Six Crucial Network Segmentation Actions

March 26, 2019 | By:

We are constantly barraged with new technologies and techniques for securing the enterprise. Every new thing we are told is crucially important, and if you don’t master all of it now, you are the next breach headline. It is intimidating to say the least. It is easy to look past the basics of securing the…


Don’t Delay, Migrate Today (Away from SSL/Early TLS)

August 08, 2018 | By:

For those tempted to delay migration away from Secure Sockets Layer (SSL)/early Transport Layer Security (TLS)—don’t wait! This includes all versions of SSL and version 1.0 of TLS (TLS v1.1 and newer are fine). For Payment Card Industry Data Security Standard (PCI-DSS) compliance, you can’t simply migrate sometime before your next PCI audit. Rather, you…


PCI v3.2.1 is here!

May 18, 2018 | By:

Version 3.2.1 of the PCI DSS was just released by the PCI Security Standards Council (PCI-SSC). As a minor version, it primarily included clarification updates and one correction to a requirement reference. Most of the changes center around the removal of the January 31st date, which expired this year. Appendix A2.1-A2.3 was updated to focus…


A Different Take on Exam Prep: CISSP

September 29, 2017 | By:

I just passed the CISSP examination. I saw what many did to prepare for their exam, and I did something else. I needed something faster to arrive at passing results. First off, the CISSP is “Certified Information Systems Security Professional”. It is an advanced credential requiring not just a passing exam score, but also dedicated…