Current Topics and Information

Focused on the ever-changing information security landscape

Sub-header Photo


The Key to a Strong IT Security Program

Over the years, I have worked in top positions in the security departments of several major enterprises, which has given me insight into what separates a really strong IT security organization from one that’s just average. I’ve learned that there are key characteristics that IT security managers should try to implement into their organization to build more successful security programs. [...] Read more

Read more

Your Network: An Asset or Liability?

The recent breaches at major retailers show that a network and Internet connectivity is not only an asset for an organization, but can also be a liability. To be more specific, a network that provides services to unauthorized parties is a liability to an organization. Continuing from my post from earlier this week, using a next generation firewall as a gateway between segments increases the visibility of network traffic patterns. [...] Read more

Read more

Next Generation Network Design

In my previous blog post, I discussed the basic level of network segmentation. While segmentation creates separate compartments between different areas of the business, as with the Titanic, it does not make it unsinkable. Diving deeper into the world of network segmentation, past virtual local area network (VLAN) segmentation, having compartments between different parts of the network is not enough. [...] Read more

Read more

A CISO Needs a Plan

I had the opportunity to talk with Tim Wilson on Dark Reading Radio recently. The topic we discussed is one that cannot be overemphasized these days given the number and magnitude of data breaches that have been disclosed in recent months: building security programs for large enterprises. [...] Read more

Read more

Endpoint Security: What Are the Options?

In today’s security world, organizations have countless options when it comes to choosing vendors and securing their data and network. Now break that down into each component of that security program, from firewalls to wireless, and there are more choices. However, what about endpoint security? [...] Read more

Read more

Segmentation, Segmentation, Segmentation!

When designing a network from a security perspective, segmentation is the name of the game. Segmentation is the process of dividing a network into sub networks, or just smaller portions of the network. The function, the risk appetite, data classification or security requirements, and any number of additional properties or combination of properties can define these segments. [...] Read more

Read more

Why Are Healthcare Breaches on the Rise? (Part 2)

In my last blog post, I discussed how the visibility of electronic healthcare records (EHR), and the lucrative financial gain attackers can realize by stealing those records, has led to an increase in healthcare breaches. In this post I will explain why securing the records can be challenging, and what needs to be done in the industry to protect patients’ information. [...] Read more

Read more

Crack Me If You Can - Hash Cracking Contest

The fifth annual Korelogic “Crack Me If You Can” contest took place this past weekend at the 22nd annual DEF CON. Crack Me If You Can (CMIYC) is an annual DEF CON contest that simulates real-world penetration testing scenarios where you might obtain large lists of hashed passwords from a client or clients. Password hashes [...] Read more

Read more
(146 Results)