO? Maybe. You at least need a security owner.
Don’t lose a princely sum when your founder exits the stage.
The Apple MDM market leaves a lot to be desired.
Cybersecurity is a team sport, so who are the players?
Open Source Dependencies: Built Like a House of Cards
Fractional CISO’s Security Scoring Tool
Cybersecurity Game Theory in Incident Response
Communication, not computers, is the key cybersecurity leadership skill.
Nudge your way to better Cybersecurity
The Makeup of a Great SOC 2 Risk Assessment
Browser password managers – flawed security, by design!
Congrats to Kulsoom Matin! 2022 vCISO Cybersecurity Scholarship Winner
Don’t Flip-Flop on Defense-in-Depth!
Applying Mazda’s “Gram Strategy” to Cybersecurity and Risk Management
Guide to the SOC 2 Security Trust Services Criteria
The Purses and Flagpoles of Security Policies
Do you need to babysit your vendors?
How to manage open source code in your product.
Software engineering isn’t for everyone – how I started a career in cyber.
Guide to SOC 2 compliance documentation
Don’t press that panic button!
Your cyber insurance probably isn’t good enough.
When your Business Continuity/Disaster Recovery Plan is a Disaster…
How to start a career in cybersecurity, according to a hiring manager.
Patching Keeps the Lights On (Except when it Doesn’t)
How to get a SOC 2 certification: A comprehensive guide.
How to read a SOC 2 Report
I have “Zero Trust” in VPNs.
Don’t be an Attacker’s First Option
Gmail vs Outlook for Business Email Security
Are you tracking root logins in AWS?
E-commerce Fraud and how your Business can Avoid it
The Asset of Asset Management
Doing the Legwork Once, for Everyone; Laika’s Vendor Database
Security’s Chicken and Egg: Operationalizing the Security Maturity Model
Software Composition Analysis: Use it to Clean Out Your Old Code!
How Resilient is Your Business?
B2B Customers want cybersecurity compliance: MASV’s TPN Story.
54 months in: what I’ve learned starting a cybersecurity company.
Top Fractional CISO Blogs of 2021
What does a bad auditor mean for your business?
One Size Fits Nobody
Serious vulnerability: Log4J
What are the best Google Workspace security settings?
3 Advanced Incident Response Tabletop Exercise Scenarios
What Your MSP Doesn’t Know, Can Hurt You
AWS CISO Stephen Schmidt and his “Cybersecurity Airbag” defense tools.
Why you should use a Cloud Backup Service.
Communicate Better with the Organizational Security Maturity Model
Don’t Mess with your DNS!
How to create an AWS Sandbox for your business.
How SOC as a Service can help Sarah in Operations
4 new and devious phishing techniques with example phishing emails.
Vendor risk management programs: a simple and practical approach.
Plan now for a cyber attack… on your vendors!
ByteChek: Can you get SOC 2 software and an audit under one roof?
Multi-Factor Authentication: Everything you Need to Know
The Secret Web Browser Monopoly
Cyber insurance: why are so many companies suddenly uninsurable?
How does SOC 2 software like Tugboat Logic help you build a compliance program?
From Dirty Laundry to Cleaning up Your Security Program: How I became a vCISO
Congrats to Alexia Antoine! 2021 vCISO Cybersecurity Scholarship Recipient
Allowlist and blocklist are better terms for everyone, let’s use them.
Are You Taking on More Risk Than Necessary?
Microsoft Office 365 email security defaults are bad, so fix them!
All Businesses Need DDoS Protection
Fractional CISO releases SOC 2 Software Vendors White Paper
Cybersecurity Programs Take Time
Privacy Shield is Dead, Long Live Privacy Shield!
Browser Extension Security – What browser does it best?
A 3-Point Ransomware Defense Strategy for Small to Midsize Businesses
Incident Response: Putting the Puzzle Pieces Together
SOC 2 Type 1 vs Type 2: Get a Type 2!
SOC 2 vs ISO 27001
Prevent Email Spoofing with EmailSpoofTest
SOC 2 Trust Services Criteria: An Easy Guide
Is Your Cyber Insurance Broken?
Can you teach employees how to phish to help them avoid phishing?
Public WiFi: A double espresso for you and passwords for the bad guys.
Splitting Hairs on Split Tunneling
Slack Shared Channel Metadata Exposure
Security and Compliance – Cousins, Not Twins
Hourly Billing Will Undermine Your Cybersecurity Program
Do you have A+ or F- website security? Find out with Mozilla Observatory!
The Groundbreaking 2015 Jeep Hack Changed Automotive Cybersecurity
A Surefire Way to Undermine your Cybersecurity Program
How to Protect Grandma’s inbox with Canarytokens
Be Like Netflix, not Reddit: SaaS Disaster Response
The Secret Ingredient to a Successful Cybersecurity Program!
Human Root of Trust
Multi-Factor Authentication: One Security Control you can’t go Without!
Top Fractional CISO Blogs of 2020
Should you hide your Wi-Fi SSID?
Three Lessons from The Ticketmaster Breach
Why you should NOT be using xfinitywifi hotspots.
SOC 2 Compliance is Cybersecurity Customized, not Prescribed.
Free Cybersecurity Training: Good, but not Great.
Three Keys to a Great Internal Audit
Password Hints: Could your ex guess your password?
Announcing the First vCISO Cybersecurity Scholarship Winner!
How to be a CSA STAR
When SIMPLE Simply Isn’t
My Fintech Cybersecurity Journey – Out of the Bubble
Elon Musk: Cybersecurity’s Iron Man
Pro Tip: Google Vault
Three Lessons From the Garmin Ransomware
COVID and Cyber Hygiene: Not That Different
How Do You Pronounce CISO?
Fintech Virtual CISO Case Study
WhatsApp vs Signal vs Telegram Security in 2020
Pro Tip: Exercise Caution with G Suite Marketplace Apps
Managing Supply Chain Havoc
How Secure Are Your Employees’ Home Networks?
Starting your cybersecurity program
How to set up Threat Intelligence via Slack for Free
How to Gamify Your Incident Response Planning (And Make It Fun)
Correct Horse Battery Staple Review – Password Advice
Pro Tip: Sending Secrets via Signal
Fast and Easy Video Conferencing Comes With a Price
G Suite Access Control Audit Tip
Are You Treating Your Cybersecurity Like a Rental Car?
Why the Corp.com Sale Matters to You
Every Company Needs a Jessica
Should I become a Virtual CISO? What I wish I had read 30 months ago
Just Okay Is Not Okay
Don’t Click That Link!
Disney+ Account Compromise
SSCP: Gliding into a New Security Career
Can You Hear Me Now?
3 Tips to Make Your Vulnerability Report Pop
Sales troubles? Call the cybersecurity specialist!
How many organizations have access to my email?
25 months in: What I’ve learned starting a cybersecurity company
How to find the Fractional CISO brochure
IoT Platforms: The Top Six
Fractional CISO in the news
Meraki Review: Is it the right Security Appliance for your organization?
Pen Test. Do I need one?
WiFi Pineapple: Can Still Compromise Your Network in 2019
Cybersecurity Breach Bankruptcy: It Does Happen
Press Release: Fractional CISO Announces QuantiShield, the Quantitative Cybersecurity Risk Assessment
NIST Cybersecurity Resources During the Shutdown
Top Fractional CISO blogs of 2018
Cryptocurrency: Not Ready for Prime Time
SOC 2 Audit: How to Comply with the Tough New Changes
18 months in: What I’ve learned starting a cybersecurity company
Does your organization need a Password Manager?
Understanding IoT Identity
Four steps to securing your IoT Identity from ex-employees
Is your website about to go dark?
Typeform Data Breach: 100,000 Records and Counting
Cybersecurity Risk Assessment – A Better Way
IoT cybersecurity standards
Do I need a CISO? A guide for NY Financial Advisors
NY Cybersecurity Regs: Four Things Every New York State Financial Institution MUST DO!
Why Fractional CISO: How medium-sized businesses can improve their cybersecurity posture
What large RIAs need to do to comply with NY State DFS cybersecurity regulations in 2017
What small RIAs need to do to comply with NY DFS cybersecurity regulations
Announcing RIA Cybersecurity Risk Worksheet
Mothers, don’t let your babies grow up to use the ‘admin’ username
Why a virtual CISO for your medium-sized business makes sense
Password Advice – xkcd
Password advice from the wicked
Business Email Compromise
How to check if someone is really a CISSP
How Registered Investment Advisors can avoid the SEC’s cybersecurity wrath
Welcome to Fractional CISO!
Audit Letter for Compliance with EV Code Signing Guidelines
Boston area Part-time CISO
Boston area Temporary CISO
Boston Virtual CISO
CISO as a Service
Cyber Security Consultant
Cybersecurity Awareness Training
Cybersecurity for Advisors in New York State
Cybersecurity Marketing Manager
Fintech Virtual CISO
Fractional CISO Press Coverage
Information Security Consultant
IoT Security Guy
ISO 27001 Compliance
SOC 2 Compliance
vCISO Cybersecurity Scholarship
vCISO Cybersecurity Scholarship application form
Virtual CISO (vCISO) Case Study
New York State Cybersecurity for Advisors Brochure
IoT Security Assessment Brochure
Fintech Virtual CISO Case Study July 2020
© 2022 All rights reserved