Archive for

Cybersecurity – General

One Does Not Simply Hack APIs… Actually, One Probably Does

Posted: February 12, 2021

Geek Alert Before you read further into this first blog post of my two-part series, be warned that I am about to make analogies comparing Web API security to the epic fantasy trilogy The Lord of the Rings by J.R.R. Tolkien. Yes, I am unapologetically going full geek in this short series. One ...

Continue Reading

SolarWinds Sunburst

Posted: January 26, 2021

Background If you work in Information Security, Technology, or even if you are just a person who stays up to date with recent news headlines, you probably already know about the “Sunburst” hacking fiasco that came to light at the end of December 2020.  I use the term “fiasco” ...

Continue Reading

Implementing a Risk-Based Vulnerability Management Strategy

Posted: January 21, 2021

Effective cybersecurity is a continuous process. There is no such thing as absolute or perfect security—but even if you could achieve it, it would be fleeting. New vulnerabilities are discovered, and new exploits and attack techniques are developed every day. Just because you were secure ...

Continue Reading

Defining a Solid Vulnerability Management Strategy

Posted: January 8, 2021

There is no such thing as perfect code. Vulnerabilities are a fact of life. Applications contain mistakes, and flaws, and bugs—no matter how small—and attackers work around the clock to find exploits to take advantage of those flaws, gain access to your networks and applications, and compromise ...

Continue Reading

Finding the FireEye Breach IOCs with Data Analytics

Posted: December 16, 2020

The last thing we need to hear about is another big breach, but here we are.  Our friends at FireEye were attacked recently.  From what I have seen so far, it sounds like this was a nation-state level attack and all the attackers got for their effort was some tools.  If an organization is ...

Continue Reading

Data Protection Series Wrap-Up

Posted: December 9, 2020

Hello and welcome back to our Data Protection blog.  Thanks to the complexity of the topic, we’re adding a bonus fourth installment/wrap-up and really wanted to get it posted before everyone gets too wrapped-up in holiday shopping and gifts.  So, grab a nice mug of hot cocoa (hopefully with ...

Continue Reading

Graphing Modem Data for Fun: Part 6

Posted: December 2, 2020

I started the work on this series three months ago, which seems like both a very long time ago, and not very long ago at all.  This blog series started out with a very simple use case.  Can we use Grafana and InfluxDB to visualize metric data from an application? I was going to write a single ...

Continue Reading

Common Challenges of Data Protection Programs

Posted: November 21, 2020

Hello and welcome back to the third installment of our Data Protection blog series.  So far, in part one we took a high-level view of the topic, then in part two we dug into the five pillars of an effective program.  Now that we understand the topic and the pieces that make it up, it’s time to ...

Continue Reading

What Is Vulnerability Management?

Posted: November 16, 2020

Every application, every system, and—by extension—every organization has vulnerabilities. These flaws and weaknesses expose the organization to risk and can be exploited by attackers. Vulnerability scanning or assessment can identify issues, but you need a more comprehensive solution that ...

Continue Reading

Graphing Modem Data for Fun: Part 5

Posted: November 12, 2020

Hi there! Welcome to part 5 of the series where I explore my cable modem data with different data analytics platforms and see what happens.  In my previous posts I have built a dashboard for my cable modem data using tools that I was not familiar with.  This post is going to be different.  The ...

Continue Reading