CISO Global Blog

By Thomas Coffey, VP of Security at CISO Global Cybersecurity, DNS (Domain Name System), and your company are interconnected topics in the field of network security. Protecting a company’s cybersecurity, including its DNS infrastructure, is of utmost importance in today’s digital landscape. DNS is responsible for translating user-friendly domain names into machine-readable IP addresses, allowing […]

Read More →

Author: Baan Alsinawi, CISSP, CCSP, CISM, CGEIT, CASP+ ce, and Managing Director at CISO Global Validating the security of your organization’s sensitive information at a single point in time with an annual risk assessment can be helpful, but what about the other 364 days of the year? If you have a cloud application and hope […]

Read More →

Author: Samuel Lewis, Senior Security Consultant, CISO Global PREFACE: I want to make clear that I am not a legal professional and am not offering legal advice in this article. What I am giving you, here, are some high-level topics you should discuss with your organization’s inside or external counsel before you engage a new […]

Read More →

By Tom Cupples, Ed.D., CISSP, CGRC, PMP, CAICO-PI, CAICO-PA, CCP, CCA, Sec+, Net+, Security Controls Assessor & Senior Cybersecurity Trainer at CISO Global, Inc.  The Cybersecurity Maturity Model Certification (CMMC) 2.0 is a compliance requirement that all Department of Defense (DoD) Contractors (aka, the Defense Industrial Base) will soon have to meet. See my blog Why is […]

Read More →

By Joe Moser, PCI QSA, CISO Global, Inc. If your organization has complied with the PCI DSS (Payment Card Industry Data Security Standard) for any length of time, the most recent release (PCI 4.0) is probably not news to you. In fact, despite the new version PCI compliance may feel like business as usual for […]

Read More →

Author: Anonymous Hacker, as told to Lindsey Watts PREFACE:  In our last installment of this series, we were introduced to some dangerous characters one might encounter on darknets. This week, we will finish out that list, looking into both organized groups and individuals. Wrapping my head around why people do what they do, and how […]

Read More →

Author: Baan Alsinawi, CISSP, CCSP, CISM, CGEIT, CASP+ ce, and Managing Director at CISO Global You’re in your company’s go-to-market meeting. You’re excited about a new cloud application your team is developing. Your leaders are trying to understand the application’s market and ideal clients. Someone in the room suggests, “We should sell this to government […]

Read More →

Author: Randy Griffith, Senior Security Consultant, CISO Global Penn State University is in hot water again for legal and compliance violations. This time, the activities in question are related to the university’s claim to be compliant under NIST SP 800-171, as required by Executive Order 13556 (2019). As a contractor and partner of the U.S. […]

Read More →

Author: Samuel Lewis, Senior Security Consultant, CISO Global According to Gartner, cloud spending will reach $597.3 billion by the end of 2023. Whether it’s infrastructure as a service (IaaS), a software as a service cloud application (SaaS), or some other use for the cloud, organizations are finally adopting cloud use models that help increase scalability, […]

Read More →

Author: Samuel Lewis, Senior Security Consultant, CISO Global Over the past several years, an increasingly fluid work environment has followed trends of modern globalization in the workplace. Leveraging cloud solutions, many companies have let go of historical limitations imposed by on-premises and local solutions. The truth is, cloud outsourcing can be a game changer, as […]

Read More →

Author: Anonymous Hacker, as told to Lindsey Watts  Preface:  Thus far in our series, we’ve looked at what DarkNet types exist in addition to the dark web, communication methodologies on DarkNets, social-ethical questions raised by anonymous, and unregulated and un-censored communication platforms. Your interest might be piqued at this point but if not hold onto […]

Read More →

By Isaac Hur, Senior FedRAMP/ StateRAMP/ CMMC Practice Lead and Quality Assurance As a compliance auditor and practitioner in the FedRAMP space, I see a lot of mistakes cloud service providers (CSPs) make that cause them a tremendous amount of grief when seeking authorization. The process is painful enough on its own, but many of […]

Read More →

Author: Anonymous Hacker, as told to Lindsey Watts Preface: Without international laws in every country that are designed to protect individual data privacy as vehemently as does the General Data Protection Regulation (GDPR), many have turned to DarkNets and cryptocurrencies for their privacy protections – especially in the U.S. Is it surprising that the Washington […]

Read More →

Author: Baan Alsinawi, CISSP, CCSP, CISM, CGEIT, CASP+ ce, and Managing Director at CISO Global Cloud-based applications and services are booming in 2023, in both the public and private sector. One of the largest and most sought-after clients for any tech company is the U.S. government. In fact, the federal government is investing billions of […]

Read More →

Author: Anonymous Hacker, as told to Lindsey Watts Last week, we heard from an anonymous hacker about what the dark web is, what DarkNets are, and the various associated communication channels. You may have been surprised to learn that there is more than one place for dark marketplaces, and that one can’t just Google “How […]

Read More →

Author: Anonymous Hacker, as told to Lindsey Watts Preface In geopolitical – or even gang warfare, there are usually pretty clear sides. You have two opposing groups and their allies, a dispute, and skirmishes or battles. It’s Team A versus Team B. When it comes to cyber warfare, though, people don’t really have a “face” […]

Read More →

By Ryan Greyslak, Director of Secured Managed Services West, CISO Global, Inc. It’s late Friday evening and Tom (your average everyday employee) has worked diligently to meet project deadlines and follow up with customers before his much-anticipated weeklong vacation. Exhausted from burning the midnight oil and juggling multiple tasks, he’s eager to wrap up his […]

Read More →

Author: Anonymous Hacker Preface: This blog is authored by one of our industry peers who, due to the sensitive nature of their work and the wishes of their clients, prefers to be unnamed. The cybersecurity industry is a complex ecosystem made up of private practitioners, government agency experts, engineers, and hackers. All are working together […]

Read More →

By Brian Yelm, Managing Director of Secured Managed Services, CISO Global, Inc. With digital transformation having taken a front seat over the past 3 years due to a global shift in how people do business, cloud reliance and breaches have skyrocketed. According to G2, half of all organizations are currently cloud native or cloud enabled. […]

Read More →

By Jerald Dawkins, Ph.D., Chief Technology Officer, CISO Global, Inc. Introducing Argo Security Management: A CISO Global platform designed to make your life a little bit easier At CISO Global, we’ve been using a platform with clients for several years to help them manage their security programs. So, maybe “introducing” isn’t really the right word. […]

Read More →

By Thomas Coffey, VP of Security, CISO Global, Inc. A basic Google search for the term “cybersecurity” will turn up dozens of competing advertisements for companies promising to solve all your security woes and keep attackers at bay with their version of a “technology silver bullet” – the end all be all that you must, […]

Read More →

By Randy Griffith, Senior Security Consultant, CISO Global, Inc. Even before the fiasco at Silicon Valley Bank, financial institutions were under tremendous scrutiny from regulators. How could they not be? Banks are among the oldest known targets for theft, and in a digital age, the best way to extract money is going to be either […]

Read More →

By Chris Clements, VP of Solutions Consulting, CISO Global, Inc. ChatGPT has been taking the world by storm, but it’s bringing with it issues around cybersecurity, data protection, and data privacy. IT leaders and business leaders are looking to create policies that will help protect their people and corporate assets, but so few people really […]

Read More →

By: Tom Cupples, Ed.D., CISSP, CGRC, PMP, CAICO-PI, CAICO-PA, CCP, CCA, Sec+, Net+, Security Controls Assessor & Senior Cybersecurity Trainer at CISO Global, Inc. The Cybersecurity Maturity Model Certification (CMMC) has been around for a few years. And, in its short tenure, it has, itself, matured. The current version of the CMMC is 2.0, released […]

Read More →

By James Keiser, Director of Secured Managed Services Southeast, CISO Global, Inc. While a number of organizations have moved back to an in-person work model, some employees are pushing back and leaving for jobs that will allow them to work from home (WFH). Having become accustomed to the advantages of a WFH model, employees have […]

Read More →

By James Keiser, Director of Secured Managed Services Southeast, CISO Global, Inc. In the ongoing battle to protect corporate data, you can’t afford to miss a step. I’ve seen, first-hand, what can happen when organizations do miss steps. We are always happy to help them remediate going forward, but there’s a lingering wish that we’d […]

Read More →

By Chris Clements, Vice President of Solutions Architecture, CISO Global, Inc.  Over the last two years, digital transformation has accelerated at breakneck speed, opening new lines of business that meet user demand. Reality is, online banking, order-ahead meals, telehealth appointments, and online grocery shopping are no longer optional. Users expect these to be available 24/7, […]

Read More →

By Jerald Dawkins, PhD, Chief Technology Officer, CISO Global, Inc. Mature Cybersecurity Fuels Business Growth Being a cybersecurity practitioner 15-20 years ago sometimes made me the unpopular guy in the room. People are always excited about financial gain – opening new lines of business, developing creative and sustainable revenue streams – you know, the fun […]

Read More →

By Josh Bozarth, Practice Lead / Director, Readiness & Resiliency  The terms “readiness” and “resiliency” complement each other, but they’re different.  Readiness is preparedness   It’s about proactively determining what your security compliance program is ready for via:  Readiness is also:   Now, resiliency? That’s something else entirely.   Resiliency is restoration  It’s about getting your network back […]

Read More →

In last week’s discussion around readiness and resilience, I introduced the concept of what it means to have “threat-informed” cybersecurity. This week, I want to show you what that looks like in the real world – how it should drive you to challenge more assumptions, reduce your attack surface, and game out real-world scenarios. Threat-informed […]

Read More →

By Chris Clements, Vice President of Solutions Architecture, CISO Global, Inc.  Long popular in the military, “readiness and resiliency” is a staple of cybersecurity, too.   It makes sense.   Both institutions value (1) being alert to threats and risks while (2) recognizing that the types of threats and risks themselves are less important than the reaction […]

Read More →

By Ferdinand Mudjialim, Security Analyst, CISO Global, Inc. So, you (or your friendly neighborhood MSP) have just finished a vulnerability scan as part of a vulnerability management program and/or in preparation for penetration testing. But one ominous question looms: What next? Sorting through hundreds of thousands of vulnerability logs can be daunting, and determining which […]

Read More →

By Kerry McQuarrie, SOC Manager, CISO Global, Inc. A Domain Name System (DNS) is a protocol that translates human-readable domain names/URLs—like favoritewebsite.com—into IP addresses that computers can read—like 135.24.56.98. DNS servers handle tens of thousands of queries that transfer minute bits of data between devices, systems, and servers—which makes DNS an attractive and easily exploitable […]

Read More →

By Lindsey Watts, VP of Marketing, CISO Global, Inc. 2023 finds us in a sustained cybersecurity hiring crisis. With 3.4 million too few experts to meet global demand, it seems the widespread investments in university programs, increased certification access, and upskilling for existing IT professionals isn’t enough to bridge the gap. According to Cybersecurity Dive, […]

Read More →

By Jenna Waters, Senior Security Consultant, CISO Global, Inc. PCI 4.0 — the PCI Standards Security Council’s first update since 2018 to the PCI Data Security Standards (PCI DSS) — is a major iteration that shifts away from the traditional point-in-time assessment. Do you remember how an auditor would annually determine the PCI compliance status […]

Read More →

By Mike Pallagi, Senior Copywriter, CISO Global, Inc. CISO Global President and Chief Information Security Officer Ashley Devoto’s career stands as a powerful source of inspiration to women in tech and aspiring cyber leaders everywhere. In a 3,000-word cover story for the February 2023 issue of CIO Views Magazine, Ashley shares her thoughts on a […]

Read More →

By: Baan Alsinawi, Managing Director, CISO Global, Inc. Packed with input and feedback from over 200 leaders from across 10 industries, the recent EMA research report, “Using Compliance Budgets to Advance Security Priorities,” is loaded with valuable survey findings, fascinating responses, and surprising trends. In my new whitepaper, “Using Compliance Budget to Advance Security Priorities,” […]

Read More →

By: Tim Coleman, Director of Secured Managed Services, CISO Global, Inc. Access management in cybersecurity is in a transition phase.  With everyone working from home during the pandemic, we realized — as a digital society — that traditional username/password combinations protecting our systems were fraught with flaws that are now being regularly exploited by malicious […]

Read More →

By: Jess Dinsmore, SOC Director, CISO Global, Inc. Sitting in the back of the auditorium during a budget approval meeting for a church was, at best, an interesting situation.  Pages and pages of line items describing where the money was going to be allocated over the coming year was enthusiastically described by each of the […]

Read More →

By: Sami Elhini, Biometrics Expert, CISO Global, Inc. Try talking to a cybersecurity expert about a passwordless future without biometrics coming up. Not possible — and the reason couldn’t be simpler: Biometrics are the best forms of user authentication to come down the cybersecurity pike. So where are they at? Where are they headed? What […]

Read More →

By: Steven Anderson, Senior Security Consultant at CISO Global Cybercriminals Rely on Weak Passwords and Bad Password Management The challenge of creating the type of complicated passwords needed to keep sensitive data secure has been a defining feature of cybersecurity in recent decades. However, as daily — if not hourly — engagements with digital technology increase, […]

Read More →

By: Baan Alsinawi, Managing Director at CISO Global and the founder of TalaTek “The year 2023 will go down in history as marking the beginning of a profound shift in the philosophy underlying data privacy laws in the United States.” – Frederic. D Bellamy, Reuters Historically, the European Union has led the charge in data privacy, […]

Read More →

By: Ferdinand Mudjialim, Security Analyst at CISO Global What Is Empire? Empire is a post-exploitation tool similar to Metasploit that works well with PowerShell, though it also supports tools written in Python and C#. It is one of the more popular command and control (C2) frameworks today, as it allows you to easily run various scripts/modules in memory and establish stealthy persistent […]

Read More →

By: Brad MacKenzie, vCISO to Secured Managed Services at CISO Global In our last installment, Brad MacKenzie described three proactive measures organizations can implement to protect their environment from cyberattacks: analyzing their systems for indicators of compromise and cataloging all the legitimate software on their network, providing security awareness training to all staff, and creating […]

Read More →

By: Brad MacKenzie, vCISO to Secured Managed Services at CISO Global In Part III of this series, Brad MacKenzie describes two different network configurations and contrasts the disadvantages of the open network with the advantages of the compartmentalized network. He describes how the open network is an attacker’s paradise, whereas the compartmentalized network follows the […]

Read More →

By: Brad MacKenzie, vCISO to Secured Managed Services at Cerberus Sentinel In Part II of this series, Brad MacKenzie offers three more cybersecurity truths gained from his years of working with the Cerberus Incident Response team. MacKenzie advises organizations to follow these best practices so they can reduce the impact of a cyber attack and […]

Read More →

By: Brad MacKenzie, vCISO to Secured Managed Services at Cerberus Sentinel As we look back on Cybersecurity Awareness messaging over the last year, many of us who are seasoned practitioners are excited to see security becoming more top of mind for end users. That said, it seems that many best practices that are highlighted during […]

Read More →

With Insights from Cerberus CTO, Jerald Dawkins, Ph.D.  Trust No One? As a powerful tool to secure increasingly complex IT environments and reduce attack surfaces, Zero Trust, with its “never trust, always verify” model, has become top-of-mind for savvy organizations across industries. Zero Trust not only helps organizations respond to the changing landscape of cybersecurity culture but also has the […]

Read More →

By: Logan DeWitt, Manager, Security Operations Center (SOC) at Cerberus Sentinel Cybersecurity threats continue to evolve in sophistication and severity as the number of endpoints, such as desktop computers, laptops, and mobile devices, increase and digital and physical attack surfaces change. Hackers are often highly intelligent criminals capable of coordinating and launching attacks from anywhere in the world. These […]

Read More →