I brag about how awesome infosec is. More often than not I will complain about a thing or two. Basically, no catchy lines here, just some honest thoughts and advice.

Pentesting Employee Owned Devices?

Good old days of inventory control are long gone. Today’s organizations allow their users to bring their own devices to work. This means, devices are not always controlled by organizations policies and control systems. While a user’s computer will be restricted to business tools and protected behind network firewalls and intrusion detection systems, the user will...
Read More

Ransomware and Healthcare Organizations

The Office for Civil Rights OCR seems to consider all ransomware events a breach unless proven otherwise. This is because successful ransomware incidents affect all three aspects of data security (Confidentiality, Integrity, and Availability). Specifically: Confidentiality: Ransomware gained access to your data and encrypted it. This unuathorized access violated the confidentiality. Integrity: Once a threat actors gains access...
Read More

Lessons from BSides ATL and ISSA GA

BSides Atlanta: Ransomware is adapting to evade countermeasures Train your users to identify phishing emails Manually test your backups at least monthly or depending on how many days worth of data you are willing to lose How do I recover from a ransomware outbreak? Remain calm Isolate the machine from network Look online for a decrypter Got backups?...
Read More

Studying for CEH

Well, it has come to this; I am studying for EC Council's Certified Ethical Hacker exam now. Don't get me wrong, the content of the course is great. It gives you good foundation. However, I have not found it difficult yet and what I don't find difficult, bores me. I prefer Offensive Security Certified Professional (OSCP) myself. It...
Read More

A Healthy Dose of Ransomware

Healthcare continue to be a prime target for ransomware. All hospitals, small and large, seem to be on a hit list. Hospitals around the U.S. are reporting ransomware incidents. In fact, HHS has stepped in with its guidelines on ransomware and claims a ransomware incident is a data breach unless the hospital can prove no data exfilteration...
Read More

The author would love to hear your comments. Let us discuss at Twitter @hashtaginfosec.