“Hacked Again” Author Scott Schober on Small Business Data Security, Part I


Scott Schober wears many hats. He’s an inventor, software engineer, and runs his own wireless security company. He’s also written Hacked Again, which tells about his long running battle against cyber thieves. Scott has appeared on Bloomberg TV, Good Morning America, CNBC, and CNN. In the first part of our interview, Scott tells us about […]

Continue Reading →

Making Security Great Again


Since October was Cyber Security Awareness month, we decided to look at what’s holding back our efforts to make security—to coin a phrase—“great again”. In this episode of the Inside Out Security Show panel – Kilian Englert, Kris Keyser, and Mike Buckbee – shared their thoughts on insider threats as discussed on a recent Charlie […]

Continue Reading →

Definitive Guide to DNS TTL Settings


DNS is a foundational piece of technology. Nearly every higher level network request, all internet traffic, web searches, email, etc. rely on the ability to resolve DNS lookups (translate names like some.domain.org to IP Addresses or other domains). We wanted to write about Time To Live (TTL) as most Sysadmins don’t interact with DNS configurations […]

Continue Reading →

Overheard: “IT security has nothing to learn from the Mirai attack”


After my post last week on the great Mirai Internet takedown of 2016, I received some email in response. One of the themes in the feedback was, roughly, that ‘Mirai really doesn’t have anything to do with those of us in enterprise IT security’. Most large companies probably don’t have hackable consumer-grade CCTV cameras or […]

Continue Reading →

Data Privacy Attorney Sheila FitzPatrick on GDPR


We had a unique opportunity in talking with data privacy attorney Sheila FitzPatrick. She lives and breathes data security and is a recognized expert on EU and other international data protection laws. FitzPatrick has direct experience in representing companies in front of EU data protection authorities (DPAs). She also sits on various governmental data privacy […]

Continue Reading →

The Mirai Botnet Attack and Revenge of the Internet of Things


Once upon a time in early 2016, we were talking with pen tester Ken Munro about the security of IoT gadgetry — everything from wireless doorbells to coffee makers and other household appliances. I remember his answer when I asked about basic security in these devices. His reply: “You’re making a big step there, which […]

Continue Reading →

When Security Is Low, How Do We Go High?

Processed with MOLDIV

Our inspiration for this week’s show was Michelle Obama’s popular catchphrase, “When they go low, you go high.” Don’t worry, our next episode will also have a fun Republican catchphrase. In this episode, the Inside Out Security Show panel – Kilian Englert, Kris Keyser, and Forrest Temple – discussed how low the security of our favorite […]

Continue Reading →

The Difference Between Share and NTFS Permissions


Last week when I wrote about managing privileged accounts, I knew I had to write about share and NTFS permissions. Understanding the difference is critical to sharing local resources with others on the network.  They function completely separate from each other but serve the same purpose – preventing unauthorized access. Share When you share a […]

Continue Reading →

SQL Server Best Practices, Part II: Virtualized Environments


This is a multi-part series on SQL Server best practices. Read part I here. It is 2016 and some people still think SQL Server cannot be run on a virtual machine. SQL Server can successfully run in a VM but SQL is resource-intensive by nature and so if you are going to virtualize SQL then […]

Continue Reading →

VIP Data Security Lessons From the Hack of Colin Powell’s Personal Email Account


Are C-levels, high-government officials, and other power elite really all that different than the rest of us? We now know after email hacks involving former Secretary of State Colin Powell’s Gmail account, former CIA director John Brennan’s AOL account, and the Gmail account of John Podesta, a top advisor to the Democrats, that they are, but not for the […]

Continue Reading →

How to Manage Your Privileged Accounts and Protect Your Crown Jewels


When a breach happens, the first question people ask is, “What did the company do wrong?” The short answer is: it depends. However, we do know one mistake many companies unknowingly make is allowing regular users access to the local administrator account. And hackers take advantage of that. “Hackers are trying to get in, and […]

Continue Reading →