Category: Blog

April 6th, 2017 by John

https://www.linkedin.com/pulse/cybersecurity-workforce-framework-nist-sp-800-181-robert-deakin

Posted in Blog

April 4th, 2017 by John

In the ongoing saga of FTC chicanery in the LabMD case… In case you are not up to speed, LabMD was investigated and charged by the FTC for lax security and exposure of patient data in 2009, and in subsequent hearings it became evident that the FTC was on a fishing expedition, paying infosec contractor Tiversa to “manufacture” evidence of malfeasance when there was no proof the data had been stolen or that any harm had subsequently come to patients of the small cancer detection lab. Read More

Posted in Blog, Infosec, Law and Regulations

April 4th, 2017 by John

I recently wrote a blog article for Ingegy on the topic of IIoT security. Check it out!

Posted in Blog, Infosec, IoT

April 3rd, 2017 by John

I do believe there are more attackers with skills to pull off a medium difficulty attack or script up malware and attack tools. Also, there are also many more who wish to make money in the cybercrime arena and don’t have any real ability. However, the fact that attack tools and Rent-a-Bot on the Dark Web are showing up sooner after their initial use (more sophisticated code) and the price is cheaper, means that the pervasiveness of attacks is on a rapid rise. The barrier of entry for new or novice attackers is lowered. Add to all this the new trend of leveraging IoT and distributed attacks, and you have a scary Internet. It will get worse before it gets better. http://www.cxotoday.com/story/distributed-cybercrime-is-making-attackers-multi-millionaires Read More

Posted in Blog, Infosec

February 15th, 2017 by John

My full 2017 SC Awards introductory comments.

February 14, 2017

To quote Dickens, “It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness.” This adage rings true for our field of Cybersecurity. Never has it been more exciting or more difficult to be a cybersecurity professional. The pace of change is rapid, and we must always be learning and adapting as we compete in an asymmetrical war against our adversaries.  

In 2016, we saw the upward trend continue, in the number and veracity of threats we face. No sector was untouched and breaches continued to get bigger. We have gotten the attention of our boards, and just when we think the public might be numb to reports of credit card breaches, the news is filled with stories of IoT attacks against baby monitors and pacemakers, attacks against power plants and critical infrastructure, and even attacks aimed at national elections. Read More

Posted in Blog

September 11th, 2015 by John

Posted in Blog