Badly Worded Controls
Just a short story about a SOX audit long ago… I joined a public company as the cybersecurity leader just as the external SOX audit was underway. While I was responsible for the organization’s ITGCs, I...
View ArticleGratitude Is a Choice
While not strictly a portmanteau, it’s easy to think of gratitude as a “grateful attitude,” a state of mind when pondering favorable events or circumstances. I assert that gratitude is a choice. I...
View ArticleWhen Is a Pen Test Not a Pen Test
Like many terms in cybersecurity, “Penetration test” is one where you’ll hear several definitions. Some will be right, and most will not. The point of this article is to explain pen testing a bit, and...
View ArticleThere Are No Temporary Tools
The year is 1993. I’ve been retained by McCaw Cellular Communications in the Traffic Engineering department to create a lightweight system that performs similarly to NFS, but without the network...
View ArticleHow’s Your LinkedIn Feed Looking?
It seems to have started during the pandemic, when home and work blurred together. Our use of social media began to blur as well – with personal life postings on LinkedIn, and work life postings...
View ArticleWhere Are You Going?
Fifteen years ago, we purchased a cabin in the mountains that is situated on forty acres of woodland and open, rolling hills. We enjoy taking walks and hiking around, and beyond, our property. Far away...
View ArticlePatch Installation Benchmark: Windows, macOS, ChromeOS
I have one or more Macs, Windows, and ChromeOS machines in my lab, and decided to measure the amount of time required to download and install patches across all three OS’s. Windows: it took the...
View ArticleTracking CPE Records
Those of us in cybersecurity and related professions have our professional certifications, many of which require annual CPE (continuing professional education) hours. Most of my certifications require...
View ArticleShadow AI
Shadow AI is rampant in organizations today. Employees are signing up for ChatGPT and other generative AI services, and using GenAI in many ways. Shadow AI is the use of AI services, away from the...
View ArticleAnnouncing CISSP For Dummies, 8th edition
The best-selling certification study guide, CISSP For Dummies, will be published in its eighth edition in mid-2024. Authors Lawrence Miller and Peter H. Gregory have been the authors of CISSP For...
View Article