pen test

Pen Test vs. Vulnerability Assessment: Which is Right for my Organization?

cybersecurity, Network Security, Ransomware

Often, when speaking to many organizations, I often hear confusion about Pen Testing, ie: what it is, how it differs from vulnerability assessments and what are the best use cases. I’ve decided to write this blog in the hopes of helping my customers better understand these differences and use cases of each.

The cyber threat environment is dynamic and constantly evolving. There are new vulnerabilities discovered on a daily basis. Attacks are getting more sophisticated – they’re getting more complex and flying under the radar of traditional detection technologies.

cloud security

The essential checklist for Cloud security

Cloud Computing, cybersecurity, hybrid cloud, Network Security

The ripping benefits of cloud computing have been widely touted – business agility, scalability, efficiencies and cost savings among the top. Fortunately, more and more companies are seen migrating and building mission-critical Java applications specifically for cloud environments showing no signs of slowing down. At the same time, such technology has exposed us to threats and risks previously unheard of.

23 NYCRR 500

Training Wheels are Off – NYS DFS Transitional Period Finished

cybersecurity, Network Security

The two-year transitional period implemented by the New York State Department of Financial Services (NYS DFS) regarding their Cybersecurity framework, 23 NYCRR 500, finished this past March 1, 2019. This doesn’t mean the work ends here, but essentially it’s just getting started. The state of New York allowed institutions, or covered entities, a 24 month break in period before having to adhere to all phases per year. The training wheels are off and all phases will have to be obtained yearly moving forward.

cloud education

Cloud Services for K-12 School Districts

Cloud Computing, cybersecurity, education

Natural disasters such as hurricane’s, earthquakes, and fire can put a school district’s data out of reach. These are obvious reasons to have a solid disaster recovery strategy in place. In the aftermath of Superstorm Sandy that hit the East Coast (NJ, NYC, and Long Island), there were several school districts that were unable to gain access to their systems for days or weeks after the storm had passed. This made it impossible to generate transcripts, pay bills, and in some cases, process payroll.

law firms

Legally Dangerous Attackers

cybersecurity, Ransomware

Malicious actors are consistently and persistently looking for new avenues to compromise sensitive data and they’ve found one such entry through legal firms.

Legal firms play a unique role within the economy by being at the center of personal and business-related transactions. Legal firms are involved with large enterprises, governments, small businesses and individual cases. The data maintained by legal firms is both sensitive and valuable and attackers have taken notice. Legal firms are under a barrage of attacks due to the data and relationships they maintain. Many of these firms are focusing on user endpoints when it comes to reducing their risk.

social media

7 Ways Social Media Sabotages Your Cybersecurity

cybersecurity, Ransomware

Social media can do wonders for you as an individual, as well as if you are running your own online business. It can help you build a loyal following, spread word and awareness about your brand, and reach out to other like-minded people, as well as customers. And the best about it is that it’s incredibly easy to do, since everyone you are looking for is already there. It is estimated that there will about 2.77 billion users on social media in 2019!

However, because the power of social media is so easy to utilize, most people let their guard down when it comes to cybersecurity, which can come back to haunt them at some point in the future, in a number of different ways. In order to avoid that, let’s take a look at seven ways in which social media sites sabotage your cybersecurity.

Vulnerability Management

Podcast: CISO Speak – Vulnerability Management in the Cloud

Cloud Computing, cybersecurity, podcast

This months podcast features Matthew Pascucci, cybersecurity practice manager at CCSI, speaking with guest CISO Patricia Smith from Cox Automotive, on vulnerability management in the Cloud. Does vulnerability management change depending on deployment model? How to you measure cloud vulnerability metrics? Patricia Smith and Matthew Pascucci touch upon these and more in this podcast episode.

public sector tech security

Public Sector Tech Security: Take Care Before a Catastrophe Occurs

cybersecurity, Infrastructure, Network Security

In today’s world, digital security is more important than ever. Long gone are the days where you only needed to worry about physical security for offices. Now, banks, law offices, government facilities, and private companies all depend on their technology being protected from a range of threats. It’s essential for a seamless continuity of daily life to identify and quickly respond to these threats as they occur.

cybersecurity career

So You want to Work in Cybersecurity, eh?!

cybersecurity, education

There is a massive need for cybersecurity professionals today and the need is only growing. We’ve seen estimates of anywhere between 2-3 million vacant jobs over the next three years. The demand is definitely bullish and showing no signs of stopping. With this being said, breaking into an industry is always a difficult thing to do and nothing should be assumed, even with the massive demand of unfilled positions. Here are a few areas I’d suggest if you’re looking to not only get into security, but become successful.