Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Running an Eco-friendly IT business

As someone in the technology field I follow the steady stream of new and exciting products and gadgets that come out at least twice a year. I am constantly upgrading my tech and my IT work tools in keeping with what is new. I need to have personal experience with the devices and equipment that clients hire me to manage, upgrade and repair for them in my IT Consulting practice. I often think about the effect that my constant upgrading has on the environment.

14 Cybersecurity Metrics + KPIs to Track

When it comes to protecting sensitive data, preventing data breaches and detecting cyber attacks, you need a way to track whether you're meeting your goals. Key performance indicators (KPIs) are an effective way to measure the success of your cybersecurity program and aid in decision-making. According to PwC, just 22 percent of Chief Executive Officers believe their risk exposure data is comprehensive enough to form decisions. A figure that - alarmingly - hasn't changed in 10 years.

Android Banking Trojans: History, Types, Modus Operandi

One sunny morning, my breakfast was interrupted by a phone call from a friend who is an entrepreneur engaged in the transportation of various goods. He said that $11,000 disappeared from his bank account during the night. The bank support service could not help. They advised my friend to report this incident to the police. The money transfers were made using the mobile application and confirmed via SMS. Everything looked like completely legal financial transactions.

Mac system extensions for threat detection: Part 2

In the previous post, we covered some of the frameworks accessible by kernel extensions that provide information about file system, process, and network events. These frameworks included the Mandatory Access Control Framework, the KAuth framework, and the IP/socket filter frameworks. In this post, we will go into the various tips and tricks that can be used in order to obtain even more information regarding system events.

The top 4 reasons to start monitoring third-party APIs

How resilient is your application? Maybe you've set up a suite of logging tools, an APM, and tests to handle all your own code. What happens when a third-party API goes down? What happens when it stays up, but slows down to the point that your dependent services start to fail? Finding a modern application that doesn't rely on third-party APIs is rare, particularly with the abundance of social login and sharing.

How to identify phishing emails and what to do

Phishing scams remain one of the most widespread cybercrimes. A phishing scam can be as simple as getting someone to click on a link, attachment, or a picture of cute kittens. I recently received a spam email with the message: “Old friends post embarrassing pictures of Jason Nelson online; click here to see.” Seeing my name in the body or subject line of an email is alarming. That is why scammers word these emails this way.

What are the CIS Controls for Effective Cyber Defense?

The CIS Critical Security Controls are a prioritized set of actions for cybersecurity that form a defense-in-depth set of specific and actionable best practices to mitigate the most common cyber attacks. A principle benefit of the CIS Controls are that they prioritize and focus on a small number of actions that greatly reduce cybersecurity risk.

Developing a Data Protection Compliance Program - Verizon's 9-5-4 Model

In a previous post, I wrote about my key take-aways from Verizon’s 2019 Payment Security Report. While it’s no surprise it was full of interesting and useful data, (Verizon’s yearly Data Breach Investigation Report (DBIR) has become required reading.) I was delighted to find an excellent guide on the the 9-5-4 model, a means by which an organization can measure and improve its data protection program. It also details ways in which a company can measure the maturity of the program.

Embracing offensive tooling: Building detections against Koadic using EQL

This year at BSidesDFW, my local security conference, I highlighted a continuing trend of adversaries using open source offensive tools. The talk reviewed one of these post-exploitation frameworks named Koadic and walked through different ways defenders can build behavioral detections through the use of Event Query Language (EQL).