It seems like a hundred years ago, but in 1996, I briefly infiltrated a group of conspiracy theorists–”sovereign citizens”–and wrote a few news stories and an analysis piece about them. They quit speaking to me after the first one was published, and I received threatening phone calls at the newsroom. The group was newsworthy because […]
In my younger days, I administered WSUS on a small (300 servers or so) network. Every once in a while, I ran into an issue where a server just didn’t want to talk to WSUS. These days, some companies prefer to push patches with SCCM but it uses the same mechanism to push patches. Apparently […]
Yesterday I read, via Ars Technica, that the malware resided on cash registers (which I’d heard elsewhere before), and that the first step to getting there was via a compromised web server. And that led to a question in the comments, that sounds like it came from an IT professional: don’t they have their network […]
Although interest in 4K television is understandably lukewarm at best–high definition only arrived about 15 years ago, the standard it replaced lasted half a century, few people are itching to replace the sets they’ve bought in the last decade when they still work, and there’s precious little 4K content–39-inch 4K televisions are proving to be […]
A lot of organizations equate security with regulatory compliance–they figure out what the law requires them to do, then do precisely that. Forward-thinking organizations don’t. They see security as a way to get and maintain a competitive advantage, and rather than measure themselves against regulations that are often nearly out of date by the time […]
My logging system died rather abruptly one week. It started with the Active Directory account some of our servers use locking. I got the account unlocked–someone else has those rights–and the system came back to life for a while, but then we had to repeat, and each time we repeated, “a while” grew shorter and […]
After a bad day at work last week, I went home and ordered The Phoenix Project (or here it is on Amazon), started reading it, and felt better. Like Office Space, but there’s more to learn from it. Phoenix is more realistic. Every problem every shop I’ve ever worked in is in that shop, plus […]
I’ve written before about using the hosts file to block domains that are hosting malware. The idea is pretty simple. There’s a known list of domains that are either hosting or controlling malware, so by blocking your computer from accessing those domains, you make it much harder to get infected in the first place, and […]
I had a search query about getting started in regulatory compliance, which I’ve written about before, but more from an organizational perspective. That won’t help you much from a career perspective. I think most any CISSP will answer that question similarly, so I’ll take a stab at it.
I’m working right now for a Fortune 25 company. This story is going to sound like bragging, so I’ll ask forgiveness in advance. Maybe if I mention I’m a contractor, then it’s not bragging quite so bad.