What Assumptions Are You Making?

  If my security agents were not working correctly, then I would get an alert. Since no one said there is a problem with my security agents, then everything must be ok with them. These are just a couple of the assumptions that we make as cybersecurity practitioners each day about the security agents that […]

Resolve to Be More Involved In Your Local Community – REVISITED

It has been five years since I published my first Diary at the SANS Internet Storm Center on the topic of getting more involved in your local community. Now that January is almost over and those new year resolutions you made last month may or may not still be in place, I want to give you […]

Creative Hiring From Non-Traditional Places

The lead story in the SANS NewsBites from today was “White House/DHS Announce New Cyber Skills Pipeline Initiative.” The two statements below caught my attention. 1 – “The Federal Government struggles to recruit and retain cybersecurity professionals due to a shortage of talent along with growing demand for these employees across the public and private sectors.” 2 – “As […]

Version 7 of the CIS Controls Released

I recently posted the below on the SANS Internet Storm Center. The CIS Controls serve as a “prioritized set of actions to protect your organization and data from known cyber attack vectors.”. Embraced by several organizations as outlined in the Case Studies section, significant improvements to their cyber security programs are listed and can serve as an inspiration to consider this […]

CIS Controls Version 7

I recently posted the below on the SANS Internet Storm Center. The Center for Internet Security (CIS) has been working diligently to update the CIS Controls (formerly known as the Critical Security Controls). A compelling feature of the CIS Controls is their regular updates that reflect the current cyber threats that face organizations, both small and large. The CIS Controls are the product of a […]

CIS Controls Implementation Guide for Small-and Medium-Sized Enterprises

I recently posted the below on the SANS Internet Storm Center. Recently the Center for Internet Security (CIS) released the CIS Controls Implementation Guide for Small-and Medium-Sized Enterprises (SMEs). The Implementation Guide is directly mapped to the CIS Critical Security Controls and is focused on actionable steps that can be taken right now to assess and improve the cyber […]