Information Security

Taming the Jungle: Hardening your AWS infrastructure

After nine tutorials, sixteen posts on stack overflow, and several hours or workweeks of effort you’ve finally done it. You’ve finally got something in Amazon Web Services (AWS) to work as expected. It could have been something as simple as a static hosted site, or as complicated as a massive blockchain distributed machine learning web …

Taming the Jungle: Hardening your AWS infrastructure Read More »

Professionally Evil CISSP Certification: Breaking the Bootcamp Model

ISC2 describes the CISSP as a way to prove “you have what it takes to effectively design, implement and manage a best-in-class cybersecurity program”.  It is one of the primary certifications used as a stepping stone in your cybersecurity career.   Traditionally, students have two different options to gain this certification; self-study or a bootcamp.  Both …

Professionally Evil CISSP Certification: Breaking the Bootcamp Model Read More »

Compliance is not Security

Many folks get confused about the difference between security and compliance. Many, especially those less technically inclined, assume that fulfilling compliance obligations sufficiently addresses security. Unfortunately, that’s not true as demonstrated by the continuing rise of security breaches each year. In this post, I’ll briefly explain the difference between security and compliance, and then outline …

Compliance is not Security Read More »

Watching yOUr Permissions

Often, one of the main goals of a pen tester is to get Domain Admin (DA) rights in a client’s Windows network.  But why do we want to get that level of access? For some, it may just be the satisfaction of navigating far enough to compromise the DA account.  But, in reality, gaining DA …

Watching yOUr Permissions Read More »

Current State of Security in Healthcare

Healthcare organizations are a prime target for many malicious individuals and organizations in the information age. Identity thieves, blackmailers, and even the curious public are attracted to the intense amounts of personal information a healthcare organization must collect to provide adequate levels of care. Understanding the current state of security in healthcare is paramount to …

Current State of Security in Healthcare Read More »

Ransomware Intelligence Briefing

Ransomware Intelligence Briefing Media reporting on the WannaCry ransomware campaign has contained exaggeration, bad information, and fear tactics. This Bulletin seeks to provide Secure Ideas partners situational awareness about malware, ransomware, and phishing campaigns in the wild, and to provide a basic plan for businesses. The Secure Ideas Perspective Coverage of the WannaCry ransomware campaign has …

Ransomware Intelligence Briefing Read More »

Scroll to Top