Risk Assessment and Management

27th October 2022

Cybersecurity risk assessments: your risk treatment map.

Running a cybersecurity program without a cybersecurity risk assessment is like sailing a ship through rocky waters without a map or lighthouse. You are not likely to successfully navigate the perilous situation without knowing where the threats are! The cybersecurity risk assessment is like a map, personalized to your business, that identifies all of the…

29th September 2022

Don’t lose a princely sum when your founder exits the stage.

When your founder, or another key leader, leaves your company, will the show go on like Blue Man Group? Or will your organization suffer fallout like the Prince estate? Prince died tragically and unexpectedly in 2016. Despite his wealth and success, he didn’t have a will. At the time of his death, he had no…

8th September 2022

Open Source Dependencies: Built Like a House of Cards

The world of modern software is built like a house of cards. Software development in the modern age is heavily reliant on open source libraries and tooling. Open source code projects are often built upon layers of dependencies – a broad engineering term for the libraries or collections of code that a larger project reuses….

1st September 2022

Cybersecurity Game Theory in Incident Response

A panicked employee walks into your office and tells you that several of your systems have been locked up by ransomware. What happens next? What should you do? What will the attacker do? An example of this happened last year during the Kasaya attack. Malicious actors targeted the remote system management software Kasaya in hopes…

11th August 2022

The Makeup of a Great SOC 2 Risk Assessment

Not all risk assessments are created equal. Some are low and others are high. Yeah, that’s really helpful. Right? Risk assessments are so crucial to information security that the American Institute of Certified Public Accountants (AICPA) requires them from every single company seeking SOC 2 compliance. SOC 2 Risk Assessments fall primarily under the Security…

15th July 2021

Are You Taking on More Risk Than Necessary?

What a bakery stuck in the 1980s can tell us about approaching cybersecurity risk in the 2020s.

14th January 2021

Human Root of Trust

The Human Root of Trust is composed of the key pieces that allow someone to confidently identify a human on the Internet.

16th July 2020

COVID and Cyber Hygiene: Not That Different

“We are doing a good job with social distancing. We stay inside a bubble.” I’ve heard this kind of thing from many friends and neighbors recently regarding their COVID behavior. But I’m not exactly buying it. For many, the “bubble” — the small group of close friends and relatives we have each chosen to interact with freely…

21st May 2020

How Secure Are Your Employees’ Home Networks?

Everyone: “Rob, why don’t you deposit checks from your phone?” Me, Pre-Pandemic: “Use the app on my phone? Are you crazy? The bank is right around the corner. It’s so easy to deposit checks there. If my phone were stolen, the attacker would have a leg up on getting my banking information. I feel safer at the bank.”…

6th November 2019

3 Tips to Make Your Vulnerability Report Pop

Have you ever been the victim, I mean, read a vulnerability report? It looks like the world is about to end with all of the red tens and lots of numbers all over the place. Technical humans trying to make sense of the information mumble things like, “I guess we have to patch” or “um,…