When Strict Password Policies Backfire

Passwords that are changed more frequently are more secure, right? Not necessarily. I was working with an organization that takes security seriously. Defense in depth and least privilege permeate their environment. Users do not have administrator privileges and are not allowed to remotely login to systems. Network segmentation keeps a compromised workstation from reaching the administrator interfaces on servers. Only …

Apply the BlueKeep Patch Now

I’m writing to let you know about a critical Windows security patch that should be deployed to affected systems ASAP. The BlueKeep vulnerability (CVE-2019-0708) is a remotely exploitable flaw in the Remote Desktop Protocol (RDP) Services on older versions of Windows including: Windows Server 2008 R2 Windows 7 Windows Server 2008 Windows Vista Windows Server 2003 Windows XP Both Microsoft …

Game of Thrones’​ Great War and Cybersecurity

Did you catch the epic Game of Thrones episode “The Long Night” last night? If not, be warned…SPOILERS AHEAD I couldn’t help watching this episode and thinking how it is an analogy for protecting one’s most critical assets in the digital age. These are the cybersecurity concepts came to mind as I was watching the episode. Defense in Depth Armies …

The Single Best Risk Assessment Interview Question

There is one question that I ask in every risk assessment interview that time and time again has yielded the best results. It is a question that goes to the heart of understanding how the business works, not just how the IT department operates. It is a question that IT and Security Pros get to use on a regular basis …