by Roy Davis | May 31, 2021 | Documentation, Security Management |
I've always enjoyed what CIS has to offer. I have previously written about the Top 20 Controls, as well as the MS-ISAC program. Good stuff. Now, it's time for a CIS Controls update! Some of my favorite changes include consolidation and reorganization of controls,...
by Roy Davis | Oct 17, 2019 | Business, Security Awareness, Security Management |
Hacker and malware attacks have become more sophisticated, targeting entire businesses as a whole. Therefore you need to put in more effort than updating appliances and installing security software. If you are a small mom and pop shop, you may not be as worried about...
by Roy Davis | Jun 4, 2019 | Security Management |
If you spend any amount of time with technology or security, from the enthusiast level to the enterprise level, you will come across benchmarks and best practices. Not only is it good to know things are working as intended, it's also a good idea to compare your...
by Roy Davis | Mar 15, 2019 | Security Management |
One of my favorite things to do so far this year was to benchmark some security software and test how they integrate with real environments. The security software of choice this go around and the mode of testing is the next gen AV proof of concept. NGAVs are...
by Roy Davis | Jan 27, 2019 | Security Management |
You might be hearing the buzz of the NIST Cybersecurity Framework (CSF). What started as a popular framework to help track and secure critical infrastructure in 2014 is now becoming widely adopted by all types of organizations. There are plenty of predictive...
by Roy Davis | Dec 9, 2018 | Security Management |
If you work in an eligible organization, you may have heard about the Multi-State Information Sharing and Analysis Center (MS-ISAC) and wondered if you should enroll your organization. Is it worth it to sign up to be an MS-ISAC member? The short answer is – Yes,...
by Roy Davis | Sep 10, 2018 | Security Management |
With my upcoming CompTIA Cybersecurity Analyst certification exam and a few fun upcoming projects, I thought it would be good to go over a few things I learned about starting a new vulnerability management program. Update: I passed the CompTIA CySA+ no problem 🙂...
by Roy Davis | Oct 13, 2017 | Security Management |
I received notice from a cloud service provider I use about how they were prepared for the potential effects of hurricane Irma. This is a great business continuity example. The location of the server I use is in Atlanta. Atlanta Severe Weather Notice 2017-09-08...
by Roy Davis | Sep 7, 2017 | Security Management |
The Internet is a huge, open (usually) collection of data that can be an extremely valuable tool for analysts, investigators, and researchers. Understanding the basics of internet investigations can take you very far in helping you answer questions and solve problems....
by Roy Davis | Jul 21, 2017 | Security Management |
You can't read about cybersecurity without coming across an article with the author singing the praises of a SIEM or Security Information and Event Management setup. A SIEM is certainly a worthy tool in your cybersecurity arsenal but before you jump into one, you...
by Roy Davis | Oct 22, 2016 | Security Management |
The United States National Institute for Standards and Technology (NIST) 800-63(b) publication was updated to reveal a very important change. One of the more fascinating examples is not relying on complex passwords. This has been an interested read. I highly recommend...
by Roy Davis | May 18, 2016 | Security Management |
Security isn't just a tech issue. If you go into thinking your gear is your security program, you're leaving yourself open to hurt. Tech toys can't solve all security problems. A lot of the obvious problems can be mitigated with simple configurations and preventative...
Hi, I'm Roy, I created Best of Roy in college to blog about my interests and fun stuff on the Internet. From there, Best of Roy turned into a portfolio site and eventually turned into the collection of professional and enthusiast interests you see now. I'm originally an IT person by trade, but transitioned to Cyber Security in 2014. Stick around to see some helpful solutions for up and coming pros, all the way up to enterprise level solutions.