CISO Global Blog

Subscribe to receive the latest cybersecurity news
from the CISO Blog

Are We Ready for a Future Without Passwords?

By: Steven Anderson, Senior Security Consultant at CISO Global Cybercriminals Rely on Weak Passwords and Bad Password Management The challenge of creating the type of complicated passwords needed to keep sensitive data secure has been a defining feature of cybersecurity in recent decades. However, as daily — if not hourly — engagements with digital technology increase, […]
Read More →
2023 Marks A Shift In U.S. Data Privacy Laws

By: Baan Alsinawi, Managing Director at CISO Global and the founder of TalaTek “The year 2023 will go down in history as marking the beginning of a profound shift in the philosophy underlying data privacy laws in the United States.” – Frederic. D Bellamy, Reuters Historically, the European Union has led the charge in data privacy, […]
Read More →
Empire: A Powerful Post-Exploitation Tool

By: Ferdinand Mudjialim, Security Analyst at CISO Global What Is Empire? Empire is a post-exploitation tool similar to Metasploit that works well with PowerShell, though it also supports tools written in Python and C#. It is one of the more popular command and control (C2) frameworks today, as it allows you to easily run various scripts/modules in memory and establish stealthy persistent […]
Read More →
10 Truths That Will Change How You View Cybersecurity: Part IV

By: Brad MacKenzie, vCISO to Secured Managed Services at CISO Global In our last installment, Brad MacKenzie described three proactive measures organizations can implement to protect their environment from cyberattacks: analyzing their systems for indicators of compromise and cataloging all the legitimate software on their network, providing security awareness training to all staff, and creating […]
Read More →
10 Truths That Will Change How You View Cybersecurity: Part III

By: Brad MacKenzie, vCISO to Secured Managed Services at CISO Global In Part III of this series, Brad MacKenzie describes two different network configurations and contrasts the disadvantages of the open network with the advantages of the compartmentalized network. He describes how the open network is an attacker’s paradise, whereas the compartmentalized network follows the […]
Read More →
10 Truths That Will Change How You View Cybersecurity: Part II

By: Brad MacKenzie, vCISO to Secured Managed Services at Cerberus Sentinel In Part II of this series, Brad MacKenzie offers three more cybersecurity truths gained from his years of working with the Cerberus Incident Response team. MacKenzie advises organizations to follow these best practices so they can reduce the impact of a cyber attack and […]
Read More →
10 Truths That Will Change How You View Cybersecurity: Part I

By: Brad MacKenzie, vCISO to Secured Managed Services at Cerberus Sentinel As we look back on Cybersecurity Awareness messaging over the last year, many of us who are seasoned practitioners are excited to see security becoming more top of mind for end users. That said, it seems that many best practices that are highlighted during […]
Read More →
Zero Trust: Strengthen Your Security Posture & Reduce Attack Surfaces

With Insights from Cerberus CTO, Jerald Dawkins, Ph.D. Trust No One? As a powerful tool to secure increasingly complex IT environments and reduce attack surfaces, Zero Trust, with its “never trust, always verify” model, has become top-of-mind for savvy organizations across industries. Zero Trust not only helps organizations respond to the changing landscape of cybersecurity culture but also has the […]
Read More →
8 Common Cybersecurity Threats and How to Prevent Them

By: Logan DeWitt, Manager, Security Operations Center (SOC) at Cerberus Sentinel Cybersecurity threats continue to evolve in sophistication and severity as the number of endpoints, such as desktop computers, laptops, and mobile devices, increase and digital and physical attack surfaces change. Hackers are often highly intelligent criminals capable of coordinating and launching attacks from anywhere in the world. These […]
Read More →
There’s Never Been a Better Time to Join the Cybersecurity Workforce

By: Darek Hahn, Client Experience Operations Director at Cerberus Sentinel The digital revolution has resulted in cybersecurity becoming one of the foremost concerns around the world, across companies and industries. Not surprising, the cybersecurity job market is growing exponentially: the number of unfilled cybersecurity jobs has increased from one million positions in 2013 to 3.5 million in 2021. Moreover, the Bureau of Labor Statistics projects hiring for information security professionals to grow 35% from 2021 to 2031. Closing The Cybersecurity Gap Over the […]
Read More →
Securing Healthcare: Cybersecurity for Medical Technology & Devices

By: Chris Clements, VP of Solutions Architecture at Cerberus Sentinel We’re All Connected (By Attack Surfaces) In the years following the widespread disruptions caused by the global COVID-19 pandemic, malware attacks and data breaches have grown across industries with over an 80% increase in cyber threats. Research shows that more than 1,2000 security leaders have found that 49% […]
Read More →
Security Awareness Training: One Part of an Effective Risk Management Program

Insights from Baan Alsinawi By: Hunter Barrat, Technical Writer and Editor at Cerberus Sentinel The Cybersecurity Awareness Month 2022 theme is “See yourself in cyber.” The goal is to ensure that everyone understands that they have a crucial role in protecting themselves and their workplaces by making smart cybersecurity decisions at work and home. Organizations […]
Read More →
Why Is CMMC a Big Deal?

By: Tom Cupples, Ed. D., CISSP, CAP, CMMC-PI, Security Controls Assessor & Senior Cybersecurity Trainer at Cerberus Sentinel The Cybersecurity Maturity Model Certification (CMMC) has been around for a few years. And, in its short tenure, it has, itself, matured. The current version of the CMMC is 2.0, released in November 2021. In the latest […]
Read More →
CMMC 2.0: Three Things You Need to Be Doing NOW

By: Johann Dettweiler, Director of Operations at Cerberus Sentinel The Cybersecurity Maturity Model Certification (CMMC) 2.0 is a compliance requirement that all Department of Defense (DoD) Contractors (aka, the Defense Industrial Base — the DIB) will soon have to meet. It is expected to be placed in DoD contracts, requests for proposals (RFPs), and requests for information […]
Read More →
How Pen Testing Can Help Maintain Industry Compliance

By: Rick Belisle, Managing Director at Cerberus Sentinel In 2021, damages attributed to cybercrime amounted to $16.4 billion a day, $684.9 million an hour, $11 million per minute, and $190,000 per second, according to Cybercrime Magazine. In the face of these alarming statistics, organizations are increasingly seeking ways to improve their security posture, turning to cybersecurity experts […]
Read More →
CISM and CISSP: Which is Best for You?

By: Jenna Waters, Senior Security Consultant at Cerberus Sentinel According to Fortinet’s recent report, 80% of organizations suffered one or more breaches that they could attribute to a lack of cybersecurity skills and/or awareness. Not only is the cybersecurity workforce gap an international crisis in the global economy, but also it’s a matter of national security and opportunity […]
Read More →
Target Practice: Walkthrough of the Mr. Robot Vulnhub Machine

By: Daniel Bennett, Security Analyst at Cerberus Sentinel Ethical Hacking Mr. Robot, a 2015 dramatic television series, is old news now, but to an aspiring hacker – or bored fan of reruns – it still holds relevance. When you want to learn to hack ethically, you need some dummy machines you can use for target practice. […]
Read More →
EMA Study Is Good News for Risk Management Initiatives

By: Baan Alsinawi, Managing Director at Cerberus Sentinel and the founder of TalaTek EMA Study – Risk Management Initiatives I recently finished reviewing the Cerberus-co-sponsored research study, Using Compliance Budget to Advance Security Priorities, from industry analyst firm Enterprise Management Associates (EMA) that included input and feedback from more than 200 tech and business leaders from across 10 industries. […]
Read More →
Increased Cybersecurity Attacks and New Predators

By: Kerry McQuarrie, Threat Hunting Specialist and Network Operations Center Manager, at Cerberus Sentinel An alarming number of data breaches are reported each year that are the direct result of sophisticated and coordinated cyberattacks. According to the CrowdStrike 2022 Global Threat Report, cybersecurity risk has been increasing in three distinct areas, (a) endpoints and cloud workloads, (b) […]
Read More →
Brute Forcing a Login Page with Burp Suite

By: Steven Anderson, Senior Security Consultant at Cerberus Sentinel What Tools Are Used in a Penetration Test? When we talk about penetration testing, or “pen testing”, what exactly do we mean? Penetration testing is an exercise that demonstrates risk, simulates a malicious attack, and gains an enhanced understanding of an IT environment. The test might include guessing […]
Read More →
Tips for an Effective Vulnerability Assessment

By: Ferdinand Mudjialim, Cerberus Sentinel So, you (or your friendly neighborhood MSP) have just finished a vulnerability scan as part of a vulnerability management program and/or in preparation for penetration testing. But one ominous question looms: What next? Sorting through hundreds of thousands of vulnerability logs can be daunting, and determining which ones are worth […]
Read More →
MSPs’ Need for Cyber Resilience and a Culture of Cybersecurity: An Interview with Jerald Dawkins, Ph.D.

Over the last few years, MSPs (Managed Service Providers) have become a major target for cyberattacks, running the gamut from distributed denial of service (DDoS), social engineering exploits, and ransomware threats to remote work vulnerabilities. Large, global corporations such as Deloitte, Accenture, and Atos have been infiltrated and exploited.
Read More →
How to Get the Best Value from Your SIEM

By: Scott Williamson, Vice President of Security Operations Center & Network Operations Center, Cerberus Sentinel What SIEM Is and Why You Need IT Security Information Event Management (SIEM) comprises a range of tools that combine security information management and security event management into a singular real-time monitoring. This allows analysis of any events occurring on […]
Read More →
Take a Cue from Healthcare With Cyber SOAP Note

By: Tim Coleman, Vice President of Secured Managed Services at Cerberus Security More Than Just a Test In the early 1970s, during the nascent stages of the internet, cybersecurity paralleled the rise of information technology as both a response to perceived security issues and as a concerted effort to better understand computer programming. In fact, […]
Read More →
Cerberus Spotlights: Darek Hahn, Chief of Staff

Spotlight: Darek Hahn, Chief of Staff at Cerberus Security Our new Employee Spotlight series invites you to get to know some of our Cerberus Sentinel family. Discover what our employees love about their jobs, the challenges they’ve faced at work, how they came to work with us here at Cerberus – and so much more! […]
Read More →
Black Box Penetration Test Advantages

By: Rick Belisle, Managing Director at Cerberus Security When it comes to penetration testing, you want to make sure you are selecting the right kind of test to meet your organization’s unique needs, but it can be easy to get lost in terminology. It’s important to understand the different types of security testing, how they […]
Read More →
What’s in a Name? The Origin of Cyber

By: Jerald Dawkins, PHD, Chief Technology Officer at Cerberus Security Cybersecurity veterans often cringe when they see the word “cyber” used outside of a compound word. Some have given up the fight, embracing this pop culture terminology where a prefix is used as an all-encompassing noun. It seems to be used in non-technical circles as […]
Read More →
Cybersecurity Checklist for Business Closures, Consolidations, and Acquisitions

By: Tim Marley, VP of Risk Advisory Services, Cerberus Security Industry wide disruptions caused by the Covid-19 pandemic continue to reshape the economic landscape, as the lingering effects of business closures, consolidations, and acquisitions have touched all aspects of modern life and business. Telework and work from home opportunities have accelerated since 2020, serving to not […]
Read More →
Unconscious Risk Sharing Consequences and Solutions

By: Chris Clements, VP of Solutions Architecture, Cerberus Security Breaches and ransomware happen, but until an attack detonates, all predictions about breach damage and fallout are educated conjecture. One can’t be completely certain of the consequences of an event until it plays out. During in-depth risk modeling, however, security teams identify their systems’ dependencies and […]
Read More →
Purple Team Exercises: What Are They, and Will They Improve Your Next Pen Test?

By: Michael Oglesby, Executive Vice President, Services and Innovation The past few years have experienced a turning point in cybersecurity with the onset of ubiquitous connectivity, digitalization, and unrelenting flow of data. Understanding terminologies in the ever-changing landscape of cybersecurity can be confusing. Even more challenging is keeping up with the way particular terms may be […]
Read More →
Connected-medical Devices and the Regulatory Landscape

By: Michael Oglesby, Executive Vice President, Services and Innovation Within the broad realm of the Internet of Things (IoT), connected devices, smart devices, or whatever name you wish to attribute to the increasingly popular trend of connecting consumer goods of all kinds to the Internet, a “Wild West” attitude holds sway. In the same way […]
Read More →
The Dangers of Limited Penetration Testing

By: Chris Clements, VP of Solutions Architecture, Cerberus Security What Does It Mean to Feel Safe & Secure? In your home, leaving the front door unlocked might be cause for concern depending on any number of factors. For most people, locking the front door represents an essential security measure for a specific kind of threat […]
Read More →
Endpoint Protection: It’s Not Just About Tools

By: Scott Williamson, VP of Information Services We’ve just lived through two of the most challenging years most of us can remember, working to keep businesses running through political upheaval, dramatic market shifts, near-biblical weather events and an on-again, off-again pandemic. Most sectors have been impacted, some heavily. Even if you’re fortunate enough to be […]
Read More →
How to Select the Right Monitoring Solution and Avoid Hidden Costs

By: Scott Williamson, VP of Information Services Monitoring your environment is a basic essential when it comes to developing a mature security program. That’s the case whether your objective is to comply with regulatory and other requirements, or simply to improve your overall security posture – and whether you’re starting from scratch or adding to […]
Read More →
SEC Proposes Cybersecurity Disclosures: What Your Business Needs to Know

April 21, 2022 By: Tim Marley, VP Audit, Risk & Compliance SEA Changes Enacted by Franklin D. Roosevelt’s administration, the SEA of 1934 granted the SEC broad authority to regulate all aspects of the securities industry. This Act closely followed the SEA of 1933, which was created and passed into law to protect investors after the disruptive […]
Read More →
Redefining A Holistic Approach to Cybersecurity

Our piecemeal approach to cybersecurity is broken, it is time for integration By: Dominic Schulte, VP Client Experience We are in the midst a computing revolution. More organizations than ever are taking the decision to migrate to the cloud or utilize a hybrid model. This migration was significantly expedited by the global pandemic, forcing individuals […]
Read More →
Protect Your Business: Understanding the True Cost of a Data Breach

By: Lou Morentín, VP of Compliance and Risk Management, Cerberus Sentinel (CISO) Is Your Business Under Siege? Increasingly, cybersecurity has become part of the national conversation, as it not only presents alarming risks to national security, it touches on nearly every aspect of modern life, from Wall Street to Main Street. On May 12, 2021, […]
Read More →
5 Ways to Create a Cybersecurity Culture in Your Organization

Every aspect of our modern digital environments are sustained by a vast network which seamlessly works to keep businesses in operation and data circulating throughout the business environments.
Read More →
CISA Issues Shields Up Warning to all U.S.-based Organizations as a Result of Ongoing Ukraine Conflict

By: David Jemmett, CEO, Cerberus Security Update 03/21/2022: The Biden-Harris Administration today is warning against potential Russian cyberattacks on the U.S. based on evolving intelligence. See this update from today’s briefing from The White House. It’s time to reevaluate the way we look at global conflicts such as the situation in Ukraine. CISA has issued a […]
Read More →
“Contact Us” for Ransomware

Cybercriminals are using web forms to spread ransomware, and here’s how you can protect yourself. By: Chris Clements, VP of Solutions Architecture, Cerberus Security Office Bulletproofing internal networks is a challenge requiring both cybersecurity expertise and a lot of IT elbow grease. There is no absolute protection in cybersecurity, and the cybercriminals only need to get […]
Read More →
Top 10 Considerations for Choosing a Penetration Testing Vendor

55% OF ALL SMALL AND MID-SIZED BUSINESSES HAVE SUFFERED A CYBERATTACK How secure is your network? When is the last time you tested your cybersecurity defenses? $38K is the average cost for a small business to overcome a data breach—why not take steps now to protect your systems, your employees, and your clients from a […]
Read More →
MCCP+

It is often said that madness is doing the same thing over and over and expecting different results. So why has the corporate world continued to work in the same way across IT, compliance, and security departments when all the evidence – spiraling costs, a skills shortage, the never-ending stream of data breaches – indicates that the current system of separating these three intrinsically intertwined disciplines is not working.
Read More →
Persistence of Phishing

By David Jemmett, founder and CEO, Cerberus Sentinel We’re all likely to have experienced some form of phishing in our lifetimes and are likely to experience it again in the future. Time and time again, cybercriminals are resorting to tried and true methods of phishing and business email compromise (BEC) for financial gain. An overwhelming […]
Read More →
Cerberus Sentinel Is Licensed & Accredited To Help With CMMC

Is your firm preparing for the upcoming Cybersecurity Maturity Model Certification (CMMC) requirements? If so, Cerberus Sentinel, through our compliance and training services division TalaTek is here to help you. Download our NIST800-171 gap analysis, advisory services and security boundary data sheets to learn more about how we can help. Click here to read more […]
Read More →
Curious About IoT Cybersecurity?

As the push for automation accelerates, manufacturers and cities are the top two early adopters of IoT technology. This opens the doors to new vulnerabilities, prime opportunities for hackers and criminals to subvert products, services, and systems we will soon come to rely on in our everyday life. Proper cybersecurity precautions are a must. Cerberus […]
Read More →
CISO – Only Company With FedRAMP Authorized GRC Service

CISO – Only Company With FedRAMP Authorized GRC Service… Cerberus Sentinel’s compliance services division, TalaTek, has recently launched their own GRC offering called ‘TalaTek intelligent Governance and Risk Integrated Solution’ (TiGRIS). This managed service is the only FedRAMP-Authorized GRC service and it’s available now on @awsmarketplace. Subscribe here: https://go.aws/2LuTXBH CISO – Only Company With FedRAMP […]
Read More →
The Need for Compliance in a Post-COVID-19 World

With the current upheaval, business leaders may lose focus and push off implementing security measures, managing risk, and keeping up with compliance requirements. That’s a big mistake. Baan Alsinawi May 21, 2020 It’s clear that COVID-19 is changing the way people interact and work. But after the coronavirus subsides and life begins to return to […]
Read More →

CISO Global Blog

Subscribe to receive the latest cybersecurity news from the CISO Blog

Subscribe to receive the latest cybersecurity news
from the CISO Blog