The latest version of the NIST Cybersecurity Framework was created in April of 2018.  It is comprised of 108 requirements, and one notable addition are 5 requirements to evaluate Technology Supply Chain Risk.  For many organizations, especially those in the...

The past 5 years or so have brought many Managed Security Services Provider (MSSP) offerings into the market place.  This is for a variety of reasons, the most significant is that a managed service brings in Monthly Recurring Revenue (MRR) which allows the...

There is a common phrase that is used that attempts to get “Everyone on Board”.  It goes something like this: “Something” is Everyone’s Job.  It might be safety, customer service, strategy, and more recently: Cybersecurity.  Cybersecurity is NOT Everyone’s Job....

I have been to many corners of the IT Security world.  Operations, Audit, Penetration Tester, Risk, Enterprise, SMB, Federal.  You name it, and I have fortunately had the opportunity to be a part of it.  I am certainly not the authority in any or all of them, but it...

Over the past thirty years or so of the modern era of IT Security, now called Cybersecurity by most, many things have changed. Networks have gotten faster, applications are deployed in a multitude of ways, and the computing model itself has changed from centralized to...