All Articles

Counting down to the absolutely worst cybersecurity strategies. Sadly, these are all prevalent in the industry. Many organizations have failed spectacularly simply because they chose to follow a long-term path that leads to disaster. You know who you

I was recently asked an interesting question: What are are the Top 5 CISO frustrations with the cybersecurity industry?

After a few minutes of deep thought and half a cup of coffee later (my 4th big cup of the day), this is what I came up with:

Top 5 C

Regardless whether you’re creating and selling software or you’re just using it to run your daily operation, you are an IT company. Show me a business which doesn’t require technology as an essential element of its strategy and I’ll show you what you

Mark your calendars. The HMG Live! Silicon Valley CISO Virtual Summit, on Aug 25th 10am Pacific, is a conference for #cybersecurity professionals interested in the latest perspectives on the shifting risks and opportunities of future business. 

Come

Digitally altered and synthetic media are becoming more of a problem.  Openly available tools, including AI Deep Learning, enable the easy modification of pictures and videos for distribution on the Internet.  Most are benign; clearing up acne, impro

EC-Council is announcing the #TheNextBigThingInCyber skills development in a free online event on Sept 16^th 9:30am EST.  EC-Council's CEO, Jay Bavisi will discuss what it means to Humanize firewalls, build a new era of ethical hackers, empower cyber

Intel has released patches for several security vulnerabilities in their Active Management Technology (AMT) and Intel Standard Manageability (ISM) platforms.  One of them was a critical flaw in AMT that allowed remote privilege escalation  CVE-2020-8

The first warning sign was “hackproof” in the 360Lock marketing materials. As it turns out, with no surprise to any security professional, the NFC and Bluetooth enabled padlock proved to be anything but secure.

Straightforward penetration testing reve

I am seeing many security vendors developing products to unify solutions into a single management interface. I fear this is just a sales tactic to gain greater market share and not intended to help the plight of CISO’s

A recent article from ComputerWe

It simply makes no sense to call for IoT devices to be certified safe-and-secure.  Before you get bent out of shape, hear me out. 

Regulations are unwieldy blunt instruments, best left as a last resort.  Cybersecurity regulations are not nimble, tend

Join the free webinar on Oct 28th 10am PST to listen to the panel discuss how culture can contribute or destroy cybersecurity!

Does society want governments to take on the role of protecting the Internet? Should the Internet be considered a Critical Infrastructure and therefore be overseen by governments? Will such actions undermine privacy and liberty or will it be demanded

Microsoft and partners have taken down the Trickbot ransomware infrastructure. That is a temporary relief, as the cybercriminals will soon adapt. The bigger picture is how the Microsoft Digital Crimes Unit (DCU) has created a template and partnership

Security experts say don't pay ransomware, but now the U.S. Treasury Department is now declaring it illegal!  Every company on the Internet must deal with the threat and emerging regulations.  

Ransomware continues to be a growing problem because vict

New phishing malware leverages Artificial Intelligence and worm functionality to rapidly spread to contacts of victims.  By leveraging previously established relationships the malware can bypass technical controls and easily fool new targets into bec

The U.S. Department of Justice filed charges against six Russian agents, identified as members of the APT group known as Sandworm.  The unsealed documents reveal that the six suspects are all current or have former ties to the Russian foreign intelli

"Why Sacramento is Ripe to be a Cybersecurity Hub" panel discussion, was lively and engaging. Moderated by Carmen Marsh and featuring Malcolm Harkins, Matthew Rosenquist, and George Usi, the panel discussed a broad range of topics including: Why pick

The U.S. National Security Agency knows which vulnerabilities China backed hackers are exploiting the most to gain access to sensitive data.

The Chinese state-sponsored information gathering engine is a vacuum when it comes to acquiring information fr

October is Cybersecurity Awareness Month.  It is a time to consider the risks we accept everyday when using computers and what we can do to better protect ourselves. 

I have a challenge for each and every person.  Something that will help people indiv

The California Consumer Privacy Act (CCPA) has been around since 2018, as the more protective data privacy legislation of any state, but not all businesses have been acting ethically in their compliance and respect for user privacy. 

As a result, the