Life of an IT Pro

control-room

Like many in IT, you can probably commiserate with this week’s Inside Out Security Show panel – Mike Buckbee and Alan Cizenski – on elaborating when someone asks you, “What Do You Do for a Living?” Whether you’re a programmer or a sysadmin, the scope of your role is often multi-faceted and complex. In this […]

Continue Reading →

Understanding SQL Injection, Identification and Prevention

database_8001

A Word of Caution When you think of a website getting hacked, you might picture someone in a hoodie in a high tech bunker (or their mom’s basement), wailing on a keyboard, controlling thousands of remote machines in coordinated attacks, while output that looks like http://hackertyper.com/ scrolls past in a blur. You probably aren’t thinking: […]

Continue Reading →

More Sheila FitzPatrick: Data Privacy and EU Law

sheila-fitzpatrick

In the next part of our discussion, data privacy attorney Sheila FitzPatrick gets into the weeds and talks to us about her work in setting up Binding Corporate Rules (BCRs) for multinational companies. These are actually the toughest rules of the road for data privacy and security. What are BCRs? They allow companies to internally […]

Continue Reading →

The Case for Giving IT a Raise

present

Earlier this month at the awesome O’Reilly Security Conference, I learned from world-leading security pros about the most serious threats facing IT. Hmm, sounds like that would make a great topic to discuss with the Inside Out Security Show panel – Kilian Englert, Kris Keyser, and Peter TerSteeg. Let’s go meta. According to expert Becky […]

Continue Reading →

“Hacked Again” Author Scott Schober on Small Business Data Security, Part II

scott-headshot

Scott Schober wears many hats. He’s an inventor, software engineer, and runs his own wireless security company. He’s also written Hacked Again, which tells about his long running battle against cyber thieves. Scott has appeared on Bloomberg TV, Good Morning America, CNBC, and CNN. We continue our discussion with Scott. In this segment, he talks […]

Continue Reading →

Three Cybersecurity Questions Your Board Should Be Asking

OLYMPUS DIGITAL CAMERA

It’s been widely reported that a data breach is expensive. How expensive? According to the latest Ponemon research report, the average cost of a data breach is now as high as $4 million. Despite this jaw-dropping number, not all boards, C-levels, and major shareholders are adequately responding to protect their financial interests. Obviously, they should […]

Continue Reading →

Pen Testing Active Directory Environments, Part I: Introduction to crackmapexec (and PowerView)

read-education-books-book

I was talking to a pen testing company recently at a data security conference to learn more about “day in the life” aspects of their trade. Their president told me that one of their initial obstacles in getting an engagement is fear from IT that the pen testers will bring down the system. As it […]

Continue Reading →

“Hacked Again” Author Scott Schober on Small Business Data Security, Part I

scott-headshot

Scott Schober wears many hats. He’s an inventor, software engineer, and runs his own wireless security company. He’s also written Hacked Again, which tells about his long running battle against cyber thieves. Scott has appeared on Bloomberg TV, Good Morning America, CNBC, and CNN. In the first part of our interview, Scott tells us about […]

Continue Reading →

Making Security Great Again

great-again

Since October was Cyber Security Awareness month, we decided to look at what’s holding back our efforts to make security—to coin a phrase—“great again”. In this episode of the Inside Out Security Show panel – Kilian Englert, Kris Keyser, and Mike Buckbee – shared their thoughts on insider threats as discussed on a recent Charlie […]

Continue Reading →

Definitive Guide to DNS TTL Settings

nslookup

DNS is a foundational piece of technology. Nearly every higher level network request, all internet traffic, web searches, email, etc. rely on the ability to resolve DNS lookups (translate names like some.domain.org to IP Addresses or other domains). We wanted to write about Time To Live (TTL) as most Sysadmins don’t interact with DNS configurations […]

Continue Reading →

Overheard: “IT security has nothing to learn from the Mirai attack”

leaky-faucet

After my post last week on the great Mirai Internet takedown of 2016, I received some email in response. One of the themes in the feedback was, roughly, that ‘Mirai really doesn’t have anything to do with those of us in enterprise IT security’. Most large companies probably don’t have hackable consumer-grade CCTV cameras or […]

Continue Reading →