Come Join the Discussion

Add your comments to any of these postings or comments

Sunday, June 27, 2021

Preventing Ransomware Events

There is no special magic bullet to prevent ransomware. A good Information Security Plan covers all the things you need, but which sadly are not being done by so many companies and agencies. Here are a few key things that come to mind: 1. Don’t allow any unencrypted services, like telnet, on your network 2. Don’t use RDP, at least not without VPN 3. Advocate for your company's hardened systems only connecting to your network; otherwise implement good mitigating controls 4. Offline backups to restore data if attacked and data encrypted 5. Regular and tested patch management process 6. Use threat intelligence to block known bad sites 7. Require admins to only use privileged accounts when doing privileged tasks 8. Security awareness: don’t click that link or open that attachment! 9. Test your incident response and backup/restore plans 10. Use MFA 11. Use DMARC, SPF, and DKIM with your email domain so cybercriminals cannot spoof your email accounts.

Trump DOJ Secretly Seized Phone Records of NYTimes Journalists Reporting on Comey’s Clinton Investigation

And THIS is why we must staunchly fight for privacy rights. Power corrupts. Encryption back-doors can also be abused by those in power who are unscrupulous. https://www.newsandguts.com/deja-vu-trump-doj-secretly-seized-phone-records-of-nytimes-journalists-reporting-on-comeys-clinton-investigation/

Supreme Court sides with police officer who improperly searched license plate database

Better think about updating your policies! Proving violations of the Computer Fraud and Abuse Act just got a lot tougher. https://www.cnn.com/2021/06/03/politics/supreme-court-cybercrime-law-case/index.html

Sunday, March 28, 2021

Building Strong Teams

Building strong teams is probably the most important aspect of a successful leader's role. Choosing the right people and getting them all to blend together to work together for a common goal is more important than anything else you can do. None of this has anything to do with technology, but is clearly a human issue. When you are looking for good people, choose the best person available, not one who brings a very focused and specific set of skills, but might have character issues. Be flexible in your organizational structure and be willing to move people around to achieve harmony and success.

Wednesday, February 24, 2021

You Have Enemies?

"You have no enemies, you say? Alas, my friend, the boast is poor. He who has mingled in the fray of duty that the brave endure, must have made foes. If you have none, small is the work that you have done. You’ve hit no traitor on the hip. You’ve dashed no cup from perjured lip. You’ve never turned the wrong to right. You’ve been a coward in the fight." - Charles Mackay

Predictions for 2021

Predictions for 2021: 1) Rezoning of commercial districts to allow conversion of office space into residential condos. 2) Migration of professionals away from central cities, resulting in movement of some states from red to blue (reference Ga and Tx). 3) Lowering of salaries as companies will not have to pay big city rates. 4) Reduction in attendance at regional events in big cities 5) Increase in attendance at professional organization meetings in mid and small cities 6) Increase in hoteling workspaces in company offices as staff only will come to work physically 1-2 times/week.

Friday, January 22, 2021

Cyber Security and Cloud Podcast

I was very honored to be interviewed by ☁️ Francesco ☁️ Cipollone. We talked about many things, including #cybersecurity, #leadership #career #management #appsec #diversity and #pentesting. I would recommend a listen. https://www.nsc42.co.uk/cscp/episode/ded19a53/cscp-s02ep29-richard-greenberg-ciso-heatlhcare-community-owasp-and-issa

Thursday, January 07, 2021

Blackwater Contractors?

OK, so are there any connections to the trump pardon of the Blackrock 4 and the rioters scaling the walls of our nation's capital? Are there any further events planned utilizing any contractors?