Tag: cybersecurity

Latest Read: Defensive Security Handbook

Post author By Don Kasprzak
Post date March 29, 2025

Defensive Security Handbook (2nd Edition): Best Practices for Securing Infrastructure By Amanda Berlin, William F. Reyor III and Lee Brotherston.

Defensive Security Handbook 2nd Edition: Best Practices for Securing Infrastructure By William F. Reyor III and Lee Brotherston.

Amanda holds an Associate in Computer Information Systems from North Central State College. Today she is a Senior Product Manager of Cybersecurity at Blumira. She is co-host of Brakeing Down Security, provides training for organizations on creating tabletop and incident response playbook programs. In addition, Amanda is CEO and co-founder of Mental Health Hackers, a non-profit organization that aims to raise awareness about mental health issues in the cybersecurity community.

William is the Director of Security at Modus Create. His previously served at The Walt Disney Company, Raytheon Technologies, and as CISO at Fairfield University. Reyor is also a co-founder of Security BSides Connecticut.

Lee holds a BSc in Media Technology from Teesside University, Middlesbrough, North Yorkshire UK. He is the founding security engineer at OpsHelm and has previously worked across multiple sectors: including finance, telecommunications, hospitality, entertainment, and government.

The authors are recognized for extensive real-world experience and leadership in cybersecurity. This is a perfect update to a cyber world filled with ever increasing high-profile hacks, data leaks, and ransomware attacks. For organizations lacking a formal InfoSec program this provides a baseline and is most helpful for the Information Security community.

Tags Amanda Berlin, cybersecurity, defensive security handbook, Education, Lee Brotherston, William F. Reyor III

Education Reading

Latest Read: You’ll See This Message When It Is Too Late

Post author By Don Kasprzak
Post date July 27, 2024

You’ll See This Message When It Is Too Late: The Legal and Economic Aftermath of Cybersecurity Breaches by Josephine Wolff.

Josephine holds a AB, Mathematics from Princeton University and a MS in Technology & Policy and PhD in Engineering Systems both from MIT. Today she is Associate Professor of Cybersecurity Policy Associate Professor, Computer Science, Engineering and Director, Hitachi Center for Technology and International Affairs at Tufts University. She is also a visiting professor of Law at Yale Law School.

Josephine outlines a series in fact of highly publicized cybersecurity incidents between 2005 and 2015. She is able to map the entire attack cycle of each breach. This certainly leads to insights for identifying opportunities for more robust defensive intervention. There are three main motives: financial gain, espionage, and public humiliation of the victim. These are a consistent theme over the ten year timeframe.

During this decade, cyber attacks made the news regularity. The book discusses the legal ramification organizations face after a breach. Here the focus is including litigation, regulatory fines, and compliance issues. Josephine also analyzes financial ramifications including direct costs for remediation and legal fees and the indirect costs like customer trust and brand damage. Josephine documents real-world examples of significant data breaches and the various organizational responses and lessons learned.

Tags cybersecurity, tipping point

Cyberinfrastructure Education Network Reading

Latest Read: Zero Trust Networks

Post author By Don Kasprzak
Post date July 13, 2024

Zero Trust Networks: Building Secure Systems in Untrusted Networks by Razi Rais.

Razi holds a BS In Computer Science from Karachi University and Masters in Computer Science from Shaheed Zulfikar Ali Bhutto Institute of Science and Technology. Today Razi is a Microsoft Senior Product Manager for Microsoft Security + AI.

Zero Trust is yet another confusing and misleading security phrase which confuses almost everyone including IT teams. Yet, it is a very critical network security strategy. Today this is needed more than ever before. This strategy assumes no one or device is trustworthy by default. This requires all users authenticating with their devices before accessing, networks, applications and data.

The core concept is to simply: assume breach. As odd as this will sound at first, continuously monitoring and logging of user and device activity will detect threats. By inspecting network traffic, the verification of each request will be based on an any organization’s access policy. This greatly reduces risk of insider threats, data protection. In addition to the unknowingly misuse of employee’s personal home computers lacking security standards set by their organization. Even in 2024, employee’s home computers still lack anti-virus, malware, or identity theft protection.

Tags cybersecurity, Network

Education Ransomware Reading Technology

Latest Read: Fighting Phishing

Post author By Don Kasprzak
Post date May 18, 2024

Fighting Phishing: Everything You Can Do to Fight Social Engineering and Phishing by Roger A. Grimes.

Fighting Phishing: Everything You Can Do to Fight Social Engineering and Phishing by Roger Grimes

Roger holds a BA in Accounting and Economics from Old Dominion University. A former Principal Security Architect at Microsoft, Roger was a computer security columnist at InfoWorld. Today Roger is a Data-Driven Defense Evangelist at KnowBe4.

This book is not only mandatory reading for every IT organization’s team, but even individuals must learn to protect their personal accounts and valuable data safe sophisticated social engineering and phishing attacks.

This book is well regarded within the cybersecurity community. This is a practical guide to understanding and defending against phishing attacks. Roger is in fact, outlining how an in-depth approach is required, now more than ever, to deploy a robust defense against social engineering and phishing threats.

Anyone can acquire the understanding of how critical defenses must be in place today. So, just search for ‘phishing attack’ to clearly understand how organizations still fall victim to these attacks which continue to be the entry into organizational networks and systems.

Tags cybersecurity, Fighting Phishing, Phishing, Roger Grimes, Social Engineering

Education Reading

Latest Read: Profit over Privacy

Post author By Don Kasprzak
Post date March 24, 2024

Profit over Privacy: How Surveillance Advertising Conquered the Internet by Matthew Crain.

Matthew holds a PhD from the University of Illinois, Urbana-Champaign. He is an assistant professor of media and communication at Miami University of Ohio and previously taught at Queens College, City University of New York.

The contemporary internet’s de facto business model is one of Surveillance has been the new black. While browser cookies follow us around the web, Web beacons can track and harvest every Google search, every webpage visited, In fact, on a growing number of global websites, beacons know where you click. Yes indeed they know everything about you and are monetizing all of your online activities every day.

In Profit over Privacy, Matthew is delivering a solid historical beginning to the billion dollar surveillance advertising business.

In fact, Facebook posted revenues over $319 billion in 2021 alone. Surprised learning this is below their 2020 revenue? The loss of our privacy is via Facebook, Google, and Amazon. They certainly resell our online activity to data brokers.

Matthew is tracing this surveillance advertising back to the Clinton administration. This includes the launch of the country’s Nation Information Infrastructure and how the long established Information Infrastructure Task Force (IITF) designed a safe approach which did acknowledge the coming online profiling of citizens. The FTC also looked to consumer empowerment. But in America, politics ran amok.

Tags cybersecurity, Matthew Crain, privacy, Profit over Privacy, surveillance, Surveillance Advertising