Weekly Update #8 – CONs and Security Awareness

2018 ISACA New England Conference This week I was fortunate enough to attend the 2018 ISACA New England Conference. Between catching up with clients and colleagues I was able to sit in on a few interesting sessions. The CISO for Verodin presented on the concept of continual control validation. The presentation was pretty interesting. The … Continue reading Weekly Update #8 – CONs and Security Awareness

Weekly Recap 7

I'll admit I have been neglecting the blog over the last few weeks - though I have stayed busy! Although I have not been writing here, there are a few pieces of content posted over at the Wolf page that are worth noting: Client Alert - CIS CSCv7 Blog Post -┬áMeet the NCUA ACET I … Continue reading Weekly Recap 7

Weekly Recap #6 – “Living off the Land”

I was recently reading the Internet Security Threat Report (ISTR) from Symantec put out July 2017 "Living off the land and fileless attack techniques" and wanted to call attention to this document, as many of the TTPs discussed seem to be just as relevant today. One of the TTPs that jumps out is what Symatec … Continue reading Weekly Recap #6 – “Living off the Land”

Weekly Recap #5

Apologies up front about a short post this week - life got in the way and writing a blog post fell to the very back burner. Boston Marathon This week's recap is off-topic. This past Monday I had the chance to run the 122nd Boston Marathon for the Dana-Farber Marathon Challenge team. I have written … Continue reading Weekly Recap #5

ATM Jackpotting is Just a Symptom

This was originally posted as an INSIGHT for Wolf & Company, P.C.┬áhere. ATM Jackpotting attacks have been making the rounds through the news cycles, but much of the commentary has been missing the point: these attacks are merely a symptom of a bigger issue surrounding ATM management. Many of the controls organizations are implementing on … Continue reading ATM Jackpotting is Just a Symptom