2.28.24 EDITOR’s NOTE: My role as Communications Director involves outreach with our professional association industry partners, and one of the first meetings I attended was a chapter gathering of the Military Cyber Professionals Association. Think Tank member and MCPA President Brian Morgan introduced me to the group, I gave a quick Summit pitch, and stayed for some people and pizza time. A former member of the military, Cheyne Taylor, introduced himself as a guy working a full-time gig and a future graduate of the UW Stout master’s program. Here’s a bit more from Cheyne as we kick off our 2024 ...
10.18.23 > Paul Veeneman The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) are two pivotal entities in the U.S. responsible for maintaining the nation's security and resilience against cyber threats. The NSA is largely tasked with global monitoring, collection, and processing of information and data for foreign intelligence and counterintelligence purposes. On the other hand, CISA defends the nation's critical infrastructure from both physical and cyber threats, helping to ensure the security, integrity, and resilience of the nation's critical infrastructure systems and networks. Both agencies collaborate to provide guidance and strategies to protect against evolving ...
9.19.23 > Brian Morgan Security burnout. A topic not often discussed, but certainly often experienced. Allow me to read off a few keywords for you here. Ready? EternalBlue. WannaCry. NotPetya. Heartbleed. Shellshock. Solarwinds. Log4J. Is your heart racing? Are your palms sweating? Are you dizzy, perhaps? If not, then chances are you either don’t work in information/IT security, or haven’t been paying enough attention over the past decade. These are the insidious incidents that kept IT and security staff late into the night. Sometimes all night, depending on the risk level. They were “significant emotional events” at most organizations. And ...
8.28.23 > Guest Blog Feature >Thomas Tomalla, Jr. History and Conflicting Priorities I’ve worked in situations where Information Technology (IT) teams and Operational Technology (OT) teams are different and don’t get along. The goal of this article is to demystify OT systems for IT teams, and help find common ground – Technology and Risk Management. IT is the use of computers to handle data, rather than handling it with paper or manual processes. This should be centered around the needs of the business and therefore, the needs of the users. OT is the use of computers to interface with things ...
8.23.23 > Eric Roeske Cyber Security Summit Think Tank representatives bring a fantastic mix of experience and expertise to ensure the Summit offers quality for a variety of audiences. Captain Eric Roeske of the Minnesota State Patrol is a Think Tank member who has more than 20 years of public service and additionally holds a Master of Science in Security Technologies from the University of Minnesota Technological Leadership Institute. “Serving all communities to build a safer Minnesota” is the mission of the State of Minnesota Department of Public Safety, under which the State Patrol is organized. This week’s blog highlights public sector ...
8.9.23 > Jeffrey Peal III Artificial intelligence (AI) is rapidly changing the way we live and work, and the field of information security is no exception. AI can be used to automate many of the tasks involved in information security, such as threat detection, incident response, and compliance reporting. However, AI can also be used to improve information security awareness training. Information security awareness training is essential for any organization that wants to protect its data and systems from attack. However, traditional information security awareness training can be boring and ineffective. AI can be used to make information security awareness ...
8.7.23 > Jeff Norem “We have enough security budget to properly protect the organization and meet all of our risk and compliance obligations,” said almost no CISO ever – especially those at small- to midsized organizations. Most of us know budgets will always be tight, so how can we continue to improve without budget busting? Below are three ideas you can use to get more out of your security budget. Define your operating model – craft and share your security story How good is your security program documentation? Do you have a standard control and operating procedure formats and quality? ...
Click the link to access > joint_csa_preventing_web_application_access_control_abuse ...
7.26.23 > Lee Ann Villella Protecting people and defending data in the face of cyber threats is crucial based on trends and patterns that have emerged in the cybercriminal landscape. Several key factors include: Evolution of Cybercriminal Business Models: Cybercriminals have honed their strategies and now primarily focus on three profitable business models: ransomware, data extortion, and business email compromise (BEC). These models have proven to be highly lucrative, outcompeting other illicit activities. Prevalence of Ransomware and Data Extortion: Ransomware attacks have become increasingly common, where cybercriminals encrypt victims' data and demand ransom payments to release it. Data extortion is ...