BLOG Latest Blog February 3, 2023Emerging Use Cases for Cyber Threat IntelligenceWhat is cyber threat intelligence and how are businesses leveraging it today? Does it have reactive or proactive use cases, Learn More Tags/Blog Search Choose 1 or more topics below to expand your search: February 3, 2023How Does Cyber Threat Intelligence Relate to Attack Surface Management or Digital Risk Management?Continue Reading February 2, 2023Still Think Your Org Has Nothing Hackers Want?Continue Reading February 2, 2023Cybercrime Business Models and Supply ChainsContinue Reading February 1, 2023How Financially Motivated Cybercriminals Really Operate, and Why You (as an Org with Exploitable Assets) Should CareContinue Reading February 1, 2023Understanding How Cybercriminals Operate Can Protect Your BusinessContinue Reading January 26, 2023What’s New and Exciting with AWS Security?Continue Reading January 25, 2023Public Cloud Consumers: Is Your Management Plane Secure?Continue Reading January 25, 2023What are the Most Important AWS Security Tools that Every Org Should Use?Continue Reading January 25, 2023Why Do So Many Orgs Stumble on Cloud Security?Continue Reading January 25, 2023Different Public Cloud Services Equal Different Shared Security Responsibilities with Your CSPContinue Reading January 25, 20232 Top Security Problems that AWS Users Cause ThemselvesContinue Reading January 25, 2023AWS Cybersecurity Best Practices—From Amazon’s Security Solutions ArchitectContinue Reading January 23, 2023Cyber Insurance Considerations for DIB OrgsContinue Reading January 23, 2023Export Controlled Data: What is It and Why Should We (as a US Government Contractor) Care?Continue Reading January 23, 2023DIB Orgs: Here’s How to Avoid False Claims Act SanctionContinue Reading January 23, 2023Should You Voluntarily Disclose a CUI Incident or Data Breach?Continue Reading January 23, 2023CUI Basic and CUI Specified—What’s the DifferenceContinue Reading January 23, 2023Understanding the Legalities around Controlled Unclassified Information (CUI)Continue Reading January 18, 2023Security Staffing Moves for a Down EconomyContinue Reading January 18, 2023Want to Work Smarter Not Harder in a Down Economy? Embrace Security Automation.Continue Reading January 18, 2023In a Down Economy, Ensure You’re Getting the Max from Security InvestmentsContinue Reading January 18, 2023Why You Should Keep Making Needed Security Investments in a Down EconomyContinue Reading January 18, 2023Why Aligning Cybersecurity with Trusted Frameworks is More Important than Ever in a Down EconomyContinue Reading January 17, 2023A Cybersecurity Strategy is More Critical Than Ever in a Slow EconomyContinue Reading January 17, 2023John Verry’s Top 10 Ideas to Advance Security and Compliance Even in a Tight EconomyContinue Reading January 13, 2023CMMC Rulemaking Changes Again—What’s the Timeline Now?Continue Reading January 5, 2023Leveraging OOTB “Policy as Code” for Cloud Security Posture ManagementContinue Reading January 5, 2023Addressing False Positives and Alert Fatigue across Enterprise Security ToolsContinue Reading January 5, 2023Your Cloud Security Posture Needs Both Preventive and Detective/Corrective ComponentsContinue Reading January 4, 2023Governance as Code—Is It the Answer to Cloud-Native Security?Continue Reading January 4, 2023Security, Compliance and Governance in the Cloud—How Do They Relate?Continue Reading January 4, 2023Dynamic Relationships between Governance, Security, and ComplianceContinue Reading December 28, 2022Is Your Board Prepared for the SEC’s New Cybersecurity Regulations?Continue Reading December 20, 2022Is Attack Surface Management Right for SMBs?Continue Reading December 20, 2022Factoring Third-Party Risk into Attack Surface ManagementContinue Reading December 19, 2022How Much of Your Attack Surface is Beyond Your Visibility?Continue Reading December 19, 2022Is It Still a Data Breach if the Data was Outside Your Infrastructure?Continue Reading December 19, 2022How Do Assets Relate to Attack Surface Management?Continue Reading December 15, 2022What is Digital Business Risk Management and Why is It So Valuable to Security Leaders?Continue Reading December 15, 2022Is Digital Business Risk Management the Future of Attack Surface Management?Continue Reading November 23, 2022Monitoring Security of Your Deployed Public Cloud ApplicationContinue Reading November 22, 2022Validating Security Within Your DevOps PipelineContinue Reading November 10, 2022Time’s (Almost) Up for California Privacy ComplianceContinue Reading November 21, 2022Skills to Look for in Developers to Move Your Applications to the CloudContinue Reading November 18, 2022Should We Containerize Our Cloud-Based Application?Continue Reading November 17, 2022Should You Outsource Managing Your App Along with Building It?Continue Reading November 16, 2022Are There Any Simple Templates to Help Manage a Secure Web App in the Public Cloud?Continue Reading November 15, 2022The Complexities of Deploying a Secure Application in the CloudContinue Reading November 14, 2022What are a New Privacy Lead’s Biggest Challenges? (From a Fortune 500 CPO)Continue Reading November 11, 2022Tips from a Fortune 500 CPO on Automating Your Privacy ProgramContinue Reading November 10, 2022Tackling the Legal Side of Privacy without Becoming a LawyerContinue Reading November 9, 2022How Does Physical Security Tie into Privacy?Continue Reading November 7, 2022The New Intersection of Privacy and Security (from a Fortune 500 CPO)Continue Reading November 7, 2022The Intersection of Privacy & SecurityContinue Reading October 26, 2022What Will It Take to Survive a Third-Party CMMC Level 2 Assessment?Continue Reading October 26, 2022DIB Orgs: Here’s What’s Up with CMMC “Flowdown” and New Pressures from PrimesContinue Reading October 25, 2022We Don’t Think We Need CMMC Level 2 but the Government Says We Do…Continue Reading October 25, 2022Should We Pursue a Voluntary CMMC Assessment?Continue Reading October 24, 2022Is There a Path for Non-US Companies to be CMMC Certified?Continue Reading October 24, 2022ISO 27001 Certified Orgs—Here’s the Latest on CMMC ReciprocityContinue Reading October 24, 2022House Approves Updated FedRAMP Authorization ActContinue Reading October 21, 2022Can SMBs Afford CMMC Level 2 Certification?Continue Reading October 21, 2022When Do We Need to Be CMMC 2.0 Certified?Continue Reading October 20, 2022DIB Orgs: Here are Answers to Your Top CMMC Encryption and MFA QuestionsContinue Reading October 20, 2022Does My DIB Org Need a SIEM for CMMC ComplianceContinue Reading October 19, 2022Your Top CMMC Questions AnsweredContinue Reading October 14, 2022SME InfoSec Leads: Here’s How to Kickstart a Privacy ProgramContinue Reading October 17, 2022How Automation Can Help Operationalize a Privacy ProgramContinue Reading October 13, 2022How Automation Can Help with Data Privacy Impact AssessmentContinue Reading October 12, 2022SMEs: Do You Know Where All Your Customers’ Personal Data Resides?Continue Reading October 11, 2022SMEs: Are Your Customers Pushing You Towards a Privacy Program?Continue Reading October 10, 2022The Two Audiences For Privacy & How They Drive Data CollectionContinue Reading October 7, 2022Is Cybersecurity Certification Worth the Effort?Continue Reading October 6, 2022Can Disaster Recovery and Business Continuity Help with Software Supply Chain Risk Assessment?Continue Reading October 5, 2022Can Cybersecurity Frameworks Help with Software Supply Chain Risk Management?Continue Reading October 4, 2022Supply Chain Risk Management and Third-Party Risk Management: What’s the Difference?Continue Reading October 3, 2022What is Software Supply Chain Risk Management and Why Should We (as an Org That Uses Software) Care?Continue Reading October 3, 2022The FTC’s Intensified Prosecution of Deceptive Cybersecurity and Privacy Practices: Here’s What You Should KnowContinue Reading September 30, 2022Unpacking Critical Elements of Supply Chain Risk ManagementContinue Reading September 30, 2022PATCH Act Legislation Could Expand Medical Device Manufacturing Cybersecurity RegulationsContinue Reading September 27, 2022NIST Update on HIPAA Security Rule Can Help Your Org Reduce ePHI Risk ExposureContinue Reading September 19, 2022OMB Mandates US Federal Agencies to Comply with NIST Guidance on Software Supply Chain SecurityContinue Reading August 8, 2022How Does the NIST Secure Software Development Framework (SSDF) Compare with OWASP SAMM, BSIMM, etc.?Continue Reading August 4, 2022What is the Software Development Lifecycle and Why is It Central to Software Security?Continue Reading July 28, 2022The Cyberspace Solarium Commission Report and CMMC—How Do They Connect?Continue Reading July 28, 2022We Need Public/Private Partnership to Fight the Cyber War We’re InContinue Reading July 27, 2022What is the Cyberspace Solarium Commission Report and Why Should I Care?Continue Reading July 22, 2022How Does DevOps Impact Your Database Security?Continue Reading July 21, 2022How Moving to the Cloud Impacts Your Database SecurityContinue Reading July 20, 20223 Reasons Why Database Security is UndervaluedContinue Reading July 20, 20225 Top Database Risks You Didn’t Know You HadContinue Reading July 19, 2022Confronting the Wild West of Database SecurityContinue Reading July 18, 2022The Argument for More Board-Level Cybersecurity ExpertiseContinue Reading July 15, 2022What is “Secure By Default” and How Do We Get There?Continue Reading July 14, 2022Looking Beyond Trusted Frameworks to Achieve Robust CybersecurityContinue Reading July 13, 2022Bridging the Gap Between Cybersecurity and the Business WorldContinue Reading July 8, 2022Does Your Cyber Liability Insurance Fit with Your Total Insurance Coverage?Continue Reading July 8, 20223 Top Reasons Why an Attorney Should Review Your Cyber Liability Insurance PolicyContinue Reading July 8, 2022Are Cyber Liability Insurance Companies (Entirely) to Blame for Today’s Onerous PremiumsContinue Reading July 8, 2022Why Cyber Liability Insurance Has Become the “Wild West”Continue Reading July 7, 2022Legal and Infosec Strategies to Deal with Exploding Cyber Liability Insurance PremiumsContinue Reading September 1, 2022DIB Orgs: Time is Almost Up for DFARS and NIST 800-171 ComplianceContinue Reading August 26, 2022What is the OWASP Software Assurance Maturity Model (SAMM) and Why Should We (as an Org That Develops Software) Care?Continue Reading August 26, 2022Applying the OWASP Software Assurance Maturity Model (SAMM) in Your EnvironmentContinue Reading August 30, 2022OWASP SAMM’s 5 Business Functions UnpackedContinue Reading August 29, 2022BSIMM and OWASP SAMM ComparedContinue Reading August 29, 2022Using OWASP’s Software Assurance Maturity Model (SAMM) and Application Security Verification Standard (ASVS) TogetherContinue Reading August 25, 2022Breaking Down the Latest in Software Security Standards & the Impact on SaaS BusinessesContinue Reading August 23, 2022Top Use Cases for Continuous API SecurityContinue Reading August 22, 2022What is Continuous API Scanning and Why Should We (as App Developers) Care?Continue Reading August 22, 2022What are the Financial Benefits of API-Level Security?Continue Reading August 19, 2022How Does an API-First Architecture Affect Your App Attack Surface?Continue Reading August 19, 2022Application Security and API Security are Becoming Synonymous—Are You Ready?Continue Reading August 18, 2022What You Need to Know about APIs and API SecurityContinue Reading August 12, 2022Aligning Security with Business Goals to Create More ValueContinue Reading August 12, 2022The “Value Creation” Side of Return on Security Investment (ROSI) EstimatesContinue Reading August 11, 2022A Risk-Based Approach to Calculating Return on Security Investment (ROSI)Continue Reading August 11, 2022Return on Security Investment (ROSI): What is It and How Do You Calculate It?Continue Reading August 10, 2022How to Measure the Value of Information SecurityContinue Reading August 8, 2022What’s the Effort to Align Your Dev with the NIST Secure Software Development Framework (SSDF)?Continue Reading August 4, 2022Making the Most of the CMMC Assessment Guidance from the CyberABContinue Reading August 5, 2022Here’s Why Software Vendors Should Align with the SSDF Whether Mandated or NotContinue Reading August 5, 2022Why Does the USG Think We Need the NIST Secure Software Development Framework (SSDF)?Continue Reading August 4, 2022What is the NIST Secure Software Software Development Framework and Why Should We (as a Software Vendor) Care?Continue Reading August 3, 2022What NIST’s Secure Software Development Framework Means to YouContinue Reading July 26, 2022US Gov. Cybersecurity Roadmap: Where it came from and Where is it Going?Continue Reading August 1, 2022US Government Threat Intelligence Programs: Where Are They Headed?Continue Reading July 29, 2022Recent White Papers from the Cyber Solarium Commission—What is Their Purpose?Continue Reading July 29, 2022What is the Cyberspace Solarium Commission 2.0 Project and Why Should I (as a US Citizen) Care?Continue Reading July 27, 2022What is Continuity of the Economy Planning and Why Should I (as a US Citizen) Care?Continue Reading July 21, 2022Your Database Attack Surface is Bigger than You ThinkContinue Reading July 14, 2022The Strategy Behind the Gula Tech Adventures PortfolioContinue Reading July 18, 2022Why Philanthropy is Important in CybersecurityContinue Reading July 14, 2022How Do You Know If Your Business is Really Secure?Continue Reading July 11, 2022What is a Breach Counselor and Why Do We (as an Org with Cyber Liability Insurance) Care?Continue Reading July 11, 2022Do You Know Your Cyber Liability Insurance Obligations?Continue Reading June 30, 2022CMMC 2.0: Is Certification Worth the Cost and Risk?Continue Reading June 29, 2022CMMC 2.0: Choose Your Registered Provider Organization CarefullyContinue Reading June 28, 2022CMMC 2.0: DoD Emphasizes “Nothing Has Changed” (So Why Aren’t You Ready?)Continue Reading June 27, 2022CFIUS Cybersecurity Considerations: Here’s What You Need to KnowContinue Reading June 27, 2022CMMC 2.0: DoD Clarifies Rollout Schedule and MoreContinue Reading June 24, 2022Benefits of Categorizing NIST 800-171 Requirements as Technical Versus NontechnicalContinue Reading June 24, 2022Important Clarifications on CMMC v2 from CMMC Day May 9, 2022Continue Reading June 16, 2022What Really Drives Innovation in Cybersecurity?Continue Reading June 16, 2022Are We More or Less Secure than 20 Years Ago?Continue Reading June 15, 2022Investors are Targeting These Emerging Cybersecurity AreasContinue Reading June 15, 20223 Different Types of Private Equity Firms ExplainedContinue Reading June 14, 20225 Top Criteria for Venture Capitalists Evaluating Tech CompaniesContinue Reading June 14, 2022The Past, Present and Future of Cybersecurity From the Viewpoint of a Venture CapitalistContinue Reading June 9, 2022What is OWASP SAMM and Why Should We (as an Org that Develops Software) Care?Continue Reading June 7, 2022How Attack Surface Management Calculates Attack PathsContinue Reading June 7, 2022How Does Attack Surface Management Connect with Patch Management?Continue Reading June 6, 2022Top Scenarios for Implementing Attack Surface ManagementContinue Reading June 6, 2022NopSec’s Vision for Attack Surface ManagementContinue Reading June 3, 2022Attack Surface Management: Should It Cover Configuration Management?Continue Reading June 3, 2022What is Attack Surface Management and Why Should We (as an Org with Vulnerabilities) Care?Continue Reading June 2, 2022Understanding Attack Surface ManagementContinue Reading June 2, 2022Protecting CUI Nonfederal OrganizationsContinue Reading May 27, 2022Here’s What State-of-the-Art Entryway Security Looks LikeContinue Reading May 26, 2022Does My Business Need Better Entryway Security?Continue Reading May 25, 2022Why Physical Security and Cybersecurity are ConvergingContinue Reading May 24, 2022The Convergence of Physical & CybersecurityContinue Reading May 19, 2022CMMC 2.0 Level 3 Certification: What’s Up with That for MSPs/MSSPs?Continue Reading May 19, 2022MSPs/MSSPs: Here’s the Latest CMMC/NIST 800-171 Compliance TimelineContinue Reading May 18, 2022Why MSPs/MSSPs Should Develop a Shared Responsibility MatrixContinue Reading May 18, 2022When is an MSP/MSSP a CSP for CUI Protection Purposes?Continue Reading May 17, 2022MSPs/MSSPs: Are You Subject to “Flowdown” CUI Protection Requirements?Continue Reading May 17, 2022CMMC Compliance for MSPs/MSSPs: Taking a “Cross-Client” ApproachContinue Reading May 16, 2022CMMC Compliance for MSPs/MSSPs: 3 Shared Responsibility AnglesContinue Reading May 16, 2022What New CMMC Guidance Means for MSPs and MSSPsContinue Reading May 10, 2022Got Hardcopy CUI? NIST SP 800-171 Requirements Apply.Continue Reading May 9, 2022Step #8 to Retaining Security Talent: Win-Win CommunicationContinue Reading May 9, 2022Step #7 to Retaining Security Talent: Make Career Promotion Criteria Outlined & TransparentContinue Reading May 6, 2022Step #6 to Retaining Security Talent: Roles & Responsibilities are Clearly Defined & MeasuredContinue Reading May 6, 2022Step #5 to Retaining Security Talent: Consistent Management TrainingContinue Reading May 5, 2022Step #4 to Retaining Security Talent: Kindness-Only CultureContinue Reading May 5, 2022Step #3 to Retaining Security Talent: Self-Care CultureContinue Reading May 4, 2022Step #2 to Retaining Security Talent: Positive Attitude CultureContinue Reading May 4, 2022Step #1 to Retaining Security Talent: Emotionally Intelligent ManagersContinue Reading May 3, 20228 Ingredients for Baking Inclusivity into Your CultureContinue Reading April 22, 2022SEC Proposes New Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident DisclosureContinue Reading April 22, 2022The NIST Cybersecurity Framework Helps Business and Technical Leaders Communicate About SecurityContinue Reading April 22, 2022Cloud Controls MatrixContinue Reading April 22, 2022Local Storage Versus Cookies: Which to Use to Securely Store Session TokensContinue Reading May 2, 2022How Panther Helps Get You Real-Time Access to Arbitrary Security DataContinue Reading April 29, 2022Comparing the Cost of “SIEM”: How Much and Time-to-ValueContinue Reading April 28, 2022Get Proactive with Real-Time Streaming Security AnalyticsContinue Reading April 27, 2022Big Data, Snowflake and the Reinvention of SIEMContinue Reading April 26, 2022“The State of SIEM” and Why the Security Industry Needs to Move OnContinue Reading April 25, 2022What is “Serverless SIEM” and Why Should We (as an Org Trying to Detect Cyber Threats) Care?Continue Reading April 22, 2022Becoming More Efficient w/ a Cloud-Native Approach to Data SecurityContinue Reading February 2, 20223 Top Ways to Incorporate NIST 800-171 into Your ISO 27001 or SOC 2 ProgramContinue Reading February 2, 20224 Key Responses to New US Government Cybersecurity RegulationsContinue Reading February 2, 2022CISA, Critical Infrastructure and CUI: 3 New Drivers for the Future of Your ISO 27001 or SOC 2 Cybersecurity ProgramContinue Reading February 2, 2022A Brief History of Recent US Government Cybersecurity Guidance and Why You Should Care—Even If You Don’t Do Business with the USGContinue Reading December 3, 2021Are SaaS Customers a Bigger Business Risk to their Vendors than Vice Versa?Continue Reading December 3, 20214 Top Things Your SaaS Vendors Should Be Doing to Prove They’re SecureContinue Reading December 3, 2021AI-Based Threat Detection for SaaS Applications: “Suspenders to Backup Your Belt”Continue Reading December 3, 2021Customer Managed Encryption Keys: With Great Power Comes Great ResponsibilityContinue Reading December 3, 2021The Cloud Security “Shared Responsibility” Model is EvolvingContinue Reading December 3, 2021Here’s Why Cloud-Based Solutions are Now More Secure than On-PremContinue Reading April 15, 2022Using the CSA STAR Program for ProcurementContinue Reading April 14, 2022How the Cloud Security Alliance Addresses PrivacyContinue Reading April 13, 2022What is the CSA Cloud Controls Matrix and Why Should Everyone on the Cloud Care?Continue Reading April 12, 2022What is the Cloud Security Alliance and Why Should I (as Someone Selling or Buying Cloud Services) Care?Continue Reading April 11, 2022Essential Cloud Security & Compliance Tips from CSAContinue Reading April 8, 2022CMMC 2.0: What’s Ahead for the DIB?Continue Reading April 7, 2022Why is Management Buy-In a Challenge for CMMC Compliance?Continue Reading April 7, 2022Dib Orgs: Here’s How to Apply the CMMC Scoping Guide to OT AssetsContinue Reading April 6, 2022Dib Orgs: Why is Asset Management a Challenge?Continue Reading April 6, 2022Dib Orgs: What to Do If You Don’t Think You Have CUIContinue Reading April 5, 2022CMMC 2.0 ScopingContinue Reading April 5, 20223 Reasons Why It’s So Hard to Identify CUIContinue Reading April 4, 20223 Top Challenges with CMMC 2.0Continue Reading April 4, 2022Ongoing Challenges with CMMCContinue Reading April 8, 2022CMMC 2.0 Rulemaking: What are the Implications for Government Contractors Outside the DIB?Continue Reading April 4, 2022Fleet Device Management: Future PlansContinue Reading April 1, 2022How Malware SpreadsContinue Reading April 1, 2022Using Fleet’s Policy Feature for Configuration ManagementContinue Reading March 31, 2022Open Source Device Management—Can It Improve Your Vulnerability Management?Continue Reading March 30, 2022Open Source Device Management—Is It Right for Your Use Cases?Continue Reading March 29, 2022Open Source Device Management—It’s All About Transparency and FlexibilityContinue Reading March 28, 2022Is Open Source the Future of Endpoint SecurityContinue Reading March 25, 2022IoT Device Security: What to Look for from VendorsContinue Reading March 24, 2022IoT Security Guidance: What is Its Real-World Value?Continue Reading March 23, 2022Remotely Hacking IoT Devices: Here’s How It’s DoneContinue Reading March 23, 2022“AWS for Security” — A One-Stop Shop in the Making?Continue Reading March 22, 2022A Hardware Hacker’s Top Tips for Building Secure IoT DevicesContinue Reading March 22, 2022“AWS for Security” — Can It Also Support Compliance?Continue Reading March 22, 2022The New NIST Secure Software Development Framework: Why It’s So Important for the USG Supply ChainContinue Reading March 21, 2022“AWS for Security”—Can It Reduce Your Security Software Costs?Continue Reading March 21, 2022OK, So… What’s an IoT Device?Continue Reading March 18, 2022Are You Ready for “AWS for Security”?Continue Reading March 17, 2022The “AWS Approach” to Provable SecurityContinue Reading March 16, 2022The New ISO 27002:2022—What Does It Mean for Your ISO 27001 ISMS?Continue Reading March 16, 2022The Value of Attributes in the New ISO 27002:2022Continue Reading March 15, 2022The OMB’s Final Zero Trust Strategy: 8 Key TakeawaysContinue Reading March 15, 2022The New ISO 27002:2022—What’s New with the Controls?Continue Reading March 15, 2022The New ISO 27002:2022—What are “Themes” and Why are They Cool?Continue Reading March 14, 2022The New ISO 27002:2022 — How Was It Developed?Continue Reading March 14, 2022What Does the New ISO 27002 Update Mean for You?Continue Reading March 14, 2022DIB Orgs: Can You Identify CUI?Continue Reading March 14, 2022DIB Orgs: Your SPRS Score, System Security Plan and POAMs Had Better Be for RealContinue Reading March 11, 2022Continuous Compliance: What Are the Business Benefits?Continue Reading March 11, 2022Continuous Compliance for DIB Orgs: What Are Some Examples?Continue Reading March 10, 20223 Inescapable Reasons Why DIB Orgs are Now Reliant on Their Compliance ProgramsContinue Reading March 10, 2022CMMC 2.0 Compliance—What Will It Look Like at Level 1 or Level 2?Continue Reading March 10, 2022Microsoft Just Endorsed ISO 27001 (and ISO 27701) Over SOC 2! Here’s What It Means to YouContinue Reading March 9, 2022CMMC 2.0 Compliance—Here’s What to Focus on NowContinue Reading March 9, 2022Continuous Compliance—What is It and Why Should You (as a DIB Org) Care?Continue Reading March 8, 2022John Verry’s 2022 InfoSec Prediction #8: CSPs Up Their Security GameContinue Reading March 8, 2022John Verry’s 2022 InfoSec Prediction #7: Software Security Goes MainstreamContinue Reading March 7, 2022John Verry’s 2022 InfoSec Prediction #6: Companies Will Look to Shorten Their Vendors ListsContinue Reading March 7, 2022John Verry’s 2022 InfoSec Prediction #5: “Our Compliance Officer” and/or “Our GRC Platform” Enter Your LexiconContinue Reading March 4, 2022John Verry’s 2022 InfoSec Prediction #4: The Use of Fractional/Virtual CISOs Will Continue to Grow RapidlyContinue Reading March 4, 2022John Verry’s 2022 InfoSec Prediction #3: Supply Chain Risk Management Will Continue to Grow in ImportanceContinue Reading March 3, 2022John Verry’s 2022 InfoSec Prediction #2: Cyber Liability Insurance Premiums and Due Diligence Will Increase SignificantlyContinue Reading March 3, 2022John Verry’s 2022 InfoSec Prediction #1: Zero Trust Moves from Buzzword to RealityContinue Reading March 3, 2022New False Claims Act Initiative Could Increase Federal Contractors’ Cyber Compliance RiskContinue Reading March 3, 2022It’s Hard to Spell Security with API (Translation: You Need an AppSec Strategy)Continue Reading March 2, 2022CMMC 2.0 and NIST 800-171—Pressure from Primes Could Accelerate Compliance TimeframesContinue Reading March 2, 2022John Verry’s 2022 InfoSec Predictions: Challenges & ResponsesContinue Reading March 2, 20222021 Cyber Incident Year in ReviewContinue Reading February 2, 2022Can Attack Surface Management Help with Incident Response?Continue Reading February 1, 2022Can Attack Surface Management Help with Vulnerability Assessment?Continue Reading January 31, 2022How Attack Surface Management Can Help Reduce Supply Chain Security RisksContinue Reading January 27, 2022How I Got root on a ThermostatContinue Reading January 25, 2022Are You Ready for the New ISO 27001:2022?Continue Reading January 24, 2022How (Not) to Perfect Your ISO 27001 Information Security Management System in Only 3 YearsContinue Reading January 21, 2022New Senate Bill Proposes Multiple Changes to FedRAMP ProgramContinue Reading January 17, 2022All Federal Contractors are Already Subject to NIST 800-171 Requirements—Not Just the DIBContinue Reading January 10, 2022Attack Surface Management with RiskIQ’s PassiveTotal PlatformContinue Reading January 6, 2022Attack Surface Management: Dark Web Deep-Dives and MoreContinue Reading January 4, 2022What is Attack Surface Management and Why Should We (as an Organization at Risk of Cyberattack) Care?Continue Reading January 3, 2022Cybersecurity Impacts of COVID-19: 2022 UpdateContinue Reading December 21, 202110 Top CMMC Assessment Checklist ResourcesContinue Reading December 22, 2021‘Twas the Night after Christmas, and the Hackers were Stirring…Continue Reading December 17, 2021Web Application Attacks are Skyrocketing—Don’t Get Caught in the CrossfireContinue Reading December 14, 2021Go easy on the cookies this holiday season: Stay safe by avoiding unwanted browser cookies!Continue Reading December 13, 2021Severe Log4j 2 Vulnerability Puts Huge Swath of Enterprise and SaaS Apps at Grave RiskContinue Reading December 10, 2021Skills SMBs Should Look for in a Privacy LeadContinue Reading December 9, 2021Why the Latest Raspberry Pi CVE is (Almost) Completely BogusContinue Reading December 7, 2021We Need to Comply with GDPR. Should We Get ISO 27701 Certified?Continue Reading December 8, 2021‘Tis the Season to Be Hacked—Don’t Let It Happen to Your BusinessContinue Reading December 6, 2021We Need ISO 27001 and GDPR/CCPA Compliance. Should We Do ISO 27701 Concurrently?Continue Reading December 3, 20214 Essential Steps to Privacy ComplianceContinue Reading December 2, 2021Privacy Laws Can Be a Matter of Life and DeathContinue Reading December 1, 2021Why Cybersecurity and Privacy Should Be Viewed as Two Entirely Separate DisciplinesContinue Reading November 30, 2021Cyber Standards to Protect CUI are Coming for All US Government SuppliersContinue Reading November 26, 2021CMMC 2.0 and NIST 800-171—Pressure from Primes Could Accelerate Compliance TimeframesContinue Reading November 19, 202195% of Board Members Say Information Security Strategy is Now CriticalContinue Reading November 18, 2021Trusted Information and Its Role in Validating Your Information Security ProgramContinue Reading November 22, 2021Getting to a Trusted Information Security EcosystemContinue Reading November 17, 2021GCC High and Gap Assessments!Continue Reading November 16, 2021CMMC 2.0 and the False Claims Act—Be Careful What You Sign!Continue Reading November 15, 2021CMMC 2.0: What’s New and What’s Not for Orgs Handling CUI?Continue Reading November 12, 2021CMMC 2.0: What’s New and What’s Not at “Level 1” (FCI Only)?Continue Reading November 8, 2021Operationalizing Your Information Security StrategyContinue Reading November 10, 2021What is the NIST SP 800-218 (Draft) “Secure Software Development Framework” and Why Should We (as an Org Selling Software to the USG) Care?Continue Reading November 5, 2021CMMC Piloting Efforts Suspended… Frustrating But Not Surprising (and Optimistic for “CMMC 2.0”)Continue Reading November 2, 2021Got an Information Security Strategy? Here’s How to Get Started.Continue Reading November 1, 2021Why a Trusted Framework Should Be Part of Your Information Security StrategyContinue Reading October 29, 2021What is an Information Security Strategy and Why Do We Need One?Continue Reading October 27, 20215 Pillars of “Continuous Controls Monitoring” in DevOps EnvironmentsContinue Reading October 26, 2021Will External Auditors Accelerate the Move to New Compliance Models?Continue Reading October 28, 20218 Trillion Reasons Why CMMC Matters to You (Even if You’re Not in the Defense Supply Chain)Continue Reading October 21, 2021What Does the Future of Compliance in a CI/CD Pipeline Look Like?Continue Reading October 20, 2021We Need a New Compliance Model for the DevOps EraContinue Reading October 19, 2021What the New ISO 27001:2021 Release Will Mean to YouContinue Reading October 13, 2021Don’t “Over-Commit and Under-Deliver” on Your ISO 27001 ControlsContinue Reading October 12, 2021ISO 27001 Top Tip: Focus on Process, Not ControlsContinue Reading October 11, 2021Think Beyond ISO 27001 Certification While You’re Prepping for ItContinue Reading October 6, 2021Don’t Rush Your ISO 27001 CertificationContinue Reading October 7, 2021Why the DOD’s Review of CMMC Will Mean More to C3PAOs Than It Will to DIB ContractorsContinue Reading October 5, 2021ISO 27001 Doesn’t Require as Much Documentation as You ThinkContinue Reading October 4, 2021Senior Management Can’t Just “Rubber Stamp” ISO 27001 CertificationContinue Reading October 1, 2021Don’t Assume Your IT Staff Will “Handle” ISO 27001 CertificationContinue Reading September 30, 2021ISO 27001 Doesn’t Tell You How to Implement Controls – Your Scope and Risk DoContinue Reading September 28, 2021You Don’t Define Your ISO 27001 Scope – Your Information DoesContinue Reading September 29, 2021Do You Need a Score in SPRS to Be DFARS 7012 Compliant?Continue Reading September 27, 2021ISO 27001 Certification Shouldn’t Start with a Gap AssessmentContinue Reading September 24, 2021This is Why Your Information Security Advisor Should Be Focused on Strategy, Not Tactics/ProductsContinue Reading September 23, 2021Here’s How to Fix Your Cybersecurity ProgramContinue Reading September 22, 2021Why Products are the Least Important Element of Your Cybersecurity ProgramContinue Reading September 21, 2021Pivot Point Security in a NutshellContinue Reading September 20, 2021Step 2 to “Provably Secure and Compliant” – Execute on Your VisionContinue Reading September 16, 20213 Things Every SMB Needs to Become “Provably Secure and Compliant”Continue Reading September 17, 2021Step 1 to “Provably Secure and Compliant” – Establish Your VisionContinue Reading September 15, 2021Sharing is not always caring: Back to Work, Back to School? Protect Your Devices with These Golden Rules!Continue Reading September 14, 2021The Cyber Executive Order: What Does the “SolarWinds Section” Mean for Software Vendors and Their Federal Customers?Continue Reading September 13, 2021The Cyber Executive Order: 5 Coming Changes for Federal AgenciesContinue Reading September 10, 2021The Cyber Executive Order: What Does It Say about Zero Trust?Continue Reading September 9, 2021The Cyber Executive Order: Will It Bring New Regulations for Critical Infrastructure?Continue Reading September 8, 2021The Cyber Executive Order: What is the “Tone from the Top”?Continue Reading September 7, 2021Password Screening Services: How Much Risk Can They Eliminate?Continue Reading September 3, 2021Best-Practice Password Policy and the Research Behind ItContinue Reading September 2, 2021Password Attack! Here’s Why You Want to Prevent Account TakeoversContinue Reading September 1, 2021You Don’t Need to be CMMC Compliant, You Need to Be DFARS Compliant (A Kardashian Parable)Continue Reading August 31, 2021What is BreachSense and Why Do We (as an Org with Password Risk) Care?Continue Reading August 27, 2021Is Information Security an Oxymoron without Information Governance?Continue Reading August 30, 2021When Will Information Governance “Come of Age”?Continue Reading August 26, 2021Information Governance is a Business EnablerContinue Reading August 24, 2021Here’s Why Companies Struggle to Delete DataContinue Reading August 23, 2021How Privacy is Driving the Need for Information GovernanceContinue Reading August 20, 2021Information Governance and Information Security: How Do They Connect?Continue Reading August 19, 2021What is Information Governance and Why Do We (as an Org with PII) Care?Continue Reading August 18, 2021We Passed Our CMMC/NIST 800-171 Assessment! Now What?Continue Reading August 17, 2021What Happens If You Fail Your CMMC/DIBCAC Assessment?Continue Reading August 16, 2021Your CMMC/DIBCAC Assessment – What If You Disagree with an Assessor?Continue Reading August 25, 2021Using Python and Machine Learning to Predict Cyber Attacks: A Summer Intern’s StoryContinue Reading August 13, 2021CMMC/DIBCAC Assessment: Let’s Walk Through the Audit ProcessContinue Reading August 12, 2021CMMC/DIBCAC Assessment: Here’s What to Expect at Your Kickoff MeetingContinue Reading August 11, 2021What Evidence Will CMMC or NIST 800-171 Assessors Ask For?Continue Reading August 10, 20215 Top Prep Steps for Your CMMC or NIST 800-171 AssessmentContinue Reading August 9, 2021IoT Devices: The Lord Giveth and He Taketh AwayContinue Reading