It was a great honor to be asked to keynote Bloomcon this morning! Wish I could have been there in person. Despite the issues we had getting sound to work with Zoom, I ended my presentation on time. I’ll have to go in person next year!Link to my slides: https://johndjohnson.com/…/BloomCon.2022.JJOHNSON…

I was fortunate to be on a panel to discuss the Software Supply Chain with Richard Rushing, Bryan Hurd and Richard Greenberg (moderator) for the ISSA Los Angeles chapter on Wednesday (1/19/21). Click here to view the recording, https://www.youtube.com/watch?v=y3wqCc34tME.

Supply chain security can refer to suppliers who provide services, staffing, support, or who develop software/hardware. The supply chain is varied and different across industry segments and organizations. If you consider the development of applications or electronics, there may be a long list of companies who contribute to the final product. The longer the supply chain and the less visibility you have into (or ability to assess) each supplier, the higher the overall complexity and resulting risk to your organization.

Let’s consider the software that we use in our own organizations. There is a lot of it. Do you have a complete inventory of the software you have running on your endpoints, or supporting business processes? Having a granular software inventory and an approved enterprise application catalog is a starting point. The granular information you need includes: “Who owns and makes decisions about the application?” “Who supports and patches it?” “Who budgets for and pays for licenses?” “What is the application architecture and how does it communicate?” Having a central trusted software inventory (this may differ between desktops and servers) is a starting point. Read More

How can programs aimed at K-12 students encourage more kids to consider cybersecurity as a career? Watch the webinar recording now!

This interactive webinar is designed for educators and professionals who want to learn from cybersecurity professionals who have developed engaging STEM events to get kids excited about cybersecurity as a possible career. The panelists will share examples of successful events and activities that they have led with K-12 students for over a decade, many of which you can duplicate in your own community. Read More

Almost three-quarters of companies (74%) expect at least 5% or more of their former on-site employees to work from home on a permanent basis, while nearly a quarter of firms are planning to keep at least 20% of their workers out of the office post-pandemic, according to a survey of chief financial officers by market research firm Gartner.

Armis has published a list of MITRE ATT&CK techniques to aid security practitioners in assessing the strength of their cyber defenses and improve their ability to protect industrial control systems (ICS). #ICS #industrialcybersecurity #OT 

Here are links to the 4 parts in the series. Read More

Armis announced the discovery of five critical, zero-day vulnerabilities in various implementations of the Cisco Discovery Protocol (CDP) that can allow remote attackers to completely take over devices without any user interaction. The vulnerabilities, dubbed CDPwn, affect a wide variety of Cisco equipment. Read More