Is Zoom’s Lack of End-To-End Encryption a Problem?

April 2, 2020

All of the work-from-home activity coupled with all of the media about Zoom’s lack of end-to-end (E2E) encryption has resulted in a few clients asking us if Zoom can still be trusted to host meetings. It’s not exactly as they portray For those of you catching up, Zoom’s privacy and security have been the target…

Read

Securing a Remote Workforce: Top Five Things to Focus on For Everyone

March 25, 2020

Deploying a remote workforce is uncharted territory for some organizations, while others have been perfecting the model for years. Most security programs have different ways to handle their workforce. For on-premise users, which has traditionally used more of castle mentality where you attempt to prevent outsiders from penetrating the network perimeter (similar to a castle…

Read

Crossover Sec: Breaking Down the Silos

March 24, 2020

People who know me well, or who saw the Derbycon 6 talk I gave with Adam Hogan, “Adaptation of the Security Sub-Culture,” know of my non-InfoSec hobby and history of playing in loud bands that recorded and toured across the U.S. and Canada, mostly in the 90s. It was music in the 80s that had…

Read
security risk graphic

Top Six Security and Risk Management Questions

March 12, 2019

Recently, Gartner put out a report on the top 10 inquiries regarding security projects. The report is based on their analysis of over 10,200 client interactions covering relevant security and risk management topics from July 2018 through January 2019 (see the research here). Interestingly enough, Trustedsec has heard similar inquiries regarding product offerings in discussions…

Read
blog icon header

Current Security Trends in 2019

February 7, 2019

As the information security industry continues to mature, several things have changed, but many of the fundamental issues remain—even in the face of new technologies, threats, and regulations. Understanding and responding to current trends provides the opportunity for security and risk management leaders to better improve security, increase resiliency, and support the business. With renowned…

Read
checkmark graphic

Few cons to bringing in the pros: Why should you have a third-party risk and security assessment?

January 10, 2019

At TrustedSec, we get about 400-500 inquiries for security assessments every year.  Some of the questions we still hear quite often are: Why does our company need to do a risk and security assessment? Why can’t we just do it ourselves? We already know we’re terrible—why do we need you to tell us that? There…

Read
yocum security analogy graphic

The Three Best Security Analogies I Know (and How to Use Them)

October 29, 2018

When it goes well, explaining security concepts to coworkers, friends, and family is one of the best parts of being in the security industry. It helps others make more risk-aware decisions, reduces ‘inarticulate tech geek’ stereotypes, and enhances soft-skills. Unfortunately, explanations do not always go well. Audiences need to be in the right state of…

Read
network map

Preparing for (IoT) Segmentation: Six Steps to Get Your Functional Requirements Right

July 12, 2018

Recently, a client of ours expressed interest in segmenting their existing, flat network. The existence of these types of non-segmented networks is still very prevalent, especially in the manufacturing, supply chain, and medical verticals. The primary reason the organization wished to move on this initiative was in an effort to reduce the scope of their…

Read
segmentation blog graphic

How IoT and Digitization Are Driving Renewed Demand for Segmentation

July 11, 2018

Background The idea of Segmentation is pretty simple: put your crown jewels (i.e. your highest risk assets) in a small container, then heavily secure and monitor that. It is simply too difficult to secure everything equally. Why Now? With “digital” drivers to improve experiences, automate operations or change business models, there is now a need…

Read

Continual compliance

May 14, 2015

So much has been written on security versus compliance and continual compliance that it seems at times that discussing it is beating a dead horse. That being said, it is a dead horse that needs to be beaten, as we continuously come across situations where organizations find themselves in a mad dash to get into…

Read
  • Browse by Category

  • Clear Form