We’re looking into new technology like Azure AD FS. Before we can start new projects, we need to get the operational side of things in order. We’ve done a good job of clearly defining a patch management process. It’s time to work on change, incident and p

Are fancy security solutions like Palo Alto firewalls, ExtraHop or LogRhythm going to keep you secure? By them selves, no. It doesn’t matter what the vendor says. There’s no such thing as a security solution that magically saves the day. A good solid secu

How do we do section 9 projects, keep systems running, and record a weekly podcast while having full time jobs? We need the right combination of tools and process.

Time to talk about the new job. Can’t say much yet. I start this coming Tuesday. I can say that what they offered was too good to believe. They want to do the things we talk about on the show. Proper planning, management, documentation. They even talked a

Time to start securing systems and software. To do that, we’re using the CIS benchmarks. These are configuration guides for things like Windows 10 and BIND 9. The two things we’re focusing on. We have to start somewhere.

Are we going in the right direction? Are we doing the things we said we would? Time for a quick review. Overall, we’re doing pretty good. There are a few things we need to work on. That’s okay. Now’s the time to figure that out. We still have a long way t

We found a couple of vulnerabilities during our weekly patch review. According to Automox, we needed to update Google Chrome and Microsoft’s .NET framework. This lead to a discussion about patching early. Don’t panic. Make a plan before you do anything. P

We’ve got a Synaccess network connected power strip. Devices like this aren’t built with security in mind. Is this device a security issue? Should we be concerned? Could a hacker access this device?

We have business & tech issues to deal with. On the business side, we have some basics to take care of. It’s part of doing business. On the tech side, we’ve decided to focus on Risk Assessments. We’re conducting two kinds. A quick critical controls assess

It’s official! We can say we’ve double checked our patch process. It’s quick and easy. We still have to double check our 3rd party apps. We’re hoping to start that process before the end of the month. Remember, patching is one of the most important thin