CISO Global Blog

What We Can Learn from Penn State’s Compliance Conundrum

Author: Randy Griffith, Senior Security Consultant, CISO Global Penn State University is in hot water again for legal and compliance violations. This time, the activities in question are related to the university’s claim to be compliant under NIST SP 800-171, as required by Executive Order 13556 (2019). As a contractor and partner of the U.S. […]
Read More →
Move to the Cloud with Confidence: 6 Key Risks & Mitigation Techniques — Part 2

Author: Samuel Lewis, Senior Security Consultant, CISO Global According to Gartner, cloud spending will reach $597.3 billion by the end of 2023. Whether it’s infrastructure as a service (IaaS), a software as a service cloud application (SaaS), or some other use for the cloud, organizations are finally adopting cloud use models that help increase scalability, […]
Read More →
Move to the Cloud with Confidence: 6 Key Risks & Mitigation Techniques, Part 1

Author: Samuel Lewis, Senior Security Consultant, CISO Global Over the past several years, an increasingly fluid work environment has followed trends of modern globalization in the workplace. Leveraging cloud solutions, many companies have let go of historical limitations imposed by on-premises and local solutions. The truth is, cloud outsourcing can be a game changer, as […]
Read More →
Demystifying the Dark Web and DarkNets, Part IV — Corporate Spies, Scammers, Spammers, Stalkers, and Cyber Criminals

Author: Anonymous Hacker, as told to Lindsey Watts Preface: Thus far in our series, we’ve looked at what DarkNet types exist in addition to the dark web, communication methodologies on DarkNets, social-ethical questions raised by anonymous, and unregulated and un-censored communication platforms. Your interest might be piqued at this point but if not hold onto […]
Read More →
Becoming FedRAMP and StateRAMP Authorized, Part 2 — Common FedRAMP Mistakes You Can Avoid

By Isaac Hur, Senior FedRAMP/ StateRAMP/ CMMC Practice Lead and Quality Assurance As a compliance auditor and practitioner in the FedRAMP space, I see a lot of mistakes cloud service providers (CSPs) make that cause them a tremendous amount of grief when seeking authorization. The process is painful enough on its own, but many of […]
Read More →
Demystifying the Dark Web and DarkNets, Part III — Accessing Dark Marketplaces Anonymously:

Author: Anonymous Hacker, as told to Lindsey Watts Preface: Without international laws in every country that are designed to protect individual data privacy as vehemently as does the General Data Protection Regulation (GDPR), many have turned to DarkNets and cryptocurrencies for their privacy protections – especially in the U.S. Is it surprising that the Washington […]
Read More →
Becoming FedRAMP and StateRAMP Authorized — Part 1

Author: Baan Alsinawi, CISSP, CCSP, CISM, CGEIT, CASP+ ce, and Managing Director at CISO Global Cloud-based applications and services are booming in 2023, in both the public and private sector. One of the largest and most sought-after clients for any tech company is the U.S. government. In fact, the federal government is investing billions of […]
Read More →
Accessing Dark Marketplaces Anonymously: Demystifying the Dark Web and DarkNets, Part II

Author: Anonymous Hacker, as told to Lindsey Watts Last week, we heard from an anonymous hacker about what the dark web is, what DarkNets are, and the various associated communication channels. You may have been surprised to learn that there is more than one place for dark marketplaces, and that one can’t just Google “How […]
Read More →
Most of What You’ve Heard Is Wrong: Demystifying the Dark Web

Author: Anonymous Hacker, as told to Lindsey Watts Preface In geopolitical – or even gang warfare, there are usually pretty clear sides. You have two opposing groups and their allies, a dispute, and skirmishes or battles. It’s Team A versus Team B. When it comes to cyber warfare, though, people don’t really have a “face” […]
Read More →
Why You Should Consider Enhanced Email Solutions as Part of Your Security Stack

By Ryan Greyslak, Director of Secured Managed Services West, CISO Global, Inc. It’s late Friday evening and Tom (your average everyday employee) has worked diligently to meet project deadlines and follow up with customers before his much-anticipated weeklong vacation. Exhausted from burning the midnight oil and juggling multiple tasks, he’s eager to wrap up his […]
Read More →
A Message from the Dark Side: Your Defenses Will Fail, and Here’s Why

Author: Anonymous Hacker Preface: This blog is authored by one of our industry peers who, due to the sensitive nature of their work and the wishes of their clients, prefers to be unnamed. The cybersecurity industry is a complex ecosystem made up of private practitioners, government agency experts, engineers, and hackers. All are working together […]
Read More →
By the Numbers: Cloud Security Stats Are In, and They’re Not Pretty

By Brian Yelm, Managing Director of Secured Managed Services, CISO Global, Inc. With digital transformation having taken a front seat over the past 3 years due to a global shift in how people do business, cloud reliance and breaches have skyrocketed. According to G2, half of all organizations are currently cloud native or cloud enabled. […]
Read More →
Introducing the Argo Security Management Platform

By Jerald Dawkins, Ph.D., Chief Technology Officer, CISO Global, Inc. Introducing Argo Security Management: A CISO Global platform designed to make your life a little bit easier At CISO Global, we’ve been using a platform with clients for several years to help them manage their security programs. So, maybe “introducing” isn’t really the right word. […]
Read More →
What Is Practitioner-Focused Cybersecurity?

By Thomas Coffey, VP of Security, CISO Global, Inc. A basic Google search for the term “cybersecurity” will turn up dozens of competing advertisements for companies promising to solve all your security woes and keep attackers at bay with their version of a “technology silver bullet” – the end all be all that you must, […]
Read More →
Take it From a Compliance Officer: Secure Networks Matter

By Randy Griffith, Senior Security Consultant, CISO Global, Inc. Even before the fiasco at Silicon Valley Bank, financial institutions were under tremendous scrutiny from regulators. How could they not be? Banks are among the oldest known targets for theft, and in a digital age, the best way to extract money is going to be either […]
Read More →
Does ChatGPT Know Your Secrets? Threats and Benefits of AI in Your Environment

By Chris Clements, VP of Solutions Consulting, CISO Global, Inc. ChatGPT has been taking the world by storm, but it’s bringing with it issues around cybersecurity, data protection, and data privacy. IT leaders and business leaders are looking to create policies that will help protect their people and corporate assets, but so few people really […]
Read More →
Why Is CMMC a Big Deal?

By: Tom Cupples, Ed.D., CISSP, CGRC, PMP, CAICO-PI, CAICO-PA, CCP, CCA, Sec+, Net+, Security Controls Assessor & Senior Cybersecurity Trainer at CISO Global, Inc. The Cybersecurity Maturity Model Certification (CMMC) has been around for a few years. And, in its short tenure, it has, itself, matured. The current version of the CMMC is 2.0, released […]
Read More →
Lessons from the Field, Part II: Could Better IT Strategies Help You Retain Employees?

By James Keiser, Director of Secured Managed Services Southeast, CISO Global, Inc. While a number of organizations have moved back to an in-person work model, some employees are pushing back and leaving for jobs that will allow them to work from home (WFH). Having become accustomed to the advantages of a WFH model, employees have […]
Read More →
Lessons from the Field, Part I: Backup and Disaster Recovery

By James Keiser, Director of Secured Managed Services Southeast, CISO Global, Inc. In the ongoing battle to protect corporate data, you can’t afford to miss a step. I’ve seen, first-hand, what can happen when organizations do miss steps. We are always happy to help them remediate going forward, but there’s a lingering wish that we’d […]
Read More →
Recession Planning: Min-maxing Your Cybersecurity Program for Better Business Outcomes

By Chris Clements, Vice President of Solutions Architecture, CISO Global, Inc. Over the last two years, digital transformation has accelerated at breakneck speed, opening new lines of business that meet user demand. Reality is, online banking, order-ahead meals, telehealth appointments, and online grocery shopping are no longer optional. Users expect these to be available 24/7, […]
Read More →
ROI Matters: Fuel Your Organization’s Growth with a Mature Cybersecurity Program

By Jerald Dawkins, PhD, Chief Technology Officer, CISO Global, Inc. Mature Cybersecurity Fuels Business Growth Being a cybersecurity practitioner 15-20 years ago sometimes made me the unpopular guy in the room. People are always excited about financial gain – opening new lines of business, developing creative and sustainable revenue streams – you know, the fun […]
Read More →
Compound Effects: What Does It Mean to Be Ready and Resilient? Part III

By Josh Bozarth, Practice Lead / Director, Readiness & Resiliency The terms “readiness” and “resiliency” complement each other, but they’re different. Readiness is preparedness It’s about proactively determining what your security compliance program is ready for via: Readiness is also: Now, resiliency? That’s something else entirely. Resiliency is restoration It’s about getting your network back […]
Read More →
Are You (Really) Ready and Resilient? Part II

In last week’s discussion around readiness and resilience, I introduced the concept of what it means to have “threat-informed” cybersecurity. This week, I want to show you what that looks like in the real world – how it should drive you to challenge more assumptions, reduce your attack surface, and game out real-world scenarios. Threat-informed […]
Read More →
Threat-Informed Cybersecurity: Are You Ready and Resilient? Part I

By Chris Clements, Vice President of Solutions Architecture, CISO Global, Inc. Long popular in the military, “readiness and resiliency” is a staple of cybersecurity, too. It makes sense. Both institutions value (1) being alert to threats and risks while (2) recognizing that the types of threats and risks themselves are less important than the reaction […]
Read More →
Tips for an Effective Vulnerability Assessment

By Ferdinand Mudjialim, Security Analyst, CISO Global, Inc. So, you (or your friendly neighborhood MSP) have just finished a vulnerability scan as part of a vulnerability management program and/or in preparation for penetration testing. But one ominous question looms: What next? Sorting through hundreds of thousands of vulnerability logs can be daunting, and determining which […]
Read More →
DNS-Based Threats and Their Impact on Business

By Kerry McQuarrie, SOC Manager, CISO Global, Inc. A Domain Name System (DNS) is a protocol that translates human-readable domain names/URLs—like favoritewebsite.com—into IP addresses that computers can read—like 135.24.56.98. DNS servers handle tens of thousands of queries that transfer minute bits of data between devices, systems, and servers—which makes DNS an attractive and easily exploitable […]
Read More →
Lose the Bias: Young Cybersecurity Experts Want a Modern Workplace That Includes Women Leaders

By Lindsey Watts, VP of Marketing, CISO Global, Inc. 2023 finds us in a sustained cybersecurity hiring crisis. With 3.4 million too few experts to meet global demand, it seems the widespread investments in university programs, increased certification access, and upskilling for existing IT professionals isn’t enough to bridge the gap. According to Cybersecurity Dive, […]
Read More →
Earning a 4.0: The Shift in PCI Compliance Requirements Is Underway

By Jenna Waters, Senior Security Consultant, CISO Global, Inc. PCI 4.0 — the PCI Standards Security Council’s first update since 2018 to the PCI Data Security Standards (PCI DSS) — is a major iteration that shifts away from the traditional point-in-time assessment. Do you remember how an auditor would annually determine the PCI compliance status […]
Read More →
Ashley Devoto: Breaking Glass Ceilings in a Bold New Frontier

By Mike Pallagi, Senior Copywriter, CISO Global, Inc. CISO Global President and Chief Information Security Officer Ashley Devoto’s career stands as a powerful source of inspiration to women in tech and aspiring cyber leaders everywhere. In a 3,000-word cover story for the February 2023 issue of CIO Views Magazine, Ashley shares her thoughts on a […]
Read More →
The Watershed Moment for Compliance Budgets: A Preview of My New Whitepaper, ‘Using Compliance Budget to Advance Security Priorities’

By: Baan Alsinawi, Managing Director, CISO Global, Inc. Packed with input and feedback from over 200 leaders from across 10 industries, the recent EMA research report, “Using Compliance Budgets to Advance Security Priorities,” is loaded with valuable survey findings, fascinating responses, and surprising trends. In my new whitepaper, “Using Compliance Budget to Advance Security Priorities,” […]
Read More →
A Transition Phase in Access Management: Are We Ready for a Future Without Passwords? Part III

By: Tim Coleman, Director of Secured Managed Services, CISO Global, Inc. Access management in cybersecurity is in a transition phase. With everyone working from home during the pandemic, we realized — as a digital society — that traditional username/password combinations protecting our systems were fraught with flaws that are now being regularly exploited by malicious […]
Read More →
Culture Clash: When Protecting Nonprofits From Cyberattack Doesn’t Feel Like “The Mission”

By: Jess Dinsmore, SOC Director, CISO Global, Inc. Sitting in the back of the auditorium during a budget approval meeting for a church was, at best, an interesting situation. Pages and pages of line items describing where the money was going to be allocated over the coming year was enthusiastically described by each of the […]
Read More →
Evolution in Biometrics Tech: Are We Ready for a Future Without Passwords? Part II

By: Sami Elhini, Biometrics Expert, CISO Global, Inc. Try talking to a cybersecurity expert about a passwordless future without biometrics coming up. Not possible — and the reason couldn’t be simpler: Biometrics are the best forms of user authentication to come down the cybersecurity pike. So where are they at? Where are they headed? What […]
Read More →
Are We Ready for a Future Without Passwords?

By: Steven Anderson, Senior Security Consultant at CISO Global Cybercriminals Rely on Weak Passwords and Bad Password Management The challenge of creating the type of complicated passwords needed to keep sensitive data secure has been a defining feature of cybersecurity in recent decades. However, as daily — if not hourly — engagements with digital technology increase, […]
Read More →
2023 Marks A Shift In U.S. Data Privacy Laws

By: Baan Alsinawi, Managing Director at CISO Global and the founder of TalaTek “The year 2023 will go down in history as marking the beginning of a profound shift in the philosophy underlying data privacy laws in the United States.” – Frederic. D Bellamy, Reuters Historically, the European Union has led the charge in data privacy, […]
Read More →
Empire: A Powerful Post – Exploitation Tool

By: Ferdinand Mudjialim, Security Analyst at CISO Global What Is Empire? Empire is a post-exploitation tool similar to Metasploit that works well with PowerShell, though it also supports tools written in Python and C#. It is one of the more popular command and control (C2) frameworks today, as it allows you to easily run various scripts/modules in memory and establish stealthy persistent […]
Read More →
10 Truths That Will Change How You View Cybersecurity: Part IV

By: Brad MacKenzie, vCISO to Secured Managed Services at CISO Global In our last installment, Brad MacKenzie described three proactive measures organizations can implement to protect their environment from cyberattacks: analyzing their systems for indicators of compromise and cataloging all the legitimate software on their network, providing security awareness training to all staff, and creating […]
Read More →
10 Truths That Will Change How You View Cybersecurity: Part III

By: Brad MacKenzie, vCISO to Secured Managed Services at CISO Global In Part III of this series, Brad MacKenzie describes two different network configurations and contrasts the disadvantages of the open network with the advantages of the compartmentalized network. He describes how the open network is an attacker’s paradise, whereas the compartmentalized network follows the […]
Read More →
10 Truths That Will Change How You View Cybersecurity: Part II

By: Brad MacKenzie, vCISO to Secured Managed Services at Cerberus Sentinel In Part II of this series, Brad MacKenzie offers three more cybersecurity truths gained from his years of working with the Cerberus Incident Response team. MacKenzie advises organizations to follow these best practices so they can reduce the impact of a cyber attack and […]
Read More →
10 Truths That Will Change How You View Cybersecurity: Part I

By: Brad MacKenzie, vCISO to Secured Managed Services at Cerberus Sentinel As we look back on Cybersecurity Awareness messaging over the last year, many of us who are seasoned practitioners are excited to see security becoming more top of mind for end users. That said, it seems that many best practices that are highlighted during […]
Read More →
Zero Trust: Strengthen Your Security Posture & Reduce Attack Surfaces

With Insights from Cerberus CTO, Jerald Dawkins, Ph.D. Trust No One? As a powerful tool to secure increasingly complex IT environments and reduce attack surfaces, Zero Trust, with its “never trust, always verify” model, has become top-of-mind for savvy organizations across industries. Zero Trust not only helps organizations respond to the changing landscape of cybersecurity culture but also has the […]
Read More →
8 Common Cybersecurity Threats and How to Prevent Them

By: Logan DeWitt, Manager, Security Operations Center (SOC) at Cerberus Sentinel Cybersecurity threats continue to evolve in sophistication and severity as the number of endpoints, such as desktop computers, laptops, and mobile devices, increase and digital and physical attack surfaces change. Hackers are often highly intelligent criminals capable of coordinating and launching attacks from anywhere in the world. These […]
Read More →
There’s Never Been a Better Time to Join the Cybersecurity Workforce

By: Darek Hahn, Client Experience Operations Director at Cerberus Sentinel The digital revolution has resulted in cybersecurity becoming one of the foremost concerns around the world, across companies and industries. Not surprising, the cybersecurity job market is growing exponentially: the number of unfilled cybersecurity jobs has increased from one million positions in 2013 to 3.5 million in 2021. Moreover, the Bureau of Labor Statistics projects hiring for information security professionals to grow 35% from 2021 to 2031. Closing The Cybersecurity Gap Over the […]
Read More →
Securing Healthcare: Cybersecurity for Medical Technology & Devices

By: Chris Clements, VP of Solutions Architecture at Cerberus Sentinel We’re All Connected (By Attack Surfaces) In the years following the widespread disruptions caused by the global COVID-19 pandemic, malware attacks and data breaches have grown across industries with over an 80% increase in cyber threats. Research shows that more than 1,2000 security leaders have found that 49% […]
Read More →
Security Awareness Training: One Part of an Effective Risk Management Program

Insights from Baan Alsinawi By: Hunter Barrat, Technical Writer and Editor at Cerberus Sentinel The Cybersecurity Awareness Month 2022 theme is “See yourself in cyber.” The goal is to ensure that everyone understands that they have a crucial role in protecting themselves and their workplaces by making smart cybersecurity decisions at work and home. Organizations […]
Read More →
CMMC 2.0: Three Things You Need to Be Doing NOW

By: Johann Dettweiler, Director of Operations at Cerberus Sentinel The Cybersecurity Maturity Model Certification (CMMC) 2.0 is a compliance requirement that all Department of Defense (DoD) Contractors (aka, the Defense Industrial Base — the DIB) will soon have to meet. It is expected to be placed in DoD contracts, requests for proposals (RFPs), and requests for information […]
Read More →
How Pen Testing Can Help Maintain Industry Compliance

By: Rick Belisle, Managing Director at CISO Global In 2021, damages attributed to cybercrime amounted to $16.4 billion a day, $684.9 million an hour, $11 million per minute, and $190,000 per second, according to Cybercrime Magazine. In the face of these alarming statistics, organizations are increasingly seeking ways to improve their security posture, turning to cybersecurity experts […]
Read More →
CISM and CISSP: Which is Best for You?

By: Jenna Waters, Senior Security Consultant at Cerberus Sentinel According to Fortinet’s recent report, 80% of organizations suffered one or more breaches that they could attribute to a lack of cybersecurity skills and/or awareness. Not only is the cybersecurity workforce gap an international crisis in the global economy, but also it’s a matter of national security and opportunity […]
Read More →
Target Practice: Walkthrough of the Mr. Robot Vulnhub Machine

By: Daniel Bennett, Security Analyst at Cerberus Sentinel Ethical Hacking Mr. Robot, a 2015 dramatic television series, is old news now, but to an aspiring hacker – or bored fan of reruns – it still holds relevance. When you want to learn to hack ethically, you need some dummy machines you can use for target practice. […]
Read More →
EMA Study Is Good News for Risk Management Initiatives

By: Baan Alsinawi, Managing Director at Cerberus Sentinel and the founder of TalaTek EMA Study – Risk Management Initiatives I recently finished reviewing the Cerberus-co-sponsored research study, Using Compliance Budget to Advance Security Priorities, from industry analyst firm Enterprise Management Associates (EMA) that included input and feedback from more than 200 tech and business leaders from across 10 industries. […]
Read More →

CISO Global Blog

Subscribe to receive the latest cybersecurity news from the CISO Blog

Subscribe to receive the latest cybersecurity news
from the CISO Blog