3 Alarming Stats from Cisco’s 2017 Annual Cybersecurity Report


“This year, security professionals seem confident in the tools they have on hand, but they are uncertain about whether these resources can help them reduce the operational space of adversaries.” — Cisco 2017 Security Capabilities Benchmark Study With 110 pages of fascinating (and disappointing) cybersecurity statistics, it’s easy to get lost exploring Cisco’s 2017 Annual Cybersecurity […]

How to Prevent an IoT Security Disaster

Gartner recently estimated that by 2020, the number of Internet-connected objects will increase by 30 times, making the Internet of Things (IoT) a game changer for both businesses and consumers. While the rate of IoT adoption is starting, the security implications are horrifying. A global study conducted by Aruba Networks across more than 3,000 companies found […]

5 Steps to Reviving a Frankenstein Network Architecture

In Mary Shelley’s classic Frankenstein, Dr. Frankenstein builds a creature out of scavenged body parts and succeeds in bringing the creature to life. The creature goes on to try and understand its new world, but it does not function as well as Dr. Frankenstein had probably hoped. Much like the story of Frankenstein, today’s networking […]

NIST Situational Awareness for Electric Utilities

Situational awareness is the “voodoo” art of how to piece information together and provide a coherent picture of the true threats to your environment. NIST recently released a draft version of NIST SP 1800-7, Situational Awareness for Electric Utilities, which covers architecture requirements for integrating ICS, OT, and IT networks for an integrated analytical approach […]

Key Takeaways from Baldrige Cybersecurity Excellence Builder Workshop

Last weekend, I attended the Baldrige Cybersecurity Excellence Builder workshop (BCEB), which was offered in conjunction with the annual Quest for Excellence Conference®. This interactive workshop illustrated practical ways to use BCEB to assess the effectiveness and efficiency of cybersecurity risk management programs, the cybersecurity results achieved, as well as identifying opportunities to improve risk […]

How to Properly Respond to a Cybersecurity Incident

Burlington Electric made headlines when The Washington Post reported that malware had compromised its systems and the Russians had hacked into the power grid. The incident as reported was false; it turns out that the utility had detected malware on a single laptop that was separate from its power systems and no breach had occurred. This […]

How Do You Define Cybersecurity Success?

Security, regardless of type, has always been about preparing for the worst. It is a negative goal, where we work to prevent access to a file, system, or network by unauthorized actors.  The challenge is that we have to think of all the ways that a bad actor might gain access, including understanding vulnerabilities in the […]

How to Measure the Effectiveness of Your Cybersecurity Program

Scoring a baseball game is a tradition that goes back to the sport’s early days. For fans, it is a great way to get more involved, stay engaged during the game, and understand each game’s story. In the end, every ballgame provides meaningful statistics that make it easy to know how well a team and […]

4 Fundamental Steps to Cybersecurity Planning Success

“If you fail to plan, you are planning to fail!” – Benjamin Franklin Planning for cybersecurity success may be the biggest obstacle for any organization to overcome. Why? Because planning is usually treated as a ‘bolt-on’ measure and not given the attention it deserves. Done correctly, a plan serves as a framework to define the […]

4 Unexpected Ideas from the Report of the Commission on Enhancing National Cybersecurity

In 2016, President Obama established the Commission on Enhancing National Cybersecurity, which was created to “…[recommend] bold, actionable steps that the government, private sector, and the nation as a whole can take to bolster cybersecurity in today’s digital world.” The Commission recently published their recommendations in its “Report on Securing and Growing the Digital Economy”.  […]