by Roy Davis | Jun 4, 2019 | Security Management |
If you spend any amount of time with technology or security, from the enthusiast level to the enterprise level, you will come across benchmarks and best practices. Not only is it good to know things are working as intended, it's also a good idea to compare your...
by Roy Davis | Mar 15, 2019 | Security Management |
One of my favorite things to do so far this year was to benchmark some security software and test how they integrate with real environments. The security software of choice this go around and the mode of testing is the next gen AV proof of concept. NGAVs are...
by Roy Davis | Jan 27, 2019 | Security Management |
You might be hearing the buzz of the NIST Cybersecurity Framework (CSF). What started as a popular framework to help track and secure critical infrastructure in 2014 is now becoming widely adopted by all types of organizations. There are plenty of predictive...
by Roy Davis | Dec 9, 2018 | Security Management |
If you work in an eligible organization, you may have heard about the Multi-State Information Sharing and Analysis Center (MS-ISAC) and wondered if you should enroll your organization. Is it worth it to sign up to be an MS-ISAC member? The short answer is – Yes,...
by Roy Davis | Sep 10, 2018 | Security Management |
With my upcoming CompTIA Cybersecurity Analyst certification exam and a few fun upcoming projects, I thought it would be good to go over a few things I learned about starting a new vulnerability management program. Update: I passed the CompTIA CySA+ no problem 🙂...
by Roy Davis | Oct 13, 2017 | Security Management |
I received notice from a cloud service provider I use about how they were prepared for the potential effects of hurricane Irma. This is a great business continuity example. The location of the server I use is in Atlanta. Atlanta Severe Weather Notice 2017-09-08...
by Roy Davis | Sep 7, 2017 | Security Management |
The Internet is a huge, open (usually) collection of data that can be an extremely valuable tool for analysts, investigators, and researchers. Understanding the basics of internet investigations can take you very far in helping you answer questions and solve problems....
by Roy Davis | Jul 21, 2017 | Security Management |
You can't read about cybersecurity without coming across an article with the author singing the praises of a SIEM or Security Information and Event Management setup. A SIEM is certainly a worthy tool in your cybersecurity arsenal but before you jump into one, you...
by Roy Davis | Oct 22, 2016 | Security Management |
The United States National Institute for Standards and Technology (NIST) 800-63(b) publication was updated to reveal a very important change. One of the more fascinating examples is not relying on complex passwords. This has been an interested read. I highly recommend...
by Roy Davis | May 18, 2016 | Security Management |
Security isn't just a tech issue. If you go into thinking your gear is your security program, you're leaving yourself open to hurt. Tech toys can't solve all security problems. A lot of the obvious problems can be mitigated with simple configurations and preventative...
by Roy Davis | Feb 4, 2016 | Security Management |
There are probably a ton of cybersecurity implementation myths. Here's the big 4: 1 If we focus on security, we won’t be able to accomplish as much. Security doesn’t have to compromise productivity; it can be part of it. Think of vetting devices, solutions, or even...
by Roy Davis | Jan 14, 2016 | Security Management |
The Department of Homeland Security (DHS) defines cybersecurity insurance [1] as guaranteed coverage for a variety of cyber incidents. This topic can go pretty deep but this post will briefly cover cybersecurity insurance basics. The types of cyber incidents this...