Cyber Defense eMagazine June 2021 Edition

Key Business Lessons Learned from The 

SolarWinds Hack 

Data Loss Prevention in Turbulent Times 

A Digital Journey: A Long and Winding Road 

Why Ensuring Cyber Resilience Has Never Been 

More Critical or More Challenging Than It Is 

Today 

…and much more… 

Cyber Defense eMagazine – June 2021 Edition 1 

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

CONTENTS 

Welcome to CDM’s June 2021 Issue ------------------------------------------------------------------------------------------------ 6 

Key Business Lessons Learned from The SolarWinds Hack ---------------------------------------------------------32 

By, George Waller, CEO of Strikeforce Technologies 

Data Loss Prevention in Turbulent Times -------------------------------------------------------------------------------35 

By Otavio Freire, CTO & Co-Founder at SafeGuard Cyber 

A Digital Journey: A Long and Winding Road --------------------------------------------------------------------------39 

By David Jemmett, CEO and Founder, Cerberus Sentinel 

Why Ensuring Cyber Resilience Has Never Been More Critical or More Challenging Than It Is Today -43 

By Don Boxley, Co-founder and CEO, DH2i 

Uncovering hidden cybersecurity risks -----------------------------------------------------------------------------------46 

By Adam Nichols, Principal of Software Security at GRIMM 

The Solution to Overcoming Cyber Threats in A 5g World ---------------------------------------------------------50 

By Michael Abad-Santos, Senior Vice President of Business Development and Strategy, BridgeComm 

How An Independent Management Plane Can Secure Your Network from Anywhere --------------------53 

By Todd Rychecky, Vice President of Americas, Opengear 

Exploring the Synergies Between HIPAA Compliance and Cybersecurity --------------------------------------56 

Dr. Rachael Bailey, Healthcare IT Content Consultant at Atlantic.Net 

Whom Do You Give Access to Community? ----------------------------------------------------------------------------59 

By Milica D. Djekic 

Reapproaching Cybersecurity in A Digital First World --------------------------------------------------------------61 

By Paul German, CEO, Certes Networks 

Penetration Testing 101: A Key to Safeguarding Clients’ Data ---------------------------------------------------64 

By Mike Urbanovich ― Head of test automation and performance testing labs at a1qa 

Establishing Your ICS (Industrial Control Systems) Security Action Plan – Getting Started Guide -------68 

By Dirk Schrader, Global Vice President of Security Research, New Net Technologies (NNT) 

Improving Your Organization's Password Hygiene this World Password Day - Industry Experts -------72 

By Ralph Pisani, president, Exabeam 



Clean Water Shows Us Why Cyber Certifications Matter -----------------------------------------------------------79 

By Yaron Rosen, co-founder and president, Toka 

How Can You Protect the Security Perimeter When the Threat is Already Inside? --------------------------81 

By Jon Ford, Managing Director, Mandiant Professional Services 

Why We Care About Cybersecurity Hygiene ---------------------------------------------------------------------------85 

By James Opiyo, Senior Consultant Security Strategy, Kinetic By Windstream 

The Third-Party Remote Access Security Crisis ------------------------------------------------------------------------87 

By Joe Devine, CEO, SecureLink 

Rethinking Remote Monitoring and Management: How MSPs Can Put Security First and Better 

Protect Their Clients ----------------------------------------------------------------------------------------------------------90 

By Ryan Heidorn, Managing Partner, Steel Root 

See What Hackers See via the Outside-In Perspective --------------------------------------------------------------96 

By Alex Heid, Chief Research & Development Officer, SecurityScorecard 

Threat Hunting: Taking Action to Protect Data -----------------------------------------------------------------------99 


What Does a CSO Do and How it’s Different to CISO? ------------------------------------------------------------- 102 

By Anurag Gurtu, CPO, StrikeReady 

Two Sides of the Same Coin: Providing Access While Protecting Against Threats ------------------------- 105 

By David McNeely, chief technology officer, ThycoticCentrify 

DDoS Defense: How to Protect Yourself in 2021 -------------------------------------------------------------------- 108 

By Dr. James Stanger, Chief Technology Evangelist, CompTIA 

Prioritizing Disinformation Campaigns’ Role in Cyber Warfare ------------------------------------------------ 112 

By Dan Brahmy, CEO of Cyabra 



@MILIEFSKY 

From the 

Publisher… 

New CyberDefenseMagazine.com website, plus updates at CyberDefenseTV.com & CyberDefenseRadio.com 

Dear Friends, 

Building on the foundation of the May issue and the RSA Special Edition of Cyber Defense Magazine, we are 

seeing focus in the cybersecurity industry move toward resilience and sustainability in the face of the trend of 

more ransomware exploits. 

This is true not only for the prevention segment of the cyber spectrum, but also in sharing information about 

appropriate responses to the growing number of these attacks. In these cases, the target organization is denied 

access to vital data, effectively bringing normal operations to a halt. 

Where the activities of the target organization include provision of services and products on which critical 

infrastructure elements rely, the ability to recover from such an attack takes on the urgency of national security. 

The crossroads at which we now find ourselves is where cybersecurity and supply chain management intersect. 

The practice of “just in time” delivery without maintaining inventory of critical components must be addressed, 

not only from a manufacture and delivery perspective, but also with due regard to vulnerabilities best addressed 

by effective cybersecurity practices. 

Whether the motive of the hacker is financial or political, our best course is to come together in a cooperative 

manner to build cyber defenses at both the prevention and damage control phases of these pernicious attacks. 

Wishing you all success in your own cyber endeavors. 

Warmest regards, 

Gary S. Miliefsky 

Gary S.Miliefsky, CISSP®, fmDHS 

CEO, Cyber Defense Media Group 

Publisher, Cyber Defense Magazine 

P.S. When you share a story or an article or information about 

CDM, please use #CDM and @CyberDefenseMag and 

@Miliefsky – it helps spread the word about our free resources 

even more quickly 



@CYBERDEFENSEMAG 

CYBER DEFENSE eMAGAZINE 

Published monthly by the team at Cyber Defense Media Group and 

distributed electronically via opt-in Email, HTML, PDF and Online 

Flipbook formats. 

PRESIDENT & CO-FOUNDER 

Stevin Miliefsky 

stevinv@cyberdefensemagazine.com 

InfoSec Knowledge is Power. We will 

always strive to provide the latest, most 

up to date FREE InfoSec information. 

From the International 

Editor-in-Chief… 

We live in hope that the deleterious effects of the continued spread 

of COVID-19 will soon abate. But from month to month, there seems 

to be a lack of certainty on these issues from those institutions on 

which we all rely. 

Fortunately, from an international cybersecurity point of view, we 

do see continued cooperation among the participants in the 

governmental, corporate, and international sectors. 

Whether it’s an issue of regulatory compliance, civil and criminal 

liability, or business continuity, it appears that the systems for 

dealing with cybersecurity challenges are holding up under the 

demands. 

INTERNATIONAL EDITOR-IN-CHIEF & CO-FOUNDER 

Pierluigi Paganini, CEH 

Pierluigi.paganini@cyberdefensemagazine.com 

US EDITOR-IN-CHIEF 

Yan Ross, JD 

Yan.Ross@cyberdefensemediagroup.com 

ADVERTISING 

Marketing Team 

marketing@cyberdefensemagazine.com 

CONTACT US: 

Cyber Defense Magazine 

Toll Free: 1-833-844-9468 

International: +1-603-280-4451 

SKYPE: cyber.defense 

http://www.cyberdefensemagazine.com 

Copyright © 2021, Cyber Defense Magazine, a division of 

CYBER DEFENSE MEDIA GROUP (a Steven G. Samuels LLC d/b/a) 

276 Fifth Avenue, Suite 704, New York, NY 10001 

EIN: 454-18-8465, DUNS# 078358935. 

All rights reserved worldwide. 

PUBLISHER 

Gary S. Miliefsky, CISSP® 

That’s a hopeful note for all of us operating in the international 

arena, since so many of our endeavors are dependent on the 

continued ability of these organizations to function under trying 

circumstances. 

As always, we encourage cooperation and compatibility among 

nations and international organizations in responding to these 

cybersecurity and privacy matters. 

To our faithful readers, we thank you, 

Pierluigi Paganini 

International Editor-in-Chief 

Learn more about our founder & publisher at: 

http://www.cyberdefensemagazine.com/about-our-founder/ 

9 YEARS OF EXCELLENCE! 

Providing free information, best practices, tips and 

techniques on cybersecurity since 2012, Cyber Defense 

magazine is your go-to-source for Information Security. 

We’re a proud division of Cyber Defense Media Group: 

CDMG 

B2C MAGAZINE 

B2B/B2G MAGAZINE TV RADIO AWARDS 

PROFESSIONALS 

WEBINARS 



Welcome to CDM’s June 2021 Issue 

From the U.S. Editor-in-Chief 

Once again, we can look to the breadth and focus of the articles submitted by cybersecurity experts to 

show where the greatest challenges and best responses are in the world of cybersecurity. 

With some two dozen articles in this month’s issue of Cyber Defense Magazine, our attention is drawn 

to identifying the causes, effects, and lessons we can learn from recent cyber exploits. Our contributors 

write from a real-world perspective, and offer valuable insights into the vulnerabilities and recovery 

efforts involved in the most recent high-profile cases. 

We’re pleased to include articles on a full spectrum of recognition of threats, preventive measures, 

means of assuring resilience and sustainability, and even the structural aspects of organizations with 

responsibility to maintain the confidentiality, accessibility, and integrity of sensitive data. 

As always, we strive to make Cyber Defense Magazine most valuable to our readers by keeping current 

on emerging trends and solutions in the world of cybersecurity. To this end, we commend your attention 

to the valuable actionable information provided by our expert contributors. 

Wishing you all success in your cybersecurity endeavors, 

Yan Ross 

U.S. Editor-in-Chief 


About the US Editor-in-Chief 

Yan Ross, J.D., is a Cybersecurity Journalist & U.S. Editor-in-Chief of 

Cyber Defense Magazine. He is an accredited author and educator and 

has provided editorial services for award-winning best-selling books on 

a variety of topics. He also serves as ICFE's Director of Special Projects, 

and the author of the Certified Identity Theft Risk Management Specialist 

® XV CITRMS® course. As an accredited educator for over 20 years, 

Yan addresses risk management in the areas of identity theft, privacy, 

and cyber security for consumers and organizations holding sensitive 

personal information. You can reach him by e-mail at 

yan.ross@cyberdefensemediagroup.com 





















































Key Business Lessons Learned from The SolarWinds Hack 

By, George Waller, CEO of Strikeforce Technologies 

A full year of disruption by the global pandemic has forced businesses to adapt fast to the shifting remote 

work realities. This new dynamic, which has employees using their own computers and accessing 

company networks everywhere but the office, has created new headaches and threat vectors for security 

and IT professionals. 

There’s been a massive increase in global cyber attacks aimed at governments and corporations since 

the very first days of COVID-19. By now, most are familiar with the high profile SolarWinds case, a global 

intrusion campaign that one Microsoft executive called ‘one of the most widespread and complex events 

in cybersecurity history.’ The damage caused by the attack was felt by large enterprises and by the 

highest echelons of government alike, demonstrating the ease with which seemingly secure software 

systems can be hacked. 

Keeping internal systems secure while ensuring sensitive data and personal information isn’t breached 

has become a key problem that SMBs and larger enterprises are looking to solve. The current business 

landscape has created a perfect environment for cybercriminals to flourish, and we are now seeing 

hackers and nation-state actors able to conduct much more sophisticated attacks. 

As the work from home trend continues, the SolarWinds attack serves as a lesson for businesses, who 

should be looking to implement the right types of resources for building secure networks and work 

environments that can foster safe communication and collaboration. 



Exploiting Vulnerabilities 

Back in September 2020, two of our customers reported a strange issue. Their employees started to get 

authentication requests on their phones for access to the company VPN. They reported this to their IT 

departments who then alerted us to the specific issue. Working with their IT departments to figure out 

what was happening, we initially thought that it was just a software bug. However, after further analysis 

of their logs, we identified that the access attempts were actually coming from Russian IP addresses. 

It seemed that the hackers got a hold of the usernames and passwords and were attempting to login to 

the company network. What was so strange about this situation is that our customers had state-of-the art 

intrusion detection systems that never caught the attack. 

Connection to the SolarWinds Attack 

Perplexed by this situation, we asked some colleagues in the security community and they said that a 

few companies had experienced similar attacks. At the time we didn't think anything of it, and then in 

December 2020 the SolarWinds supply chain attack happened. 

FireEye detailed the SolarWinds attack in a blog and attributed it to a Russian hacking group. Soon after, 

Volexity connected the attack to multiple incidents in late 2019 and 2020, also attributing them to a 

Russian hacking group. What was interesting was that Volexity claimed the hackers bypassed the Multi 

Factor Authentication (MFA) from Duo Security (now a part of Cisco) by getting the Duo integration secret 

key and thereby was able to generate a cookie that bypassed the MFA. Unfortunately, neither Duo’s 

system nor the myriad security systems were able to detect and prevent this. 

These attacks were eerily similar to the ones our customers experienced back in September, and in a 

few different ways. In both scenarios, the attacks were perpetrated by a sophisticated Russian hacking 

group (possibly the same group) that had the correct usernames and passwords. Additionally, in both 

attacks there was a MFA system in place which was intended to provide additional security. 

Best Practices to Protect Against Future Breaches 

While the spotlight has been on the way the hackers got in by compromising the update process using a 

stolen code signing certificate, the real takeaway from SolarWinds should be that hackers will always 

find a way to get in and businesses should focus on trying to prevent the hackers from doing damage 

once they are inside the network. 

The U.S. government has now begun making moves to strengthen its own cybersecurity measures, 

requiring the use of multifactor authentication and data encryption for federal agencies, and 

comprehensive vendor disclosure of any security issues, vulnerabilities or breaches to their users. 

Moving forward, businesses large and small should be thinking the same way and look to revamp their 

security infrastructures and ensure networks are secure and impenetrable. Enterprises must look to 

implement technologies that offer multi-layered protection that proactively encrypts keystrokes and 

prevents unwanted screenshots or audio captures. Constantly updating software is also important, as 

cyber criminals will always look for new ways to exploit bugs and vulnerabilities in outdated systems. 



In an increasingly insecure world where hackers are constantly looking to prey on a company’s security 

weaknesses, businesses must be agile and use every means necessary to protect themselves and their 

employees from the next inevitable global breach. 

About the Author 

George Waller, CEO of StrikeForce Technologies, is an entrepreneur 

and technologist with over two decades in the cybersecurity and 

computer industries. He played a pivotal role in introducing two 

leading cybersecurity technologies: out-of-band authentication and 

keystroke encryption to the marketplace. Today, these technologies 

are used in banking, health care, education, manufacturing and 

government sectors. For more information, please visit 

www.strikeforcetech.com. 



Data Loss Prevention in Turbulent Times 

By Otavio Freire, CTO & Co-Founder at SafeGuard Cyber 

Data, the saying goes, is the new oil. This probably understates the case: Not only is data at the core of 

the biggest businesses on earth but unlike oil, more and more of it is being created, at an exponential 

pace. Around 2.5 quintillion bytes of new data every day, to be precise. 

The most valuable forms of data exist within enterprises. Customer data, financial data, intellectual 

property – today, companies across industries live or die on the value and integrity of their data. A single 

successful phishing attack could spell disaster. However, the speed and volume at which data is 

transferred and exchanged, and at which digital interactions occur, presents a serious control problem. 

As every CISO knows, data loss prevention (DLP) is critical to protecting the organization. However, the 

threat surface is larger than ever – especially in the wake of a wholesale shift to virtual workspaces, and 

an accompanying rise in cyber attacks. What are the important things to know about the current DLP 

landscape? And how can organizations protect themselves? 



The Dangers of Cloud Channels 

Most IT and security professionals know that with great data comes great risk. 59% of IT and security 

professionals cite data loss as “one of the risks of greatest concern in digital technologies.” 

One of the key factors in DLP risk is third-party cloud channels that are now a ubiquitous feature of the 

modern office: 

● 

● 

● 

Collaboration platforms like Microsoft Teams and Slack – used by the entire organization for daily 

operations. 

Social media platforms, like Facebook, Twitter, and LinkedIn – used by marketing teams and 

executives for brand building. 

Messaging apps, like WeChat and WhatsApp – used by sales teams, customer support, and 

many other teams. 

Here’s the challenge: these channels escape traditional security protocols. They exist outside the 

security perimeter, and they lack the multi-billion dollar security industry that email enjoys. 

Moreover, the rapid shift to virtual offices has exacerbated the situation. According to a report, about 57% 

of the workforce are working from home right now, and employers expect nearly 40% of employees will 

remain working remotely by the end of 2021. Home offices are notoriously insecure. This is one reason 

why, over the past year, 74% of US organizations have experienced a successful phishing attack. 

That’s a 14% increase on the previous year. 

Principles for a DLP Program 

CISOs understand these risks. In a recent survey, we asked 600 senior enterprise IT and security 

professionals to see how they rate their current security and compliance risks. One of the top five primary 

risk concerns for executives is data loss. Furthermore, 70% are most concerned about the brand and 

reputation damage that such threats would bring, followed by potential risk to shareholder value (52%) 

and loss of revenue (42%). 

These statistics speak for themselves: enterprises want and need to implement data loss prevention 

technologies that go beyond a Band-Aid fix. Why? Because many DLP solutions and programs fail to 

offer “true prevention” at all. Instead, they offer the cyber version of closing the barn door once the horse 

has already bolted. These services often only help in finding or recovering sensitive data which, by the 

time it’s been found and recovered, has already made its way to the deep, dark web. 

To implement a DLP program that offers true prevention, enterprises need to do the following: 

1. Define your DLP strategy's objectives 

Talk to your stakeholders and gather their input to help you define your policies and objectives, 

and determine: 



● 

● 

● 

● 

● 

Which sensitive data you hold, where they are stored, and the order of prioritization; 

Who accesses/is responsible for that particular data set; 

The acceptable uses of that data set; 

Where it’s allowed to go, and where it’s not; 

How responsibility is assumed when a violation happens. 

Once these are clear, charter a DLP program structure to ensure order, accountability, and 

stakeholder buy-in. 

2. Secure “prevention” technologies, not just “cures”. 

As I said, most data loss prevention companies don't differentiate data loss prevention from loss 

remediation. My advice: Find an effective DLP tool that allows you to: 

● 

● 

● 

● 

Gain visibility across all your cloud channels, while maintaining privacy. 

Implement powers of detection against cyber attacks and threats. 

Automate detection and quarantine of messages, attachments, and documents with 

sensitive data, as well as the resolution process. 

Limitlessly scale your DLP program to accommodate the growing amount and speed of 

data going through your channels. 

3. Educate employees and executives alike. 

Verizon reports human error accounts for nearly 25% of all breaches. Even with an automated 

DLP platform, educating your stakeholders and employees on your DLP strategy ensures 

maximum protection and accountability. 

4. Do not "set and forget". 

Regularly schedule audits of your DLP program. Conduct red team exercises to ensure that your 

program is still in working condition. Continuous monitoring, evaluation, and refinement of your 

DLP process are essential. 

With these best practices, companies can greatly improve their DLP strategy and significantly reduce 

their digital risk surface. And in these troubled times, that is a level of security that ensures a company’s 

resilience. 




As the President, CTO, and Co-Founder of SafeGuard Cyber, Otavio 

Freire is responsible for the development and continuous innovation of 

SafeGuard Cyber’s enterprise platform, which enables global 

enterprise customers to extend cyber protection to social media and 

digital channels. He has rich experience in social media applications, 

Internet commerce, and IT serving the pharmaceutical, financial 

services, high-tech, and government verticals. Mr. Freire has a BS in 

Civil Engineering, an MS in Management Information Systems, and an 

MBA from the University of Virginia Darden School of Business, where 

he currently serves as a visiting executive lecturer. To learn more about 

SafeGuard Cyber, visit the website at http://www.safeguardcyber.com/. 



A Digital Journey: A Long and Winding Road 

How did we build the internet and not secure it? 

By David Jemmett, CEO and Founder, Cerberus Sentinel 

Many people are under the impression that the internet is essentially safe and secure. We use the internet 

daily for email, shopping, and social interaction. We depend on it for such essentials as our medical 

records, finances, homes, cars, schools, and power grid. All are reliant on the endless interconnected 

computer networks that we call the internet. The internet is an existential mass network that touches 

every aspect of our lives. The truth is that the internet is not secure, not even close. The reasons for this 

are multi-faceted, complex, and yet in some ways very simple to understand. 

We built it open 

The Advanced Research Projects Agency network (ARPANET), under the auspices of the U.S. 

Department of Defense, was originally designed as a military network to interconnect missile silos with 

enormous redundancy. Initially ARPANET was created in 1969 for only military use. It was expensive to 

operate, so it was distributed to universities that worked on government projects. Ultimately, it was 

transitioned to what we now call the commercial internet. 

This was unlike the network in China, which was initially built to contain all data by going through the 

government portal then distributed throughout the country to their population. The Chinese served as 

the data gate and guardians. The U.S. network was rolled out all over the world and was built to be an 

open and redundant architecture for anyone to communicate. It grew fast and changed the world. 

The internet also was built with the altruistic purpose to share information and open borders around the 

world. It was meant to connect people and information digitally, the way a nation’s highways, toll roads 

and streets connect us physically. In fact, in the mid-1990s, it was known as the "information 

superhighway." 



It grew fast 

Few people understood or appreciated the potential behind the early internet. With the release of the first 

web pages and web browsers, people were able to buy products, and email began to replace fax 

machines. Soon, everyone who knew or understood what it could do wanted to connect, and they did. 

The thought of helping companies become secure was not a priority. Building and expanding the reach 

to the digital doorway of connectivity was the goal. Security was often added as an afterthought and 

optional, leaving many opportunities for bad actors to take advantage of an unsuspecting, naive 

audience. As the internet grew, many hackers went from being from being curious digital explorers to 

become professional criminals focused on financial or political gains. 

Wall Street financed the growth 

Since the mid-1990s, investors have poured trillions of dollars to expand the growth of the internet. As of 

February 2021, the 10 largest internet companies have a market cap of over $4.4 trillion. Companies 

were financed to expand the reach of the internet into all parts of the global economy and rewarded with 

rich valuations. The term, “build it and they will come,” became very popular. Capitalism incented the 

rapid expansion until the entire economy became an Internet of Things (IOT). 

False perception: Little return on investment (ROI) for security 

Unlike other technology budget items C-level executives are asked to make, it is challenging to calculate 

a ROI for cybersecurity. Since it is difficult to approve a negative spend on an intangible line item, and 

no amount of expense can guarantee a network’s safety, it is often all too easy to put off security 

spending. This complacency can lead to reduced protection, increasing the likelihood of 

an opportunistic attack on what cyber miscreants will see as a soft target. 

When a company decides to invest in a cybersecurity solution, it may seem easier to go with a brand 

name or well-known product. Leaders today do not see cybersecurity as a risk, because it is an unknown 

or most times do not understand it. When executives finally realize it is a possible threat or they have 

been breached, they immediately reach for help and want a known entity to solve the problem. In reality, 

many of the most seasoned cyber professionals -- those that can best help secure their networks -- 

operate their own relatively small consultancy and are off their radar. 

Missing: culture of security 

Few outside the relatively small world of cybersecurity truly understand the real risks or are even aware 

of them. Many individuals and even business leaders think that they are generally safe online. Believing 

that by avoiding “bad” websites and not clicking on obvious phishing emails, they are relatively secure. 

We have faith in our institutions and IT teams and believe they will protect us. While IT professionals are 

experts in their field, they often lack the training and practical experience to compete against highly 

motivated cyber criminals. While some IT professionals are experts at building and maintaining networks, 

some do not think like a criminal or how someone from the outside might enter their network. They may 

be experts at IT, but they may not be the most qualified to protect their environments from external 

threats. 



Unfortunately, some in IT may miss that the networks they helped design have security flaws. Further, 

there is an end-user population that has spent the past two decades with little to no concern about the 

risks of the links they may click on or files they download. 

Bitcoin makes hacking profitable 

The proliferation of cryptocurrencies, primarily bitcoin, has made it even easier to monetize cybercrime. 

Previously, hackers could easily access networks and valuable intellectual property, but most were 

lone wolves seeing if they could “crack a network." Bitcoin makes it possible to transfer large amounts of 

wealth anonymously, attracting well-funded criminal organizations and statesponsored 

cybercriminals. With the convergence of the dramatic growth of the internet, cyber thieves 

have seen a way to monetize industrial hacking that has created an explosion in criminal 

activity. According to research conducted by Cybersecurity Ventures, cybersecurity experts have 

predicted that cybercrime will cost the global economy $6.1 trillion annually by 2021. 

Events of 2020 

The global pandemic has created more awareness of the importance of cybersecurity. While it has likely 

been true for several years, many CEOs now realize that their company’s networks are far more important 

than their physical office space. The breach of SolarWinds and FireEye has increased the awareness 

that no single security product is going to keep a network completely secure. In fact, security products 

can be weaponized against their users, exploiting a false sense of security. 

The Talent Gap 

Despite the wake-up call of 2020, the human capital to manage these risks can be insufficient. Since 

2011, there has been a near zero-unemployment rate in cybersecurity. The 2019/2020 Official 

Annual Cybersecurity Jobs Report. Current estimates show that there are over three million open 

cybersecurity positions that cannot be filled. We are just beginning to train the next generation of cyber 

professionals. The challenge: cyber crime is expected to grow to $10.5 trillion by 2025, which would 

represent the largest transfer of wealth in history. 

The Path Forward 

With so much risk at stake, we need to make cybersecurity a priority. We must increase awareness of 

the importance of securing the very fabric of our communications and network. It is incumbent upon 

businesses and individuals to acknowledge that attacks occur daily. Good security hygiene needs to 

become de rigueur. 

A cyber attack in the digital world can be just as catastrophic as Pearl Harbor. This is reality, and it’s a 

real concern. Some believe the SolarWinds attack was just such a disaster. Regardless, it was well 

planned and orchestrated, but we may have not seen the full impact and damage yet done. 

We can and must rise to the challenge of securing the network we have entrusted with our most valuable 

assets. More importantly, people must be empowered with information and tools to keep themselves 

safe. We must create a culture of security. 




David Jemmett is the CEO and Founder of Cerberus Sentinel 

(OTC: CISO), an industry leader in Managed Cybersecurity and 

Compliance (MCCP) services with its exclusive MCCP+ 

managed cybersecurity and compliance services plus culture 

offering. The company seeks to expand by acquiring world-class 

cybersecurity talent and utilizes the latest technology to create 

innovative solutions that protect the most demanding businesses 

and government organizations against continuing and emerging 

security threats. 

As an industry innovator, Jemmett has more than 20 years of 

executive management and technology experience with 

telecommunications, managed services, and consulting services. 

He has specialized expertise in healthcare, HIPAA, and governmental regulations, and he has been 

intimately involved in designing, building, re-vamping, and/or managing networks and data centers 

worldwide. 

Jemmett has spoken before both the U.S. Congress and Senate Subcommittees on Telecommunications 

and Internet Security, and he has shared his expertise on broadband networking technologies as guest 

speaker on CBS, CNN, MSNBC, and CSPAN. 

Jemmett can be reached online at LinkedIn: https://www.linkedin.com/in/david-jemmett/, Twitter: 

@cerberuscsc, and at our company website: https://www.cerberussentinel.com/ 



Why Ensuring Cyber Resilience Has Never Been More 

Critical or More Challenging Than It Is Today 

By Don Boxley, Co-founder and CEO, DH2i 

When it comes to optimizing Microsoft SQL Server high availability (HA) and disaster recovery (DR), 

there’s a strong correlation between greater database transaction processing performance, business 

resiliency, and profitability—particularly for workloads like those in industries like financial services, 

though certainly other sectors as well. 

The fact is that our world is connected yet fragile, which creates many challenges when it comes to 

database HA/DR—specifically with resilience, security, and scalability across on-premises sites, remote 

locations, and public clouds. Companies need a way to not only provide database resiliency within an 

availability zone or region, but also between zones and regions. With security concerns, enterprises must 

ensure data integrity with data constantly moving between isolated networks, such as availability zones 

and regions. And with scalability in mind, businesses need a way to both manage and scale the number 

of database instances in response to quickly changing behaviors and expectations. 



An Unworkable “Either-Or” 

The new class of cloud-based Microsoft SQL Server users needs a reliable way to take full advantage of 

SQL’s HA for local HA and its DR capabilities for remote data protection. But until recently, there’s been 

a primary challenge. If these businesses wanted to use SQL Server for both HA and DR on Linux, they 

had to either use a Pacemaker-based solution—which requires separate clusters for HA instances and 

Availability Groups and relies on virtual private networks (VPNs) for DR—or combine HA SQL Server 

instances with some other data replication solution—such as storage replication, block-level replication, 

full virtual machine replication, etc.—and VPNs for DR. 

This database HA/DR challenge has a big impact on SQL Server. If you think about the problems when 

trying to implement a SQL Server AG cluster, Pacemaker clusters, and VPNs, the description that comes 

to mind is “science project” architecture. It fails recovery time objective (RTO) and recovery point objective 

(RPO) requirements, lacks scalability, has reliability exposure due to insufficient VPN security, and is 

also unsustainable from a financial perspective. 

“Before and After” Use Case 

Consider a “before and after” use case for a large financial services company. The “before” scenario at 

the fintech firm is the one described above, with a SQL Server AG, Pacemaker clusters, and VPNs. What 

we find is complex and brittle local HA and DR architecture, difficult cluster management with multiple 

incompatible clustering technologies, and worse yet, long system-outages (RTO) with manual failover 

management between clusters and datacenters. What’s more, there’s high network security exposure 

with VPN lateral network attack surfaces, as well as the need to maintain pricey infrastructure. 

When the fintech company shifts gears, however, and implements multi-platform Smart Availability 

clustering software to run on top of SQL Server, the result is both faster transaction processing and better 

uptime. The key is to leverage Smart Availability software for SQL Server that can not only increase the 

performance of SQL Server AGs, but also simplify SQL Server workload management, respond to 

channel partner and end customer requirements for improved SQL Server database resilience, and offer 

Zero Trust security and scalability across private and public clouds as well as between on-premises and 

remote locations. In the case of a fintech company that needs to combine local HA and remote data 

protection, the organization can potentially decrease SQL Server costs by up to 50 percent. 

Overcoming Traditional Challenges 

Looking in more detail at the “after” use case in this regard, it features easy system management and 

evergreen infrastructure compatibility, starting with a simplified, standardized local HA and DR 

architecture with a single cluster. In addition to accelerated RPO via micro-tunnels for triple the SQL 

Server AG performance, Smart Availability software also allows for speedy (sub-15 second) RTO with 

easy, automatic failover management end-to-end. 



In terms of data safeguards, some of the latest Smart Availability software even includes patented SDP 

technology for secure multi-site, multi-cloud network communications, offering a strong network security 

position by eliminating the VPN lateral network attack surface. And the point many fintech IT departments 

will appreciate the most: it offers a high ROI and reduces costs by eliminating replication of servers and 

multiple clustering technologies (Windows Server Failover Cluster or Pacemaker), SQL Server licenses, 

and VPNs. 

While it’s certainly not new to have enterprise data management systems offering HA clustering, such 

technologies aren’t efficient in the cloud or between datacenters. New Smart Availability software 

addresses these challenges with its cross-cloud, hybrid IT, and datacenter to datacenter clustering 

technology. The software is particularly effective for Microsoft SQL Server, and allows organizations to 

run HA, distributed SQL Server clusters on Linux and Windows—without the complexity and performance 

limitations of traditional clustering, replication, and VPN technologies. 


Don Boxley, CEO and Co-Founder, DH2i. Don Boxley Jr 

is a DH2i co-founder and CEO. Prior to DH2i, Don held 

senior marketing roles at Hewlett-Packard where he was 

instrumental in sales and marketing strategies that resulted 

in significant revenue growth in the scale-out NAS 

business. Don spent more than 20 years in management 

positions for leading technology companies, including 

Hewlett-Packard, CoCreate Software, Iomega, TapeWorks 

Data Storage Systems and Colorado Memory Systems. 

Don earned his MBA from the Johnson School of 

Management, Cornell University. 

Don can be reached online at don.boxley@dh2i.com, Twitter: @dcboxley, and LinkedIn: First Name can 

and at our company website https://dh2i.com. 



Uncovering hidden cybersecurity risks 

By Adam Nichols, Principal of Software Security at GRIMM 

The technology we use and depend upon has critical vulnerabilities in their software and firmware, lurking 

just beneath the surface of the code. Yet, our process has not changed. A week does not go by where 

we are not reading about a serious vulnerability in the news and subsequently scrambling to see if we 

are affected. 

This scramble, this mad dash, is a process we have all become accustomed to. The series of anxiety 

inducing questions start to hum around our organizations, “Are we using the affected software? Are our 

configurations vulnerable? Has an attack been detected? Should we apply a patch as soon as possible 

to prevent exploitation, but in doing so risk the side effects of adding an untested patch?” 

While trying to protect one’s organization from potential threats, the lifespan of the vulnerabilities in 

question are overlooked. If the vulnerabilities found were in recently added features, they may not have 

an impact on the organization if you are using stable or long-term-support software. On the other hand, 

if the vulnerabilities have been around for a long time, it begs the question of how they went unnoticed 

for so long. More importantly, how can we find these things earlier, before there is a crisis? 



Case studies 

Recently, the GRIMM independent security research team began to build a case of examples to display 

that there is an underlying risk being accepted, perhaps unknowingly, by a large number of organizations. 

The two examples that can be discussed publicly 1 are a Local Privilege Escalation (LPE) vulnerability in 

the Linux kernel and a Remote Code Execution (RCE) vulnerability in an enterprise time synchronization 

software product called Domain Time II. These two examples show the ability of vulnerabilities to be 

present in widely used products without being detected for well over a decade. 

The bugs that were exploited to construct the Linux LPE were originally introduced in 2006. The exploit 

allowed an unprivileged user to gain root access, and it affected several Linux distributions in their default 

configurations. The Domain Time II vulnerability allowed a network attacker to hijack the update process 

to trick the person applying the update to install malware. The underlying vulnerability was present at 

least as far back as 2007. Although the name might not be familiar, the software is used in many critical 

sectors, such as aerospace, defense, government, banking and securities, manufacturing, and energy. 

How do you uncover and/or mitigate these risks before they become an emergency? 

Strategies for addressing this risk 

There are a number of different ways organizations can attempt to address the risk of unknown 

vulnerabilities, each with their own strong points and limitations. It takes a combination of them for optimal 

coverage. Typical threat intelligence only informs you of attacks after they happen. This information may 

be helpful, but it will not allow you to truly get ahead of the problem. 

Maintaining an inventory of your environment is part of the solution, but without having a software bill of 

materials, there's a risk that things will be missed. For example, GitLab uses the nginx web server, so if 

someone only sees GitLab on the asset list, they may not realize that they are also impacted by 

vulnerabilities in nginx 

To control costs, traditional penetration tests are either scoped to be a mile wide and an inch deep, or 

they're very deep, but limited to one particular system. These engagements are valuable, but it's not 

feasible to have in depth penetration tests on every single product that an organization uses. 

Having your own dedicated team of security researchers can address the shortcomings of the 

approaches above. An internal team will have a holistic view of your security posture, including the 

context of what is most important to your organization along with the ability to dig in and go where their 

research takes them. 

1 

More examples are currently under embargo while we complete the coordinated disclosure process. These will be made 

public in due time. 



Rise of the Information Assurance team 

Information assurance teams focus on the products that your organization depends on. They can work 

with your incident response team to see the trends specific to your industry and your organization. Senior 

software security researchers will provide the intuition needed to know where the vulnerabilities are likely 

to be present, so the efforts are focused on the components which are most likely to have the biggest 

hidden risk. The team should also include at least one person with threat modeling experience, who is 

able to quickly determine which components pose the biggest risk to your institution. 

Having a diverse skill set is critical to the success of information assurance teams. Their mission should 

be to uncover and mitigate these hidden risks. They need the freedom to operate in a way that makes 

the best use of their time. This likely includes integrating them with the procurement process so they can 

attempt to make sure things don't get worse. It means relying on their expert judgement to determine 

what systems they should look at, establish the order in which those systems should be investigated, and 

when it is time to stop looking at a single piece of a system and move on to the next one. 

If you are thinking that this sounds a lot like Google's Project Zero, you're right. The difference is that the 

project zero team is focused on products that are important to them, which likely only partially overlaps 

with the things that are important to you. Having a team that is working for you solves this problem. 

A team like this takes time to build, and it is expensive, which means it's not an option for everyone. If 

it's not an option in your organization, you must ask yourself how you're going to solve the problem. 

Some options would be to: 

● 

● 

● 

● 

outsource this work to an external team 

depend on isolation, exploit mitigations, and network defenses 

leverage cyber insurance 

simply accept the risk 

It's important to always acknowledge the last option: accepting risk. Risk acceptance is always an option, 

and it's important that it be a choice, not something that was arrived at due to inaction. 

Even if you have an information assurance team at your disposal, it does not mean that other efforts are 

no longer necessary. Partnering with external security research teams, audits, penetration testing, 

network isolation, sandboxing and exploit mitigations are all still valuable tools to have in your toolbelt. 

Understanding the shortcomings of each tool is the key to validate that they are being layered in a way 

that keeps your organization protected. 




Adam Nichols is the Principal of Software Security at GRIMM. He 

oversees all of the application security assessments, threat modeling 

engagements, and is involved with most of the projects involving 

controls testing. It's not uncommon for him to be involved at the 

technical level, helping with exploit development, and ensuring that all 

the critical code is covered. 

Adam also oversees the Private Vulnerability Disclosure (PVD) 

program, which finds 0-days and provides subscribers an early warning 

so they can get mitigations rolled out before the information becomes 

public. 

Adam can be reached online at adam@grimm-co.com or via the company website at http://www.grimmco.com. 



The Solution to Overcoming Cyber Threats in A 5g World 

Optical Wireless Communciations (Owc) Will Be Key For Maximizing Security 

By Michael Abad-Santos, Senior Vice President of Business Development and Strategy, 

BridgeComm 

Nearly 6 billion Internet of Things (IoT) devices were in service worldwide at the end of 2020, according 

to Gartner. But mobile operators aren’t the only ones chasing that opportunity. Hackers are, too. 

Each additional IoT device creates another potential back door for hackers to steal identities, financial 

records and other confidential information, or take control of vehicles and critical infrastructure such as 

public water supplies. All of these cyber attacks have been around for years, but there are several 

reasons why 5G significantly increases the opportunities and vulnerabilities: 

• 5G is more than just an evolutionary step, like 4G was for 3G. It’s a fundamentally different 

architecture based on virtualized, highly distributed, software-defined infrastructure. All of this 

creates a steep learning curve for both operators and their vendors. It’s inevitable that they’ll 

overlook many of the cyberattack vectors that the 5G architecture enables. 

• Private networks will be even more common in 5G than they are in 4G. Owned by factories and 

other enterprises, private 5G networks are potential back doors into operator networks. For 

example, a hacker could target an enterprise network not to attack the IoT devices that use it, but 

rather as a route into the mobile operator’s 5G network and the IoT endpoints, smartphones and 

other devices that use it. 

• 5G relies heavily on application programming interface (APIs) to support service functions. This 

architecture lays the foundation for API-enabled hacks like the one used to target SolarWinds. 



With 3G and 4G, mobile operators and vendors touted cellular as being inherently more secure than Wi- 

Fi, which hackers had learned how to eavesdrop on to harvest data traffic. But this creates a false sense 

of security — one that carries over to 5G, too. As long as the standard for wireless communications is 

radio frequency (RF), the IoT network signal can be intercepted and potentially decrypted to obtain 

sensitive information. 

OWC is inherently more secure than RF. One reason is because an RF signal is delivered to both 

intended and unintended recipients. Some unauthorized recipients may have the ability to decrypt that 

data. 

By comparison, a laser is focused on the intended recipient, making it extremely difficult for unintended 

users to detect that signal, let alone eavesdrop on the voice, video or data that it carries. This inherent 

security is a major reason why government agencies such as the U.S. Department of Defense and many 

commercial users are so interested in optic wireless as an alternative to RF. 

Another key benefit is speed. For example, optical communications systems that support over 100 GB 

per second in point-to-point links have been developed. 

OWC’s security and speed do not come with a hefty price premium, either. Overall, from a size, weight, 

power, and cost perspective, an OWC solution will be less expensive than its RF equivalent. One of the 

main advantages of OWC is that its operating spectrum is currently un-regulated, and thus there is no 

cost for utilizing the particular spectrum. The acquisition cost of 5G spectrum on the other hand can be 

quite costly as evidenced by the recent FCC Auction 107, which closed at a staggering $80.9 billion for 

use of the 3.7-3.98 GHz band. As seen in the evolution of electronics technology, it is expected that not 

only do the next generation of capabilities come cheaper on a unit basis (e.g., cost per bit), but must 

come down geometrically. OWC equipment will do just that as its ability to do 10 to 100 gigabits will be 

very efficient. 

Optical wireless also can complement 5G. One example is providing fronthaul or backhaul to cell sites in 

rural communities and other remote areas where fiber and copper are unavailable or prohibitively 

expensive to build out and RF would not support high enough throughput to support the traffic. For both 

public and private 5G networks — regardless of location — optical wireless connectivity also provides a 

way to address vulnerabilities on the backhaul or fronthaul. 

In these scenarios, optical wireless serves as a powerful new layer of security for 5G networks — and all 

of the IoT applications running over them. Considering all of the emerging threat vectors that mobile 

operators, private network owners and end users will have to contend with in a 5G world, optical wireless 

is in the right place at the right time. 




Michael Abad-Santos is senior vice president of business 

development and strategy at BridgeComm, bringing more than 

20 years of experience in the telecommunications and satellite 

industries with a focus on the government market sectors, both 

domestic and international. Prior to BridgeComm, Michael 

served as chief commercial officer at satellite communications 

solutions provider Trustcomm, Inc. before joining LeoSat 

Enterprises as senior vice president, Americas, overseeing 

commercial activities, strategy development and execution in 

the Americas region as well as government activities 

worldwide. In addition to helping secure pre-series A 

investments of $20 million, he helped secure two strategic 

investment partners and more than $2B million in pre-launch 

memorandums of understanding (MOUs) for commercial 

services. 

Michael also held various leadership roles at Inmarsat over a 10-year period, including serving as senior 

vice president of its global government division. A sought-after subject matter expert and speaker, he has 

presented at industry-leading events including SpaceCom, ITEXPO and MILCOM among others and is 

a consultant at the Software Engineering Institute at Carnegie Mellon University working with Department 

of Defense leadership on the intersection of software engineering and space and weapons systems 

development. 

Michael can be reached online on LinkedIn and at our company website http://www.bridgecomminc.com/. 



Don’t Wait, Automate 

How An Independent Management Plane Can Secure 

Your Network from Anywhere 

By Todd Rychecky, Vice President of Americas, Opengear 

Whether you’re an international e-commerce company, the local corner flower shop, or anything in 

between, in this perpetually connected world, your network is your business. If that network goes down, 

a business’s ability to communicate and transact goes down with it. While the CEO of that international 

company probably ends up on TV the next day trying to explain why the company’s numbers are off, the 

rest of us mostly just feel powerless and frustrated, but a network outage affects every business in some 

way. The good news is that there’s an equally simple and effective solution no matter the size of your 

business or your network – the independent management plane. 

The concept of an independent management plane is based on a relatively simple premise – don’t use 

your network to manage your network. In the past, it was known as out-of-band management, but as 

automation has continued to evolve, it has become all the more important – and all the more feasible – 

to create a truly independent platform for managing remote networks – a platform that will also help you 

create increased security and avoid dreaded truck rolls. 

Most of the time, when we hear about some monolithic company’s network going down, it's usually some 

sort of configuration error. Configuration and firmware updates typically need to be made several times 

a month, and when an error occurs, it locks the device – and it can lock you out right along with it. That's 

a real problem, so you have to regain access to it at all costs. 



As much as “try turning it off and turning it back on” has become a running joke when it comes to IT 

support, rebooting a router is still the best way to fix it, but most on-site network teams are relatively 

small, and most truck rolls can cost a company upwards of $1,000 – and that’s only if that “truck” doesn’t 

end up being an airline ticket. Either way, it could take 10 minutes or 10 hours, but with a comprehensive 

independent plane management platform, you can easily remove all of that uncertainty and have your 

network back up and running in no time. 

When it comes to security, the independent management plane also provides additional peace of mind 

in the face of potential security breaches that have become an increasingly frequent and severe threat to 

organizations throughout every industry: 

• Since the beginning of the COVID-19 pandemic, the FBI has reported a 300 percent increase in 

cybercrimes. 

• Between January and April of 2020, could-based cyber attacks rose by 630 percent. 

• According to International Data Corporation, there will be 55.7 billion connected devices in the 

world by 2025, 75 percent of which will be connected to the Internet of Things (IoT) 

If all of your network’s administration or management ports are connected to the production network and 

an attack occurs, IT infrastructures are exposed and can be accessed. However, if the port is connected 

to an out-of-band management system, the LAN can’t access any administration consoles on that 

equipment, making it extremely secure. Since it separates management traffic and the user, engineers 

can lock down parts of the network, restrict access, and secure the management plane. 

While the idea of an independent management plane is relatively new in this particular form, part of the 

beauty of it is that it depends on older – but ultimately more reliable – technology. For years, network 

teams used Plain Old Telephone Service (POTS) lines to access routers’ serials ports, which, other than 

physically rebooting it on-site, is the best way to access a locked device. With the advent of 3G – and 

subsequently faster – cellular speeds, it’s become possible to proactively monitor and remediate those 

same devices because the entire platform is now IP-based, which means it can send SMS or email alerts 

as well. 

The development of 4G LTE opened up even more opportunities to create independent network 

resilience, especially at the edge. This versatility is even more crucial in the modern landscape, where 

most businesses have moved away from the traditional model – office, branch office, distribution center 

– and toward remote work models and Internet of Things-enabled devices. Because 4G is stronger and 

faster, it allows you to all of the necessary network maintenance from a separate network without 

sacrificing any critical edge bandwidth. 

The true beauty of an independent management plane is that it can also be used proactively to deploy 

new data centers through zero-touch provisioning. With the proper device and pre-determined 

configurations, racks of switches can be set up without any significant interaction with the device, whether 

those switches are physical or cloud-based. Most of the time, when a network goes down, it’s due to 

human error, which is why this type of automation is so important – not only for more efficient 



configuration, but also for faster additional deployments. If you want to expand your business into other 

regions at scale, then you’re going to need a network that can expand along with you, and the best way 

to make that happen is through automation. 

When we’re at home, stretching our personal networks to the brink with multiple devices, we hardly think 

twice about it when that network finally goes down, almost as if it’s a relative inevitability. In enterprise, 

it’s essentially the same dynamic, save for one key difference – the effects of lost time and transactions. 

By creating and implementing and independent, automated management plane platform, your customers 

will be much happier – even if they never really know why – and you’ll sleep better at night. 


Todd Rychecky is VP of Americas for Opengear, responsible for developing 

and executing sales strategies, multiple business initiatives, hiring and talent 

development, setting performance goals and growing the business. He joined 

the company in 2008 and was the first sales and marketing hire. Rychecky 

earned a bachelor’s degree in biology from Nebraska Wesleyan University. 

Todd can be reached online on LinkedIn and at our company website 

https://opengear.com/. 



Exploring the Synergies Between HIPAA Compliance and 

Cybersecurity 

Dr. Rachael Bailey, Healthcare IT Content Consultant at Atlantic.Net 

As the world finds itself in the clutch of a global pandemic, it is evident that cybercriminals are using the 

crisis to their advantage, coming up with novel ways to target businesses at an increasingly vulnerable 

time for them. Indeed, the US Cybersecurity and Infrastructure Security Agency (CISA) and UK National 

Cyber Security Centre (NCSC) issued a joint statement declaring an increase in COVID-19-related 

malicious activity. 

COVID-19 has brought many changes into our lives, such as social distancing and remote working, and 

these are likely to be a part of our ‘new normal’ for some time. Businesses and individuals must learn to 

adapt the way in which they work, in order to address the new cybersecurity risks that they face. 

Cybercriminals Seek To Target the Healthcare Industry 

With the value of patient data soaring and many healthcare organizations still using legacy systems, 

businesses within the healthcare vertical have become a prime target for cyberattacks during the 

pandemic. Compared with other industries, the healthcare sector falls behind in the deployment of new 

technologies, instead of relying on outdated cybersecurity infrastructure that leaves them vulnerable to 

malicious attacks. 



Data breaches can lead to huge financial losses for the healthcare industry, as well as the consequences 

associated with compromised patient data. While dealing with the large-scale disruption and strain 

caused by COVID-19, healthcare providers have also had to face heightened cyber threats, including 

ransomware, malware, and phishing attacks. Cybercriminals have taken advantage of the rapid scaleup 

of telehealth and remote learning to wreak maximum havoc on an extremely strained healthcare system 

and fatigued healthcare professionals. 

In response, the HHS Office for Civil Rights (OCR) has released guidance standards relating to telehealth 

remote communications, emphasizing its discretion at enforcing Health Insurance Portability and 

Accountability Act (HIPAA) violation penalties on the provision of telehealth services during the pandemic. 

Following HIPAA Guidelines Is Not Sufficient 

Maintaining the integrity of protected health information (PHI) is imperative and the past year has 

highlighted how vital it is that healthcare organizations implement and maintain effective and robust 

cybersecurity measures. HIPAA legislation, passed by Congress in 1996, establishes the guidelines for 

protecting sensitive patient data, describing the key physical, technical and administrative safeguards 

that an organization should have in place. Noncompliance with HIPAA regulations can lead to hefty fines 

and other significant consequences for Covered Entities. 

HIPAA legislation contains two key rules that work in tandem to maintain the integrity of patient data - the 

Privacy Rule and the Security Rule. The Privacy Rule focuses on an individual's right to protect the 

confidentiality of their information in any form, while the Security Rule is concerned solely with the 

protection of electronic PHI. This means that the Security Rule covers the implementation of effective 

cybersecurity measures, however, the guidance that it provides is open to interpretation. 

Healthcare Entities and their Business Associates are required to abide by the necessary HIPAA 

guidelines to ensure regulatory compliance, however, as the cyber threat landscape rapidly evolves, 

compliance with established HIPAA laws may no longer be enough. 

The healthcare industry is expanding at a rapid pace, and so too are the regulatory and compliance 

requirements. After navigating through the intricacies of HIPAA compliance, healthcare organizations 

may assume that their infrastructure is secure against cyberattacks, but this is simply not the case. Full 

HIPAA compliance does not guarantee adequate cybersecurity and further measures should not be 

overlooked. In order to create a safe and secure infrastructure for the collection and storage of PHI, 

healthcare organizations must focus on the synergistic relationship between HIPAA compliance and 

Cybersecurity, exploring how the two concepts can support and empower one another. 

Why Does HIPAA Need Cybersecurity? 

As HIPAA regulations predate emerging cybersecurity threats, we must consider how they address the 

risk of a data breach. HIPAA legislation does not offer healthcare providers a comprehensive plan 

detailing how compliance should be achieved, this means that the level of compliance can vary greatly 

between organizations. Without paying close attention to security risks, organizations can leave 

themselves vulnerable to attack. 



In February 2016, the OCR published a crosswalk, connecting the HIPAA Security Rule with the National 

Institute of Standards and Technology’s (NIST) Cybersecurity Framework. This document maps the 

overlaps between the two frameworks and as the Security Rule offers flexible and scalable guidance, 

aligning it with the NIST Cybersecurity Framework allows Covered Entities to identify and correct 

vulnerabilities in their cybersecurity. By complying with NIST’s Cybersecurity Framework and 

implementing the necessary HIPAA safeguards, healthcare organizations can protect themselves from 

even the most serious data breaches and subsequent consequences, while ensuring HIPAA compliance. 

Moving forwards, the events of 2020 look set to change the way we approach data security and we can 

anticipate reforms being made to legislation in 2021. The HHS has already hinted change may be on the 

horizon for the Privacy Rule, perhaps plans for the Security Rule are also being considered. 

The last major overhaul to HIPAA legislation was in 2013, with the Final Omnibus Rule. This rule 

introduced many of the privacy and security recommendations of HITECH. However, much has changed 

to the cybersecurity landscape since 2013, and the threats facing healthcare organizations today are far 

more advanced. Considering ransomware, the onslaught of this malware happened well after 2013. So 

it is conceivable why some people are calling for a major shakeup. 

Looking at the healthcare technology trends, cybersecurity will remain a key focus of the healthcare 

industry over the coming year, as we learn from our experiences during the pandemic and look to better 

protect our valuable patient data, including big data analytics as this becomes more commonplace. It 

remains to be seen whether the OCR will take this opportunity to update HIPAA regulations, taking into 

account the evolution in cyberattacks that were not accounted for when the law was enacted. 


Dr. Rachael Bailey, Healthcare IT Content Consultant at Atlantic.Net. 

A graduate of the University of Chester and postgraduate of the University 

of Liverpool, with a Ph.D. in Gastroenterology and Cell Biology and a Firstclass 

degree in Biomedical Sciences. An experienced and passionate 

medical writer and an expert in writing scientific documents, regulatoryrelated 

documents, and articles discussing US Healthcare and 

Compliance. 

Rachael can be reached online at website https://www.atlantic.net/ 



Whom Do You Give Access to Community? 

By Milica D. Djekic 

The community is a very broad term including the social, business and organizational aspects of some 

group. By community we mean the members of some network that are correlated with each other through 

a certain set of rules and interactions. In the best case, those parts of the group work for a benefit of their 

community and anyone being damaging about the union can be recognized as an insider threat. The 

appealing stuff is any insider threat cell can generate the new inner risk making the community being 

harmful about itself as well as anyone else in its surrounding. In the practice, there are some best 

practices in preventing, managing and responding to the insider risks, but the ongoing situation 

demonstrates that we still need to learn how to tackle that concern. Today’s threats are well-implemented 

into all segments of our activities and it’s only the matter of time when some of them will become the 

inner risk to all. That’s nothing new for a defense community as the similar scenario has been noticed 

during the history. Every novel epoch will bring the new challenges and some responses from the past 

can be modified and adjusted to the current situations. The worst-case scenario with the insider threats 

is they can generate the new risks literally multiplying themselves as a virus trying to infect everyone in 

the group or wider. This topic is especially concerning in the area of transnational crime and terrorism as 

those malicious actors can try to spread their grids nearly anywhere. In other words, they can be like a 

spider attempting to catch any naive fly believing there is nothing critical about such a transparent, but 



powerful net. One by one anyone can be compromised or caught with the endless world of criminalities, 

so far. 

From that perspective, it seems the most concerning thing to insider risk is to get an access to community 

as once implemented into some environment it can begin to develop its net of threats to everyone being 

inside or anyhow connected to that unit. That is primarily sensitive in case of the terrorist cells for a reason 

those groups are capable to approach the community members relying on propaganda, psychological 

operations and brainwashing programs that can be shared through the cyberspace or in the other means. 

The content being sent through such a matter is created to sound carelessly and benignly, but the actors 

hiding behind could be the real monsters. In other words, the point is to access some community leaving 

its members in belief nothing dangerous is happening and once the people get convinced there is no 

reason for fear they will put their weapon down giving the keys of their heart to someone being ready to 

break it into the pieces. The experience shows the common targets of those campaigns are the members 

of the general population and if the terrorists want to conquer the world they could attempt to rule over 

our minds using their carefully prepared psychological operations. The fact is the human mental system 

is the ultimate governor of the entire body, soul and psyche, so once attacked it can get in the hands of 

bad guys and in such a case the entire life path can be directed as those malicious actors wish. The body 

cannot live without mind and anyone knowing that will aim the center of everything. If the source of our 

strength is disabled the rest of our functioning will be conquered. 

As anyone will realize the main problem here is the access. The current situation in the world will suggest 

that everyone has become dependable on cyber technologies and that life habit is the greatest source of 

our weakness as such an innovation can be used in order to transfer the inadequate content to end users 

and literally feed them with so frightening products, so far. 

About The Author 

Milica D. Djekic is an Independent Researcher from Subotica, the 

Republic of Serbia. She received her engineering background from 

the Faculty of Mechanical Engineering, University of Belgrade. She 

writes for some domestic and overseas presses and she is also the 

author of the book “The Internet of Things: Concept, Applications 

and Security” being published in 2017 with the Lambert Academic 

Publishing. Milica is also a speaker with the BrightTALK expert’s 

channel. She is the member of an ASIS International since 2017 and 

contributor to the Australian Cyber Security Magazine since 2018. 

Milica's research efforts are recognized with Computer Emergency 

Response Team for the European Union (CERT-EU), Censys 

Press, BU-CERT UK and EASA European Centre for Cybersecurity 

in Aviation (ECCSA). Her fields of interests are cyber defense, 

technology and business. Milica is a person with disability. 



Reapproaching Cybersecurity in A Digital First World 


For too long now, organizations have been focusing on protecting their network, when in fact they should 

have been protecting their data. The reality that the security industry discusses network security, but data 

breaches, shows it’s clear that something needs to change. Paul German, CEO, Certes Networks, 

outlines why the security industry has been protecting the wrong thing and what they can do to ensure 

their data is secure. 

Starting with Data Breaches 

Considering some of the largest data breaches the world has ever seen, it’s clear that cyber hackers 

consistently seem to be one step ahead of organizations that seemingly have adequate protection and 

technology in place. From the 2013 Adobe data breach that resulted in 153 million user records stolen, 

to the Equifax data breach in 2017 that disclosed the data of 147.9 million consumers, the lengthy Marriott 

International data breach that compromised the data from 500 million customers over four years, to the 

recent Solarwinds data breach at the end of 2020, over time it’s looked like no organization is spared 

from the damaging consequences of a cyber hack. 



The media headlines refer to these attacks as ‘data breaches’, yet the default approach to data security 

for all these organizations has been concentrated on protecting the network - to little effect. In many 

cases, these data breaches have seen malicious actors access the organization’s network, sometimes 

for long periods of time, and then have their choice of data that’s left exposed and vulnerable. 

So what’s the reasoning behind maintaining this flawed approach to data protection? The fact is that 

current approaches mean it is simply not possible to implement the level of security that sensitive data 

demands when it is in transit without compromising network performance. Facing an either/or decision, 

companies have blindly followed the same old path of attempting to secure the network perimeter, and 

hoping that they won’t be subject to the same fate as so many before them. 

However, consider separating data security from the network through an encryption-based information 

assurance overlay. This means that organizations can ensure that even when malicious actors enter the 

network, the data will still be unreachable and illegible, keeping the integrity, validity and confidentiality 

of the data intact without affecting overall performance of the underlying infrastructure. 

Regulations and compliance 

Regulations such as GDPR have caused many problems for businesses globally. There are multiple data 

regulations businesses must comply with, but GDPR in particular highlighted how vital it is for 

organizations to protect their sensitive data. In the case of GDPR, organizations are not fined based on 

a network breach; in fact, if a cyber hacker were to enter an organization’s network but not compromise 

any data, the company wouldn’t actually be in breach of the regulation at all. 

Regulations including GDPR and others such as HIPAA, CCPA, CJIS or PCI-DSS, are focused on 

protecting vulnerable data, whether it’s financial, healthcare or law enforcement data. The point is: it all 

revolves around data, but the way in which data needs to be secured will rely on business intent. By 

implementing an intent-based policy, organizations can ensure their data is being handled and secured 

in a way that will meet business goals and deliver provable and measurable outcomes, irrespective of 

how the regulatory environment might evolve over time - as it inevitably will. 

Preventing data breaches 

The growth in digitization means that there is now more data available to waiting malicious actors, and 

sensitive data is becoming increasingly valuable across all business sectors. 

To ensure the continued security of valuable, sensitive data, a change in mindset is required when it 

comes to any cyber security investment. A CISO must consider essential questions, for example: Will 

this technology protect my data as it moves throughout the network? Will this solution keep data safe, 

even if criminals are able to hack into the network? Will this strategy ensure the business is compliant 

with regulations concerning data security, and that if a network breach does occur, the business won’t 



isk having to pay any fines? The answer to these questions must be yes in order for any CISO to trust 

that their IT policy is effective and their data is safe. 

Moreover, with such a significant volume of data to secure, real-time monitoring of the organization’s 

information assurance posture is vital in order to efficiently and quickly react to an issue, and remediate 

it. With real-time, contextual meta-data, any non-compliant traffic flows or policy changes can be swiftly 

detected on a continuous basis to ensure the security posture is not affected. This means that a data 

breach would not follow in the wake of a network breach, which is inevitable. 

Removing the misdirected focus on protecting an organization’s network by implementing an information 

assurance approach that is concerned with securing data, is the best way that the security industry can 

move away from the damaging data breaches of the past. There really is no reason for these data 

breaches to frequently feature in the media headlines; the technology needed to keep data secure is 

ready and waiting for the industry to take advantage of. In order to avoid suffering the same fate as many 

organizations who have not protected their data, companies must secure their most valuable asset - in 

order to protect themselves and their reputation. 


Paul German is the CEO of Certes Networks. Paul is an experienced sales 

focused CEO with over 20 years of experience in selling, marketing, 

implementing and supporting networking and security technologies. He 

joined Certes in January 2015 where he initially led the EMEA region growing 

revenues 50% and establishing key relationships selling into multiple vertical 

markets, on which further success will be scaled. Paul prides himself with 

building great teams, knowing the right team will ultimately make the 

company successful. With Paul’s broad background in sales and marketing, 

operations, technology management, design and development he is able to 

bring teams together and lead successfully, establishing a solid foundation 

for future growth. Paul German can be reached online at Twitter: 

@pwgerman, LinkedIn: Paul German and at our company website https://certesnetworks.com/ 



Penetration Testing 101: A Key to Safeguarding Clients’ 

Data 

How can companies identify vulnerabilities, protect digital assets, and prevent reputational or 

money losses? Focus more on cybersecurity with penetration testing at the forefront. 

By Mike Urbanovich ― Head of test automation and performance testing labs at a1qa 

Have you ever thought about how much a single error can cost? Let’s say, we are talking of a data 

breach. According to the latest report, its average price comprised $8.64 million in the USA 

alone, which dates back to 2020. Despite the industry your organization belongs to, DDoS attacks, 

Trojan-infected botnets, clickjacking, or other malicious hacks can easily place your business at a risk 

of severe reputational damage. 

In the age of cybercrime provoked by the COVID-19 pandemic and a consequent global shift to 

online, various types of cyber threats have been on the rise, thereby forcing companies to perform 

uncomfortable justifications. For instance, last January, Microsoft customer support database was 

exposed providing personal data of almost 300 million users, while in April the credentials of half a 

million Zoom accounts were available for sale on the darknet. 

To keep the intruders at bay and continue with business as usual, companies may reconsider their 

development strategies and choose penetration testing. In the article, I'll focus more on its concept, 

value, and types to help organizations enrich their QA strategies. 



Penetration testing essence 

Being one of the most sought-after QA types nowadays, penetration testing serves to uncover security 

vulnerabilities, safeguard sensitive clients’ data, and minimize any application risks, which directly 

increases brand image and boosts client retention rates. 

Unlike ethical hacking, certified specialists perform these verifications, smoothly spot diverse solution 

weaknesses, and will never behave in a way “black-hat” hackers act, probing companies’ systems and 

applying obtained data for criminal gain. 

Penetration testing role for business: 4 major benefits 

So, what are the major perks of implementing ongoing penetration testing? There are at 

least four advantages that may change business workflows for the better: 

1. Prevent any damage to public image or loss of money. In addition to reputational damage led 

by an extensive decrease in customer base, companies may lose tremendous sums of 

money by paying multi-thousand ransoms for the attackers to keep the business. 

2. Enable business resilience. Serious hacks of malicious users can briskly lead to dissolving any 

activities. Without timely detecting and troubleshooting existing security 

loopholes, organizations may experience a continuous exposure to high-level risks. 

3. Save a great deal of time that could be otherwise spent on recuperation. Recovery 

procedure after being subjected to a cyberattack is a time- and effort-consuming process fraught with 

challenges like a significant decrease in operational capabilities for many months thereafter. 

4. Attain compliance with strict regulations. International standards may impose monthly penalties in 

case of inconsistency with set requirements. In addition, PCI DSS states that it’s vital to 

fulfill penetration testing both annually and after any considerable changes introduced to the 

system. 

When to conduct penetration testing? 

Unfortunately, organizations remember to carry out this activity when it’s too late, and a breach has 

already occurred, thereby extending a virus within a company or stealing highly sensitive data. 

To prevent this devastating scenario from taking place, broad-minded companies involve penetration 

testing experts each time they plan to release an application, introduce substantial modifications, apply 

new security patches, or pass the analysis scheduled by the demands of diverse international 

regulations. 

3 approaches to performing penetration testing 

Depending on whether the QA engineers possess a profound knowledge of the solution under test or 

have to explore this data on their own, let’s determine 3 techniques used to fulfill these verifications and 

boost organizational security: 

1. Black-box testing. In the scope of quality assurance activities, the engineer has no or little data 

on the client’s software and has to discover the ways of entering system infrastructure. It allows 



simulating real-life attacks carried out by intruders and spotting vulnerabilities that can be leveraged 

outside the network. 

2. White-box testing. Contrary to the technique discussed above, the tester has a 360-degree 

access to system information such as the source code and the environment and is able to conduct 

an all-inclusive security analysis using code analyzers and debuggers to determine both internal and 

external exposures. 

3. Gray-box testing. Finally, the penetration testing engineer may have limited data about the 

business’ software, like design and architecture documentation, and behave on behalf of a 

cybercriminal with a long-standing access to the system. 

Top 5 penetration testing types 

Unfortunately, all security risks are hard to envisage. Still, businesses may keep them to a minimum by 

timely applying QA to determine weak points in the system with the help of a realistic, in-depth 

analysis that penetration testing provides. Therefore, I suggest delving deeper into its types below. 

1. Network services 

Carried out both locally and remotely, it detects security flaws in the organization’s 

network infrastructure by covering high-priority aspects such as servers or workstations. In the scope of 

assuring quality, the engineers make sure that a company would manage to withstand a 

number of widespread attacks including SSH, DNS, database, proxy server hacks, and more. Since the 

network is an essential part of any organization and is responsible for business continuity, it’s wise to 

perform external and internal penetration tests. 

2. Web application 

This time- and effort-consuming penetration test helps define vulnerabilities in web 

applications, browsers, and multiple components like APIs by identifying every part of 

the apps leveraged by users. Performed professionally, it traces the most pervasive application weak 

points ― from bad session management to issues in code. 

3. Social engineering 

Generally, the core objective of cybercriminals is to deceive users by making them intentionally provide 

the desired sensitive data like credentials. Amid the COVID-19 outbreak, this verification plays first fiddle 

due to the boost in phishing schemes. To define security bottlenecks, the engineers utilize social 

engineering attacks such as phishing, scareware, tailgating, and others. 

4. Wireless 

In this case, the QA team seeks any kinds of weak points that can be used within the extensive chain of 

all the devices ― from laptops to smartphones ― connected to the corporate Wi-Fi. Accordingly, QA 

teams frequently run these tests onsite to be within the range of the signal. Wireless penetration 

testing means a great deal since without regular quality assurance, the intruders obtain unauthorized 

access to the organization’s network by applying diverse Wi-Fi hacking tools. 

5. Physical 

These kinds of tests often lack the appropriate focus, which is a big mistake. By making use 

of divergent security loopholes, the attackers can sneak into a server room and take control of a 

network. To prevent such a case, it’s vital to spot vulnerabilities in sensors and locks in advance. 



In a nutshell 

Brand reputation and meeting the increasingly high competition intimately depend on an overall level of 

robustness within an organization. The earlier it focuses on timely cybersecurity testing, the less likely it 

faces severe consequences of the hacks performed by malicious attackers. 

Good security practices with diverse types of penetration testing at the helm enable a risk-based 

approach to ensuring high protection against a sophisticated intruder. 


Mike Urbanovich is a Head of test automation and performance testing 

labs staffed with more than 180 QA engineers at a1qa ― a software 

testing company. Through 9 years of vast experience in quality 

assurance, he has performed multiple roles, including a QA software 

engineer and a QA manager. 

Currently, Mike is responsible for high-level team coordination, projects 

management, accounts management, and coaching. A huge technical 

background in the field and advanced communication skills help 

him successfully support the range of projects for the Fortune 500 list 

clients representing diverse industries and coordinate technical and nontechnical 

specialists. 

Mike can be reached at our company website https://www.a1qa.com/ 



Establishing Your ICS (Industrial Control Systems) 

Security Action Plan – Getting Started Guide 

Understand what action you need to take to get your ICS Security strategy off and running 

By Dirk Schrader, Global Vice President of Security Research, New Net Technologies 

(NNT) 

Major trends in Industry 4.0, Smart Factories, or Digitalization promise significant benefits to those 

following them. According to a recent Gartner analysis, 60% of all organizations trying to reap these 

benefits are still in the very early stage of becoming aware of the needs and issues related to ICS Security. 

As such, there is now a requirement to develop a cyber security plan for Operational Technology 

(sometimes also named cyber-physical systems). This post tries to address that need and related issues 

in a structured manner using the familiar PDCA cycle approach. The reason for doing so is quite simple 

and – in fact – the first important thing to accept: ICS Security is never done, never is there a ‘mission 

accomplished’. The basic elements of Industrial Control, of Operational Technology, the threats to it, the 

way an organization uses its cyber-physical assets to generate its added value, all these elements are 

constantly changing and evolving. Therefore, your ICS Security is a cyclical management task. A task 

that can be structured, mapped, and executed as the following sections describe. 



Plan 

Planning for ICS Security needs to start with an understanding of the different objectives held by those 

responsible for the safety and security of Operational Technology, and of those concerned with 

Information Technology, as well as their differing priorities and the implications of these. Make operational 

and cyber resilience a common task and goal for all. 

The security priorities along which OT and IT are organized quite often are the root cause for 

misconceptions, misunderstandings, and incomplete guidelines. As a kind of worst case, the attempt to 

force IT rules on OT devices can be devastating (try to roll out a patch to an embedded device providing 

a real-time control function for an industrial furnace in a Chemical Plant just because it is Patch Tuesday). 

OT focusses on control and availability as the top priorities and confidentiality as the least, in contrast to 

the known C-I-A triad of priorities, holding confidentiality as paramount. 

Similarly, there needs to be regular information exchanges among all stakeholders about new threats, 

new processes, new or changed assets and applications. The key aspect of these regular reviews is to 

share an understanding of any changes to the business as a whole. A new production line improving the 

efficiency of a plant can be rendered vulnerable if its connections to the maintenance provider is unknown 

or undocumented. 

In addition, establish guidance for the ‘emergency case’ that reflects tasks and responsibilities for 

systems, assets, and processes. Communication chains and loops will have to be prepared as well. 

Do 

With the planning and preparation in mind, get some threat & vulnerability intelligence in place. Use 

CISA’s ICS alerts and advisories (you can find them here as well) and other additional sources about 

vulnerabilities discovered, whether in IT or in OT devices. This intelligence will help you with the daily 

task of what to look out for. Share experience with industry peers and your supply-chain and learn from 

them by participating in regular exchanges. 

Depending on your infrastructure, you can use a good vulnerability scanner to detect any existence of 

vulnerabilities listed in the a.m. threat intelligence sources. Caution is advised when doing so, as for some 

OT equipment network scanning is not suitable. Use this combined knowledge (vulnerabilities and threat 

intel) to establish a Secure Baseline configuration for devices, where the latest firmware / software is 

installed with any recommended patches. 

Generate shared internal knowledge about all assets, whether IT or OT, involved in the business 

processes of your organization, how they interact and communicate. Find out which one depends on 

others or provides vital output to other OT machinery so to identify about critical overlapping paths in data 

flow and material flow. Again, this knowledge of essential communication paths should also become part 

of the Secure Baseline, with only approved network-accessible ports permitted for each class of device. 

Map out the communication network, with an overlay of the business process. If it is not possible for all, 

do it for the critical ones, those that have to be kept running – even if degraded – for the company to 

continue to generate its output of products and or services. Assign checkpoints to that map and what 

should be verified at each of these points. 



Based on that map and these checkpoints, do some demarcation. Zoning will help you to contain 

malicious activities. For example, use fire zones or anything similar established in the physical world of 

production as a way to map cut-off points for a certain area. 

These checkpoints (which are likely firewalls or L3 switches) as well as the many assets and devices in 

your OT and IT environment are then part of the Check sequence, that is to monitor them for changes 

from that overall baseline and secure configuration you established. 

Check 

Uncontrolled changes are the main cause for cyber incidents, regardless of whether the malicious change 

happens in the OT world or in the IT space. The ability to detect any change, as provided in the DO cycle, 

will allow to run automated checks. Pre-approved and ideally pre-tested changes should go through that 

check without raising any alarm, unless there are any deviations from what was expected. Unplanned 

changes will be verified against known good and bad samples to identify malicious or suspicious events, 

which are then followed through in the security workflow established in the PLAN phase. Changes in IT 

occur frequently in contrast to changes to OT equipment, which are less frequent, but conversely the 

impact of a malicious change can have real-life consequences. Make sure that changes on critical assets 

and on critical processes are accounted for. Operating from a Secure Baseline makes the detection of 

unplanned integrity changes much clearer and allows the process to be automated using system integrity 

monitoring technology. 

Any unknown device showing up in your monitoring is a change that needs to be acted upon, as that 

indicates a gap in the PLAN and DO phase. 

Act / Adjust 

The automated monitoring will allow you to act upon any gaps identified going through the PLAN stage 

again, now including the previously unknown elements. It also enables you to make the necessary 

adjustments when major changes to an existing production process or new business processes or even 

new business models are introduced. Update your plans and maps, including your Secure Baseline with 

any changes to software, patches, or network ports, then adjust your incident handling where needed, 

and start the cycle again. 




Dirk Schrader is the Global Vice President of Security Research at 

New Net Technologies (NNT). A native of Germany, Dirk Schrader 

brings more than 25 years of delivering IT expertise and product 

management at a global scale. His work focusses on advancing 

cyber resilience as a sophisticated, new approach to tackle cyberattacks 

faced by governments and organizations of all sizes for the 

handling of change and vulnerability as the two main issues to 

address in information security. Dirk has worked on cyber security 

projects around the globe, including more than 4 years in Dubai. 

With technical and support roles at the beginning of his career, his 

career path includes sales, marketing and product management 

positions at large multinational corporations, as well as small 

startups. He has published numerous articles in German and English about the need to address change 

and vulnerability to achieve cyber resilience, drawing on his experience and certifications as CISSP 

(ISC²) and CISM (ISACA). His recent work includes research in the area of medical devices where he 

found hundreds of systems unprotected in the public internet, allowing access to sensitive patient data. 

Dirk can be reached on Twitter @DirkSchrader_ and at our company website 

https://www.newnettechnologies.com/. 



Improving Your Organization's Password Hygiene this 

World Password Day - Industry Experts 

By Ralph Pisani, president, Exabeam 

As we all know, passwords are required to access multiple tools and services that are needed to keep a 

business running, from logging into a computer to email accounts and vendor profiles. By juggling 

numerous different logins, users often fall into bad habits, such as repeating passwords, using common 

phrases and failing to update their passwords on a regular basis. 

The first Thursday in May is celebrated as World Password Day – a day to bring awareness to these bad 

habits and buck the trend. And this year especially as the pandemic drove companies to adopt remote 

working policies and individuals to increasingly socialize online--and the threat of social engineering to 

password security was highlighted--a 15% increase in social engineering-type attacks occurred. 

Now, more than ever, it’s important for businesses to ensure that their employees are educated and 

taking the necessary precautions around password-related security risks and best practices. 

This World Password Day, myself and experts from multiple tech companies have provided their tips and 

strategies to help secure credentials and protect businesses from the cyber attacks that have risen in 

recent months. 



Joseph Carson, chief security scientist & advisory CISO, ThycoticCentrify 

“It is World Password Day, which means it is time to reflect on your current password hygiene and 

determine if your password choices are putting you at serious risk of becoming a victim of cybercrime. 

According to the UK National Cyber Security Centre (NCSC), 15% of the population uses pets' names, 

14% uses a family member's name, and 13% picks a notable date. In fact, the weak password problem 

is so severe that the UK recently proposed new internet and IoT reforms that would make using 

“password” as your password illegal. 

Passwords remain one of the biggest challenges for both consumers and businesses around the world. 

Thanks to the SolarWinds security incident in late 2020, we were all reminded that a poor password 

choice can not only impact your own organization but all connected organizations as well. This was likely 

one of the biggest supply chain cyberattacks in history -- all stemming from poorly-created passwords. 

If you are a consumer, start by using a password manager today. If you are a business leader, you should 

move beyond password managers straight into privileged access security. Rotating and choosing 

passwords is one of the biggest causes of cyber fatigue, so organizations can reward employees with 

privileged access security solutions that will eliminate one of their biggest work headaches and introduce 

security solutions that they will want to use. Privileged access security is one of the few security solutions 

that will transform your employee password experience into one that will make them more productive -- 

and you’ll never need to create unique, complex passphrases for every account as privileged access 

management (PAM) will do that for them. It’s time to increase security and ease stress by moving 

passwords into the background with a modern PAM solution.” 

Neil Jones, cybersecurity evangelist, Egnyte 

“Recently, one of the largest data dumps in history, referred to as COMB (Compilation of Many 

Breaches), exposed an astronomical 3.2 billion passwords linked to 2.18 billion unique email addresses. 

This is frightening news for all of us, but it’s particularly worrisome for IT leaders. So many of them are 

kept up at night with a gnawing concern: How do I manage the growing risk of data breaches, with a large 

proportion of my employees working remotely? 

Remote work can lead to employees accessing unsanctioned devices, apps and networks, particularly 

when they experience issues with work-related IT resources. This broadens the attack surface for bad 

actors and leaves few checks in place for careless behavior that can result in data leaks. 

To commemorate World Password Day, we’d like to remind you about practical steps that you can take 

to protect your valuable information, while embracing today’s work-from-home environment: 

● 

● 

Educate your employees on password safety – Teach your users that commonplace 

passwords such as “123456,” “password” and their pets’ names can put your data and their 

personal reputations at risk. Remind users that passwords should never be shared with anyone. 

Institute two-factor authentication – IT administrators should require additional login 

credentials during the users’ authentication process, to prevent potential account breaches. This 



● 

● 

● 

● 

can be as simple as a user providing their password, then entering an accompanying numeric 

code from an SMS text. 

Set passwords for personal devices – Personal devices are on the rise in a remote-work 

environment and are particularly vulnerable to data theft, so encourage your employees to 

password-protect them. 

Change your Wi-Fi password regularly – Remember that potential hackers are often working 

from home, just like us. If you haven’t updated your Wi-Fi password recently, do it immediately. 

Establish mandatory password rotations – Greatly reduce exploitation of default and easilyguessable 

employee credentials by making your employees change their passwords regularly. 

Update your account lockout requirements – Prevent brute force password attacks by 

immediately locking out access points after several failed login attempts.” 

Jon Clemenson, director, Information Security, TokenEx 

“Despite technology trends moving toward risk-based authentication, passwords are likely to remain in 

play for some time. Considering this, World Password Day provides the perfect opportunity to reiterate 

strong password policies that are vital to both personal and business security. Cybercriminals often reuse 

credentials from password dumps found online, commonly referred to as credential stuffing, to access 

sensitive data. That tactic combined with using simple passwords does not provide appropriate data 

protection. We ask users not to repurpose passwords across websites, and instead, institute lengthy and 

unique complex passwords whenever possible in conjunction with two-factor authentication. 

Further, malware and other attack methods can completely bypass passwords, which is especially 

concerning during remote work. Before cyber thieves can advance on your credentials, we recommend 

using password managers to auto generate strong passwords, or moving to biometric or physical keys 

for authentication, which are more secure than using passwords. For sensitive data like credit card 

numbers or other personal info, businesses can remove that data from systems entirely using 

tokenization. That way, if a hacker does access company systems, they won't steal any useful 

information. 

Finally, to rise above being a ‘low hanging fruit’ target for a malicious actor, good password hygiene 

practices like not sharing or reusing passwords are vital. Investing the time to take one extra step to 

secure your data is invaluable when compared to the fallout of a data breach.” 

Glenn Veil, VP, engineering, Wisetail 

"Passwords play a critical, ongoing role in different aspects of our lives. In our personal lives, they provide 

a layer of defense against fraud and identity theft. In the workplace, they defend us against a breach of 

sensitive company or customer data. At Wisetail, we implement policies, standards and guidelines around 

credential security, but the key is to create awareness and sensitivity in our employees through education 

and training. 

Here are some tips we recommend to protect yourself and your business from cyberattacks: 



1. Educate your people on the importance of credential security and provide them with the tools to protect 

credentials 

2. Create an environment where your people are comfortable highlighting security issues or cases where 

practices are not being followed so you can continue to improve your credential security 

3. Utilize multi-factor authentication to reduce the damage that can be done by weak or exploited 

passwords 

4. According to NIST's 2021 security recommendations, it's important to keep your passwords long but 

not too complex. Theoretically, if the password is long enough, the chance of a hacker figuring out the 

correct sequence is low. 

Follow these best practices beyond World Password Day, and your entire team will play a part in creating 

obstacles for digital adversaries and protecting your data." 

Josh Odom, CTO, Pathwire 

"As we reflect on cyber hygiene practices for World Password Day, we recognize that for many years 

users were encouraged to create strong passwords using random combinations of characters that are 

difficult for humans to remember, but easy for computers to guess. This is the opposite of the intended 

purpose and often leads to inherently poor habits such as writing down passwords or reusing ones that 

are easier to remember. Some websites utilize a password strength meter, but this can also be tricky and 

lead users to making weaker passwords instead of stronger ones. While we’ve engineered these meters 

to score the passwords we create, they are better used against ones that a computer can create because 

humans are too predictable, even when we try our best not to be. 

To overcome these persistent password weaknesses, utilizing a password manager that generates 

passwords from a large set of characters to achieve a desired level of entropy is one of the best options 

currently for creating strong and unique passwords. Still, other options available such as security keys, 

authenticator apps, or any available multi-factor authentication methods beyond using just a password 

should be considered for security. Finally, resources like haveibeenpwned.com which check for exposed 

passwords, are reliable compared to inventing and using your own strength-checking algorithms." 

Surya Varanasi, CTO of Nexsan, a StorCentric Company: 

“Few would argue that creating strong passwords must remain a priority. However, even after creating a 

seemingly impenetrable password using every best practice possible, undiscovered threats might still be 

able to penetrate them and expose your environment to unnecessary risk. 

But if your organization has data that is too important to lose, too private to be seen and too critical to be 

tampered with then you must take the next step to thwart cyber-criminals. This can be accomplished by 

employing a strategy that enables you to unobtrusively offload data from what is likely expensive primary 

storage (cost savings is another bonus here) to a cost-effective storage solution that is engineered 

specifically to be regulatory compliant and tamper-proof from even the harshest ransomware attacks. 

And since backups have become the latest malware targets, the storage platform should include 

“unbreakable backup” meaning it includes an active data vault that creates an immutable copy, which 



makes recovery of unaltered files fast and easy - so there’s zero operations disruption and never any 

need to pay ransom.” 

JG Heithcock, GM of Retrospect, a StorCentric Company: 

“A global survey conducted by Gartner found that 88% of business organizations mandated or 

encouraged employees to work from home (WFH) as a result of the COVID-19 pandemic. With millions 

of workers around the world now having to access their organization’s data remotely, data protection was 

put under increased pressure. For many, the answer was to employ a strong password -- oftentimes, 

requesting that employees do so employing a random mix of no less than 15 characters. Undeniably, this 

was a step that could not be ignored. Unfortunately, many learned the hard way that this was not enough 

to stop today’s increasingly determined and aggressive cyber-criminals. And given that research, such 

as that from the Harvard Business School, shows that the WFH paradigm will likely endure, it is clear that 

stronger measures must also be taken. 

The next step in the data protection and business continuity process for virtually any organization (or 

personally, for that matter) is an effective backup strategy. And the good news is that there is no need to 

reinvent the wheel here. A simple 3-2-1 backup strategy will do the trick. This means that data should be 

saved in at least three locations -- one on the computer, one on easy-to-access local storage and another 

on offsite storage. The options range from local disk, to removable media, to the cloud and even tape. 

And, if at least one copy is “air-gapped” meaning completely unplugged from the network, all the better. 

In 2021 and beyond, multi-layered data protection strategies - such as those employing strong passwords 

combined with thorough backup practices - will help to ensure you, your data and your organization 

remain protected in the event of a simple accident, cyber-attack or any other disaster.” 

Wes Spencer, CISO, Perch Security, a ConnectWise Solution 

“Here’s a riddle for you: what’s the one thing we all have, all hate and never remember? Yep, a password. 

Isn’t it ironic that in 2021, we’re still using one of the most broken systems for authentication ever? Even 

Julius Caesar hated passwords and preferred his own cipher to communicate instead. 

Why is this? Well, passwords are like underwear. You see, you should never share them, never hang 

them on your monitor, and honestly, no one should ever see them. So how do we go about living in a 

password-required world? First, remember that long passwords are always better than complex ones. 

This is because the human brain is hardwired to be extremely poor at creating and remembering complex 

passwords. In fact, a long 16-digit password is far more secure than a short 8-character complex 

password. 

Second, never reuse a password. Ever. Most successful breaches occur when a stolen password from 

one platform is leveraged against another system that shares the same password. At Perch Security, 



we’ve dealt with many breaches that occurred this way. It’s a true shame. The best way to avoid this is 

by using a reputable password manager and keeping it locked down. The password manager can handle 

the creation, storage and security of every password you use. 

Lastly, never rely on your password alone. All reputable platforms today should support multi-factor 

authentication. We should be religious about this. 

If you’ll follow these three things, your life with passwords will be much better. And perhaps one day, we’ll 

get rid of this pesky, broken system for good.” 

Ralph Pisani, president, Exabeam 

“World Password Day 2021 is more important than ever as organizations grapple with the new reality of 

‘work from anywhere’ and the fast adoption of the hybrid workplace trend. Cybercriminals will capitalize 

on any opportunity to collect credentials from unsuspecting victims. Just recently, scammers began 

preying on people eagerly awaiting vaccinations or plans to return to the office as a means to swipe their 

personal data and logins, for instance. 

The most common attack technique that I often see in the breach reports that I read is stolen credentials. 

This is a never ending battle between the security industry and cybercriminals, but there are ways 

organizations can protect themselves against credential theft. 

Through a mix of educating staff on complex password best practices, security awareness training and 

investing in machine learning-based security analytics tools, organizations can make it much more 

difficult for digital adversaries to utilize their employees’ usernames and passwords for personal gain. 

Behavioral analytics tools can swiftly flag when a legitimate user is exhibiting anomalous behavior 

indicative of compromised credentials. This approach provides greater insights to SOC analysts about 

both the impacted and malicious user, which results in a faster response incident time and the ability to 

stop adversaries in their tracks, before they can do damage. 

The pandemic increased the velocity of digital transformation, and cybercriminals are clearly becoming 

more advanced in parallel. Thus, we must stay hyper vigilant in protecting credentials this World 

Password Day and beyond.” 




Ralph Pisani leads the sales and marketing go-to-market 

functions at Exabeam. With 20 years of experience in sales and 

channel and business development, Ralph is widely recognized 

as one of the top security sales leaders in Silicon Valley. He led 

the Imperva worldwide sales organization from an early stage 

through the company’s successful IPO. Prior to Imperva, he 

served as vice president of Worldwide OEM Sales at 

SecureComputing (acquired by McAfee); and Regional vice 

president of Sales and vice president of Channel and Business Development for CipherTrust (acquired 

by SecureComputing). Ralph also has held global sales leadership roles with Sophos, Inc., HR Logic, 

Inc. and EMDS Consulting, Inc. Ralph has a BA in Business from Bentley University. 

Ralph can be reached online at @RalphRpisani and at our company website www.exabeam.com 



Clean Water Shows Us Why Cyber Certifications Matter 

By Yaron Rosen, co-founder and president, Toka 

In the early 20th century, as mass industrialization happened and cities developed, there were huge 

challenges getting the systems on which new urban centers relied safe and secure. One of them was a 

challenge that faced even the very first settlements: access to clean water. 

As new pipes were laid and water flowed through taps, new issues quickly arose around keeping the 

water supply safe. This resulted in standards to be set on what constituted “safe” water and the equipment 

needed to maintain that, including the chlorination process to disinfect water that started in Europe and 

quickly spread throughout the United States beginning in 1908. To run water systems, cities needed 

operators who knew what they were doing. States in response passed laws requiring certification to 

operate a water treatment facility based on specific education, training, and experience requirements. 

The federal government later tied funding to states with compliance with a certification program. 

Today, the growing infrastructure on which modern life relies is cyberspace, and its safety is a serious 

concern for the functioning of society. While the technology powering the internet is exponentially more 

complex than an early 20th-century water system, the requirements to keep it safe are the same. Like 

we did a century ago, we need to require cities and localities to meet basic technical requirements in their 

networks and employ people certified to keep the digital landscape safe. At the moment, too many cities 

are using outdated technology and do not have the experts necessary to defend themselves in 

cyberspace. 



Cities today struggle to anticipate when and where they are going to be attacked, and the sophistication 

and scope of attacks are increasing, including devastating ransomware threats. Cities of all sizes and in 

all countries are at risk, as officials in places like Johannesburg and New Orleans can attest. In Baltimore, 

a May 2019 ransomware attack cost the city more than $6 million. We would not tolerate regular 

disruptions to our water and electrical systems, and cybercrime cannot become something we simply 

accept as a cost of doing business. 

That’s why national governments must provide cities and localities guidance about how to organize their 

local cyber strategy. Just as a national government can set standards for other essential utilities, we need 

countries to mandate robust expectations for cities and states in cyberspace. In the United States, without 

strong direction from the national-level Cybersecurity and Infrastructure Security Agency, states have 

attempted to take matters into their own hands with cyber legislation. Still, an uncoordinated approach 

simply means bad actors will identify the weakest link. The European Union, recognizing “an increasing 

risk of fragmentation” without a common framework of certificates, recently introduced a certification 

model for information and communications technology (ICT) products that can serve as a guide for 

professional certifications and baseline qualifications for anyone managing the local tech infrastructure. 

Yet governments and cities will need assistance determining the qualifications and technology required 

for their specific cyber risks. National governments need to set these standards, and use whatever 

mechanism they can to enforce them, from mandates to tying funding to meeting these standards. 

This also goes for creating a qualified cohort of cybersecurity workers. Yes, cyber training programs and 

boot camps are already available, but countries should implement uniform standards and require 

certifications for state and local employees to improve our overall preparedness. We cannot afford a 

patchwork of qualifications and approaches to the growing issue of cybersecurity. A huge cybersecurity 

skills gap already exists, with millions of new workers needed to defend organizations and institutions. 

To fill this gap and encourage more people to become cybersecurity experts, we must outline exactly 

what prospective employees need to know and where they can learn the required skills to fill government 

positions. 

Clear qualifications will make it easier for countries to update their education systems and training 

approaches to meet this new cyber era. A focus on improving the tools available to cities and investing 

in new technologies will also offer an opportunity for the private sector to contribute its expertise. If 

countries put in place the regulations, certification, and training requirements for cities now, just as many 

places have done to manage other utilities, we can all adapt to change more quickly and address the 

flood of new cyber threats before significant damage is done. 


Yaron Rosen is a former chief of the Israel Defense Forces Cyber Staff, research 

fellow at IDC Herzliya, and co-founder and president of Toka, a cyber capacitybuilding 

company. Twitter: @RosenYaron 



How Can You Protect the Security Perimeter When the 

Threat is Already Inside? 

By Jon Ford, Managing Director, Mandiant Professional Services 

Legitimate access rules the cyber landscape. Every adversary wants it, and every employee has it. The 

increasing number of malicious insider incidents is particularly troubling for organizations of all sizes 

because insiders are, by definition, those we trust most. Malicious insider events impact organization 

reputation, customer trust and investor confidence. Organizations across industries have faced the rapid 

rise of malicious and negligent insider threats during the pandemic, resulting in corporate and economic 

espionage, data theft, digital extortion, backup destruction, accidental leaks and more. Forrester predicts 

that this trend is here to stay and that 33 percent of data breaches in 2021 will be insider threat related. 

At Mandiant, a part of FireEye, we have investigated a growing number of malicious insider threat 

incidents during the shift to remote work, especially in organizations with open trust models. For the 

organization, these attacks are difficult to detect and prevent without risk-aligned investments. For the 

malicious insider, the outcomes have a significant probability of success with a low cost to execute. 



With this knowledge, what signs should organizations monitor for to identify insider threats? How can 

they reduce risks and the likelihood of these attacks? 

Connecting the Dots: Insider Threat Origination Points 

Protecting an organization from malicious insiders means organizations should focus more on protecting 

their crown jewels than focusing on watching employees. Remember, a successful insider threat program 

embraces company culture and requires support from employees. An insider threat program’s goals are 

to mitigate organizational risk, protect intellectual property, and align to company culture. Unless 

resources and business needs suggest, Mandiant recommends focusing on identifying malicious insider 

threats investments to core areas of concern, referred to as Crown Jewels. This includes key personnel 

as well. 

Mandiant recommends establishing an intelligence-led Insider Threat Program which uses a “follow the 

data” or evidence-based model and assessing it annually for processes, people, and technology. A 

“follow-the-data” model is important for cases generated to support and withstand litigation requirements. 

Insider threat programs should also be poised to identify insider threat recruiting and access to protect 

intellectual property, mitigate organizational risk, and align to business goals and outcomes. The most 

successful insider threat programs are aligned with business unit investments, support continuous 

awareness training, and report to the Board of Directors. 

Within the Workforce 

Organizations should focus limited insider threat security resources and key personnel on identifying 

malicious insider threats who target business core areas of concern, also known as crown jewels or key 

assets. Organizations should expand their view on who malicious insiders may be beyond current or 

departing individual employees, in order to defend against them. It is becoming more common for 

malicious insider threats to arise from coordinated groups of people rather than sole individuals, which 

can include supply chain, third-party contractors, system administrators and insider threat security team 

members. Organizations need to monitor for third-party access via APIs, service accounts and 

maintenance systems that can present risks from both a malware and insider threat perspective. 

Insider threat security teams require deep technical expertise and tailored training to identify and disrupt 

the most significant malicious insider threats. For example, by investing in data loss prevention (DLP), 

user and entity behavior analytics (UEBA), and AI solutions, they will also have a better chance of 

detecting and blocking malicious insider activity. But, these investments must work on and off network. 

In addition, having a third-party conduct at least an annual insider threat security assessment can help 

ensure existing people, processes, and technologies are adequate and efficient, and that the organization 

is being evaluated against the latest threat landscapes and risks, based on current intelligence. 



Best Practices for Mitigating Insider Threat Risks 

Despite the challenge of these evolving risks, there are best practices that organizations can employ to 

fortify their security posture and mitigate insider threats. 

How should companies mitigate those risks? 

1. Visibility 

a. Mandiant recommends organizations invest in purpose-built insider threat data loss 

prevention solutions which can detect, alert, and block (if necessary) malicious 

behavior as well as work while both being connected and disconnected to the internet. 

2. Least Privilege 

a. In both production and development networks, Mandiant recommends organizations 

implement user access controls across all environments on their networks to ensure 

users, developers, and administrators only have the necessary access to perform their 

assigned responsibilities. 

b. Limit and audit users who can create accounts in on-premise networks and cloud 

environments 

3. Logging 

a. Mandiant recommends logging and event aggregation sent to a Security Information 

and Event Management (SIEM) system. This provides a level of mitigation if a 

malicious insider attempts to clear logs, because separate, streamed logs to another 

system would be available. 

4. Network Segmentation 

a. Mandiant recommends organizations investigate their network segmentation, and limit 

unnecessary traffic to highly sensitive environments from lesser trusted environments. 

This will help prevent an insider from moving laterally or connecting from an internal 

network segment to a cloud environment. Additionally, all systems that do not need to 

be publicly facing should be segmented from public access and restricted as much as 

possible. 

5. Offboarding 

a. Mandiant continues to remind clients who may have to terminate employees or 

contractors to not give advance notice, limit communications, and remove network 

access immediately. This is also true if an employee voluntarily resigns or retires. 

Additionally, all SSH keys, PEM files, MFA, service passwords, and application 

passwords the individual had access to should be rotated for all environments (e.g., 

developer and production), and unenrolled in the case of MFA services each time 

when an employee or contractor with these accesses leaves the organization. 

6. Assess 

a. Mandiant recommends organizations have an insider threat program assessment 

conducted with defined, key outcomes of actionable, organization-specific risk 

mitigation recommendations, prioritized intelligence requirements based on the 

current and horizon intelligence landscape, and roadmaps for all maturity levels of 

insider threat security programs. Assessing annually with different tools can reveal 

varied areas of focus and identify gaps in capabilities that could be rectified. 



By having a comprehensive view of the insider threat landscape, understanding the risk within their 

environments, and implementing best practices to strengthen their protections, organizations can 

minimize the risk of insider threats and reduce the fallout in the cases of a breach or attack. 


Jon Ford is the managing director of global government services and insider 

threat security solutions at Mandiant, a part of FireEye. He has twenty-five 

years of experience helping organizations become more resilient to attacks 

orchestrated by foreign governments, organized criminal groups, and insider 

threats. Connect with Jon on LinkedIn and learn more on: 

www.fireeye.com/mandiant 



Why We Care About Cybersecurity Hygiene 

By James Opiyo, Senior Consultant Security Strategy, Kinetic By Windstream 

Maintaining good cybersecurity hygiene habits is just as important as maintaining good personal hygiene 

habits. We must maintain high cybersecurity standards to protect our digital health from some common 

cyber threats. 

Common Threats to Our Digital Health 

• Malicious software (malware) designed to steal information and/or cause damage to our connected 

devices. 

• Viruses that infect connected devices and then spread across networks while giving cybercriminals 

access to those devices. 

• Ransomware malware that encrypts files on a connected device and prevents an authorized user 

from accessing the affected files until a ransom is paid. 

• Phishing scams where cybercriminals attempt to steal sensitive data (SSN, Credit Card numbers, 

etc.) using deceptive electronic messages via email, text messages, pop-up windows, etc. Fraudsters 

use these deceptive electronic messages and fake websites to lure users to disclose sensitive 

information. They may, for example, send a link masked to look like your bank’s legitimate web 

address and ask you to click on it and log in to your bank account. This will give them access to your 



eal login credentials which they can use to log into your real bank account and steal money, personal 

information, etc. 

Cybersecurity Hygiene Habits to Help Mitigate Common Threats 

• Install reputable anti-malware and antivirus software to prevent malware attacks. 

• Create complex passwords that cannot be easily guessed. For example, use combinations of at least 

12 letters, numbers, and special characters. 

• Secure your Wi-Fi network with a strong password and router name. Turn off remote management 

of the router and ensure that the router offers WPA2 or WPA3 encryption to maintain the highest 

level of privacy of information sent via your network. 

• Change the manufacturer default passwords for all your smart devices, such as smart thermostats, 

smart doorbells, and smart locks. A hacker can easily download a smart device’s user manual and 

access its default password. 

• Update software and apps regularly to maintain the latest version of software patches that fix security 

flaws. 

• Permanently delete sensitive data from your computer and keep your hard drive clean. 

• Never click on a link, open pop-up, etc., from unknown source. 

Conclusion 

In summary, we should always install reputable anti-malware software, create strong passwords, keep 

our connected devices clean, and refuse requests for information from unknown sources . 


James Opiyo is a Senior Consultant for Security Strategy at Kinetic by 

Windstream. Kinetic provides premium broadband, entertainment, and 

security services through an enhanced fiber network and 5G fixed wireless 

service to consumers and small and midsize businesses primarily in rural 

areas in 18 states. 

Email: james.opiyo@windstream.com 



The Third-Party Remote Access Security Crisis 

New research shows that organizations are not taking the necessary steps to reduce third-party remote 

access risk 

By Joe Devine, CEO, SecureLink 

It used to be that the biggest cybersecurity threat was a sticky note. These days, however, your weakest 

link is no longer the errant piece of paper with a password scribbled on it, but rather your trusted thirdparty 

vendors. 

Attackers have gotten smart. They’ve seen more and more companies turn to third-party vendors to 

quickly and efficiently scale up operations. They’ve realized that instead of targeting a single company, 

they can, instead, target one small third-party vendor and potentially gain access to multiple high-profile 

companies. They haven’t just found another backdoor, they’ve found a backdoor that leads to a number 

of other backdoors. 

Over the past year, high-profile data breaches of Marriott, YouTube, Instagram, TikTok, SpaceX and 

Tesla have all been linked to third-party vulnerabilities. And according to new research 51% of 

organizations have experienced a data breach caused by a third-party. 



Not only are third-parties becoming an increasingly popular attack vector, but in a new study produced 

by SecureLink and the Ponemon Institute, there’s an alarming disconnect between an organization’s 

perceived threat to third-party access and the security measures it employs. 

In surveying 627 security professionals, this latest study, “A Crisis in Third-Party Remote Access 

Security,” found that within the past 12 months, 44% of organizations have experienced a breach with 

74% saying that it was the result of giving too much privileged access to third parties. What’s more, 51% 

say their organizations are not assessing the security and privacy practices of all third-parties before 

granting them access to sensitive and confidential information. 

The solution, thankfully, is simply to start putting resources behind vetting third-parties and implementing 

security measures that go beyond just inherent trust. Here are three starting points for assessing and 

shoring up your own third-party access security. 

Prioritizing Network Transparency 

Before implementing any changes or added measures, the first step is to assess your exposure and take 

inventory of your current vendor access. Of those surveyed in the report, only 46% say that they have 

comprehensive inventory of third parties with permitted network access. Shockingly, nearly two-thirds 

(63%) say they don’t have any visibility into vendor access and their network permissions. 

An initial inventory of vendor access can make the transition to a third-party vendor management system 

much more straightforward, which can significantly mitigate the risk of a third-party breach. A platform 

designed to manage vendor access not only offers the ability to easily see who has access and how 

much, but also can log who accessed your systems, when they did it, and what they did. As they say, 

knowing is half the battle. 

Zero Trust Network Access 

Not only is an accurate inventory of access difficult for a majority of those surveyed, but 60% say that 

they are unable to provide the appropriate amount of access to their vendors. More often than not, most 

err on the side of giving vendors too much access, and then trusting that their vendor doesn’t suffer a 

breach of their own. With third-party breaches on the rise, trusting your vendors to limit breaches into 

your own systems just isn’t enough anymore. 

Implementing a third-party vendor management platform, however, allows for the implementation of a 

much more secure Zero Trust Network Access model. Inherent trust in a vendor is replaced with multifactor 

verification and privileged access management. Any time a vendor needs access to your systems, 

they must verify who they are, and once verified, only have access to exactly what they need. Trust can 

be abused; verification cannot. 



Evaluating Third-Party Security Practices 

As it stands today, third-party vendor management is not easy. Only now are companies realizing that it 

should be the security and technology teams, not legal and procurement departments, that are the ones 

responsible for managing vendor access. And when that responsibility shifts, IT departments find 

themselves overwhelmed — suddenly managing upwards of 500 vendors. 

Adopting a third-party vendor management platform can simplify the otherwise herculean task of taking 

inventory of third-party access, setting network permissions, and monitoring activity by consolidating into 

a single place. This, in turn, makes it easier to not only keep track of who has access, but also implement 

new security procedures. 

Instead of just giving a new vendor access, crossing your fingers, and hoping for the best, a third-party 

management solution can offer the transparency and security to know you’re protected against potential 

breaches. 

With more and more hackers targeting third-party vendors, signed contracts, strong reputations, and 

compliance checklists just aren’t enough anymore. Thankfully, the systems to make vendor management 

easier and more secure are out there — it’s now just a matter of deciding to put resources behind one. 

Read the report, "A Crisis in Third-party Remote Access Security", here. 


Joe Devine is the CEO of SecureLink, a leader in third-party remote access. 

Headquartered in Austin, Texas, SecureLink provides secure third-party 

remote access for both highly regulated enterprise organizations and 

technology vendors. Joe has been at the company since 2008, and previously 

held the role of president and chief operating officer. 

Joe can be reached online via LinkedIn: 

https://www.linkedin.com/in/joemdevine/ and at our company website: 

https://www.securelink.com/ 



Rethinking Remote Monitoring and Management: How 

MSPs Can Put Security First and Better Protect Their 

Clients 

By Ryan Heidorn, Managing Partner, Steel Root 

For most Managed Service Providers (MSPs), using a remote monitoring and management 

(RMM) platform to centrally manage their clients’ networks is a foregone conclusion – it’s generally 

assumed that RMM tools are necessary to deliver IT services. However, that tide may be turning as more 

MSPs wake up to the fact that traditional RMM platforms can introduce an increasingly unacceptable 

level of risk to their business and their clients. 

Despite repeated warnings from the U.S. government and security vendors that attackers are 

targeting IT service providers as a single point of entry to breach multiple organizations at once, RMM 

platforms have not evolved to address modern threats, and remain a ubiquitous tool among MSPs. In the 



wake of the massive SolarWinds attack, Jacob Horne, a Managing Partner at DEFCERT and former NSA 

intelligence analyst, warns that President Biden’s recent Executive Order on Improving the Nation’s 

Cybersecurity should serve as a wake-up call for MSPs. 

“If SUNBURST had zigged instead of zagged, this order would be locked on to MSPs,” he said. 

“The compromised Orion DLL also existed in N-central’s probe installer [an RMM component widely used 

by MSPs]. The MSP community dodged a huge bullet. Although N-central wasn’t directly compromised, 

it was just a half step away from happening if the attackers wanted it.” 

Today’s threat landscape necessitates that MSPs adopt a security-first mindset to managing the 

privileged access they hold within customer networks. In this article, we explore alternatives for remotely 

managing customer environments, envision a “zero trust RMM” that incorporates contemporary security 

best practices, and explain how enterprise IT practices like DevOps can be leveraged by MSPs and 

MSSPs to build cybersecurity maturity and better protect themselves and their clients from modern 

threats. 

The Elements of a Security-First Approach 

Remote monitoring and management concepts and capabilities can be reengineered to enable 

MSPs to put security first. While MSPs themselves may not be able to make direct changes to the RMM 

tooling – we need vendors to prioritize security, first – but reevaluating assumptions around remote 

management, especially where current practices are at odds with security, is an opportunity for MSPs to 

level up their practices to meet modern customer requirements. 

1. Envisioning the Zero Trust RMM 

“Zero trust” has emerged as contemporary wisdom for securing modern IT infrastructure. In 

contract to the adage, “trust but verify,” a core concept of Zero Trust Architecture (ZTA) is to “never trust, 

always verify.” ZTA seeks to move cybersecurity defenses away from network-based perimeters (like 

firewalls, VPNs, and intrusion detection systems) to user identities and individual resources, explicitly 

verifying every access request in the context of available data points. This is a particularly useful design 

principle for MSPs managing customers that increasingly rely on cloud services and whose users, in the 

post-COVID world, now work from anywhere. 

How does the system respond when a correct password is used, but the user account logs in 

from Boston and then 30 minutes later from Los Angeles? Or when the correct device is logging in, but 

Secure Boot is disabled, or the device is jailbroken? Systems based on ZTA principles flexibly manage 

access requests based on an organization’s defined policy. 



Debate over the term “zero trust” notwithstanding (critics of the term correctly argue that “zero” is 

a misnomer, and today’s implementations might be more accurately described as “policy-based adaptive 

risk” or similar), MSPs should look for opportunities to onboard customers into ZTA concepts and seek 

to apply zero trust principles like defense in depth, microsegmentation, and just-in-time access to how 

they manage customer environments. 

To enable MSPs to employ these practices when managing client environments, a future RMM, 

built on zero trust principles, might include features like: 

· Zero trust network access to client environments, with a central policy engine authorizing each 

connection to a client environment as a substitute for today’s unattended remote access 

· Conditional access rules to protect key RMM functions like remote access and remote code 

execution. Trying to connect to a client environment outside of an MSP’s normal business hours? 

Prompt for multi-factor authentication before authorizing the connection. Trying to connect from 

outside the U.S.? Block the connection request. 

· An allow listing mechanism that only runs scripts that are cryptographically signed by the MSP 

· Segmentation of other MSP assets from the RMM platform. Do we really want to integrate 

credential managers with remote access tools? 

Zero trust is more than just a marketing buzzphrase; it is a security philosophy that reflects the 

reality that users routinely access corporate data from outside the traditional corporate network, often 

including third-party cloud services, and increasingly on personal devices. Future iterations of RMM 

platforms must build these assumptions (and their attendant security considerations) into the platform. 

2. The Right Amount of Remote Access 

Perhaps the most-used feature of RMM platforms is unattended remote access (screen sharing, 

file transfer, remote code execution). The ability to seamlessly hop on screen with a customer to 

troubleshoot an IT issue is considered a fundamental capability for an MSP. Particularly among small 

businesses, customers “just want things to work” and don’t want to be burdened with security processes 

or protocol.Today’s security realities warrant pushing back on these assumptions, at least until more 

secure iterations of RMM platforms are available. In the interim, the following practices for managing 

remote access may be justified to protect an MSP’s client base, even if there are some trade-offs with 

convenience. 



· Rethinking Unattended Access 

Day-to-day desktop support in client environments should not require unattended access. What 

if user support were instead conducted as attended support, with the end user requesting and 

authorizing remote access at the time of need? By requiring user consent (that cannot be 

overridden by checking a box in the RMM) to connect to or execute commands on user desktop 

environments, the ability of an attacker to leverage an RMM platform to breach many customers 

at once is greatly hampered. For endpoints that truly require unattended access, MSPs could use 

privileged access workstations (PAWs) to connect to dedicated “jump boxes” within customer 

environments. By segmenting and protecting the vectors for remote access into a client 

environment, an MSP demonstrates their understanding that with great power comes great 

responsibility. 

· Utilizing Just-In-Time Access 

Minimizing the number of always-on administrator accounts is a key component of managing 

privileged identities. As stewards of their customers’ security posture, MSPs should insist on 

reducing the attack surface of always-on, unattended remote access into customer environments. 

As Dan Ritch explores in the Thycotic cyber security blog, The Lockdown, Just-In-Time (JIT) 

access seeks to authorize privileged access only when it is required, protecting against 

compromised administrator accounts and providing an audit trail for privileged access. A future 

RMM built on JIT principles should include a mechanism for the customer to review, authorize, 

and log requests from the MSP before granting privileged access to the environment. 

· Managing Single-Tenant Customer Environments 

Do MSPs really need consolidated access to customer environments through a single pane of 

glass, or could they administer customer environments individually without much of a trade-off 

with efficiency? When it comes to the cloud, MSPs are already doing this. Today’s RMMs do not 

support meaningful management of cloud-native environments such as Microsoft Azure and 

Office 365. Emerging tools such as Microsoft 365 Lighthouse aim to bridge the gap, but MSPs 

may be wise to reconsider the necessity of aggregating all customer environments and seek out 

different styles of management. 

3. Modernizing IT Service Operations Through DevOps 

It’s not just a problem of tooling. As an industry, MSPs are overdue for an upgrade of their internal 

processes and practices. Observing enterprise trends in IT operations over the last 5-10 years may prove 

useful for breaking out of the “locked-in” mindset that RMM ecosystems can perpetuate. Specifically: 



consider DevOps. Many MSPs are small businesses, but a shift toward thinking of themselves as an 

enterprise with many business units (i.e., clients) may be a helpful first step toward building operational 

maturity – an imperative for strong cybersecurity practices. Meeting the diverse operational, security, and 

compliance requirements of an MSP’s various “business units” does not have to mean sacrificing 

efficiency. To the contrary: for over a decade, enterprise IT teams have successfully integrated practices 

like DevOps to manage evolving business requirements at scale. 

MSPs may not be developing code or forcing agile development cycles on their helpdesk teams, 

but they are well acquainted with operational issues ranging from resource constraints and bottlenecks, 

inconsistent system administration practices, to lack of control or visibility into the execution of customer 

projects. Incorporating iterative, repeatable processes and paying off technical backlogs (internally and 

in customer environments) are goals that any MSP can get behind, and DevOps offers a roadmap to 

achieve them. 

The Phoenix Project, a 2013 “novel about IT” by Gene Kim, Kevin Behr, and George Spafford, is 

an excellent introduction to these concepts. Implementing DevOps begins by tracking and prioritizing 

work objects, identifying bottlenecks and blockers, and continually resyncing on those work items, 

problems, or issues. As MSPs develop a DevOps-like operational capability, they will soon find that 

concepts like infrastructure-as-code and configuration-as-code, widely adopted in the enterprise, have 

already solved some of the major gaps that exist in RMM platforms, such as how to manage single-tenant 

customer environments in the cloud. 

Future iterations of RMM could support MSPs in this evolution by enabling the management and 

deployment of configuration-as-code. What would it look like if a company like HashiCorp made an RMM? 

We imagine that it would provide strong controls around least privilege, separation of duties, JIT access, 

and programmatic review of privileged activity, and it would all be fully driven by APIs. That’s an RMM 

that the security-first MSP could confidently adopt. 

We Say We Need an Evolution 

The RMM platforms used by MSPs today are not up to the task of meeting modern cybersecurity 

challenges. MSP tooling and practices must evolve to keep pace with the threats facing service providers 

and their customers. As an industry, MSPs play a critical and privileged role in securing the U.S. 

economy, especially small businesses. It is time for MSPs to rise to the occasion by adopting “security 

first” as a core business value, even if it means challenging the status quo in process and tooling. 



About The Author 

Ryan Heidorn is a Co-Founder and Managing Partner at Steel Root, where 

he leads the firm’s cybersecurity practice. Ryan’s expertise includes helping 

companies in the U.S. Defense Industrial Base implement and operationalize 

cybersecurity requirements under DFARS and CMMC. Ryan serves on the 

board of the National Defense Industrial Association (NDIA) New England 

chapter. 

You can be reached online at ryan@steelroot.us and at our company website 

http://www.steelroot.us 

About Steel Root 

Steel Root is a national leader in helping U.S. government and defense contractors meet cybersecurity 

and compliance requirements under CMMC, DFARS, and other federal standards. Specializing in the 

design and implementation of cloud-native systems purpose-built for meeting DoD compliance 

requirements, Steel Root provides expert guidance and managed IT services to help companies in the 

U.S. Defense Industrial Base build cybersecurity maturity. 



See What Hackers See via the Outside-In Perspective 

By Alex Heid, Chief Research & Development Officer, SecurityScorecard 

There is value in seeking out multiple perspectives. Even the most elite athletes have coaches and 

trainers observing them and telling them ways to improve their performance, and the same principle 

applies in the world of cybersecurity. An organization locked into a narrow view of their cybersecurity 

posture, confidently believing that they are secure, might miss any number of potential warning signs. 

Unfortunately, the consequences are far worse than those that might befall an underperforming athlete, 

and we continue to see them play out on an almost daily basis. 

Today’s cybercriminals understand both the most common cybersecurity strategies and more 

sophisticated approaches, and have engineered innovative new ways to circumvent these controls. And 

while organizations may feel assured in their cybersecurity stance, they can only assess what they can 

see and know about, which is often limited to a point-in-time assessment of a certain set of variables 

such as IP addresses on a static asset list. 

This lack of continuous network visibility can result in the exploitation of vulnerabilities that the 

organization doesn’t know exist. Now, more than ever, it is critical for organizations to seek a continuous 

outside-in perspective on their network security perimeters, allowing them to see their network the way 

attackers do. 

Why Now? 

Networks have changed. In the past, enterprises were responsible for their own security, but today’s 

mass adoption of cloud infrastructure has blurred the lines of who is responsible for what aspects of 

security. 

Think of it as a “fortress” model of security versus an “ecosystem” model. 



In the traditional fortress model, the enterprise has a clear perimeter and a solid understanding of what 

is coming into and going out of the network. Today, thanks to SaaS and cloud services, there isn’t the 

same visibility and the perimeter is more nebulous. What is the enterprise responsible for in this new 

ecosystem, and what is the service provider responsible for? 

External checks conducted by a trusted vendor that specializes in assessing measurement and risk 

represents one of the most effective ways to verify that all places data is being stored are up to par with 

security standards and protocols. Before the advent of the cloud, the attack surface was smaller, easier 

to manage, and within the digital walls of the enterprise itself. Today, the attack surface has expanded 

beyond the enterprise perimeter into a full digital supply chain ecosystem, making visibility more of a 

challenge and additional perspectives a necessity. 

What We Can Learn from Today’s Cybercriminals 

One of the preferred methodologies of today’s attackers is known as the “scan and exploit” method, which 

involves (as its name implies) scanning ranges and looking for vulnerabilities within applications on 

various protocols to exploit. In the past, the goal of such activities was to exfiltrate data, but now it is more 

common for attackers to encrypt that data and ransom it back to the enterprise. Ransomware attacks 

have risen sharply over the past several years as this strategy has continued to prove effective. 

It’s important to think like an attacker. An outside-in perspective can grant visibility into commonly 

exploited protocols, such as publicly accessible SMB ports and open RDP ports—two of the most 

commonly exploited protocols used in scan and exploit ransomware deployments. Organizations know 

that attackers will scan for these open ports—and by doing so themselves, they can head those attacks 

off at the pass. By conducting scans and analyses that mimic those conducted by attackers, defenders 

can use the information they gather to improve network defense. 

This level of visibility enables instantaneous, at-a-glance temperature checks on the posture of the 

enterprise’s entire external perimeter. If external scans conducted by security professionals are 

identifying potential vulnerabilities, the enterprise can be sure that the ones conducted by hackers will as 

well. 

Outside-In Visibility Enables Accurate Assessment 

Security standards are rising. As breaches become more common, enterprises are expected to have 

effective protections in place. Things like security ratings and external monitoring solutions are becoming 

more valuable—and not just from a security perspective, but from a perception perspective as well. 

Outside-in assessments of security capabilities are increasingly being used to accelerate procurement 

processes, either to filter out riskier candidates or confirm that they fit the necessary qualifications. Many 

businesses assess M&A targets in much the same way, further underscoring the importance of 

understanding how an organization is viewed from the outside. 

Today, enterprises might use an external security snapshot to gauge whether a contractor has effective 

security solutions in place when they apply for procurement opportunities—and vice versa. Similarly, 

cyber insurance providers often use external reviews as a guideline, and will likely continue to do so as 

a growing number of businesses turn to the burgeoning industry to protect themselves from cyber risk. 

As a whole, an outside-in perspective is increasingly considered an important best practice that can help 

provide a portrait of an enterprise’s overall health and business risk—something particularly valuable in 



the wake of an attack like SolarWinds. If nothing else, enterprises should be aware of how their security 

capabilities are perceived by potential customers, clients, and partners. 

Leveling the Security Playing Field 

The recent rise in ransomware and other attacks using scan and exploit methodology has heightened 

the importance of network security discoveries and the identification of exploitable protocols within 

company topology. Organizations are—all too often—working off of incomplete or outdated asset lists 

that might be months old, years old, or worse. The larger the enterprise, the larger the digital footprint. 

Getting an outside-in perspective is the most effective way to accurately measure the size of that footprint. 

Ultimately, it is impossible to guard a door you don’t know is there. Getting an outside-in perspective can 

help identify vulnerabilities, identify IP addresses and other digital assets, and help companies find their 

blinds spots and plug security gaps. Attackers are conducting external scans every day. Performing their 

own can help today’s businesses understand what vulnerabilities those attackers are finding and deal 

with them accordingly. 


Alexander Heid serves as Chief Research & Development Officer at 

SecurityScorecard. Heid joined the company in June 2014 and has been 

instrumental in developing the company’s threat reconnaissance capabilities 

and building its security-centric platform. A recognized expert in the field, he 

frequently presents at industry conferences and is sought out by the media 

and analysts to discuss cybersecurity issues. Prior to joining the company, 

Heid held senior security roles within the financial industry, and was a senior 

analyst at Prolexic Technologies during the #OpAbabil DDoS campaigns. In 

addition, he is co¬-founder and President/CEO of HackMiami and served as 

chapter chair for South Florida OWASP. 



Threat Hunting: Taking Action to Protect Data 


Any organization is at risk of a cyber threat hiding in its infrastructure. The intricate networks 

encompassing numerous smart and interconnected technologies make it straightforward for cyber 

criminals to hide, but much harder for them to be discovered. 

Yet, waiting for a cyber threat to make an appearance is far too risky; if left undetected, a cyber criminal 

could stay in an organization’s network for years - and just think of the harm that could be caused. To 

combat this, threat hunting is now a vital component of any cybersecurity strategy. Threat hunting 

involves consistently and proactively searching for the threats hiding within a network, rather than waiting 

for a hacker to make themselves known. This works on the assumption that a cyber hacker is always 

there and searching for any indications of unusual activity before it arises. 

How can threat hunting ensure an organization’s data is kept safe and how does the approach work in 

practice? Paul German, CEO, Certes Networks, outlines why a proactive approach to cybersecurity is 

critical at a time when the threat has never been more acute. 



Proactive threat hunting 

The networks of today are complex, offering various different places for a cyber hacker to conceal 

themselves. And regrettably, it’s not uncommon for invasions to go undetected in networks for long 

periods of time. In fact, a 2020 report revealed that it takes organizations an average of 280 days to 

identify and contain a data breach, but organizations can’t afford to wait this long. In this time, a cyber 

hacker can be moving through the network, infiltrating systems and stealing information, making an 

organization’s data increasingly endangered. 

And the length of time can even be longer than this; in the 2018 Marriott International data breach, 

hackers were accessing the network for over four years before they were found, which resulted in the 

records of 339 million guests being exposed. The hotel chain were then victim to a second data breach 

last year after cyber criminals had been in the network for over one month, impacting approximately 5.2 

million guests. 

It is now more essential than ever for organizations to be able to analyse contextual data in order to make 

informed decisions regarding their network security policy. This is not possible without 24/7/365 managed 

detection and response (MDR) tools for proactive threat hunting that uses event monitoring logs, 

automated use case data, contextual analysis, incident alerting and response and applying tactics, 

techniques and procedures (TTPs) to identify issues that improve an organization’s security position. 

Detecting cyber criminals 

Cyber security analytics tools can capture data and detect evasive and malicious activity, wherever these 

threats are in the network in real-time. Producing fine-grained policies and applying these is one step 

security teams can take to proactively detect and remediate malicious activity instantly. With policy 

enforcement, attackers will find it very difficult attempting to make lateral ‘east-west’ movements or stay 

undetected in any section of the network, as the security team will have full visibility of the network and 

be able to protect against threats across all attack surfaces across all managed endpoints with a unified 

multi-layer approach. This incorporates policy generation and enforcement MDR tools that can provide 

significant insight into the overall reliability, impact and success of network systems, their workload and 

their behaviour to identify threats and proactively respond and secure valuable information.. 

In reality, this means that security teams can take measurable steps towards controlling system access 

of the network environment; identifying who is in the network, who should be able to access what data 

and which applications, and being the first to detect indicators of compromise (IOC). 

Taking action 

If security teams want to stay ahead of cyber criminals, they should consider implementing threat hunting. 

Organizations no longer have to wait to be alerted of a data breach before taking action; today it is vital 

to have a full picture of the complete network in real-time, including extending these capabilities to 

teleworkers, so that unusual activity can be recognized and stopped immediately, before any damage 

occurs. With strong MDR tools at the center, organizations can guarantee a strong and effective security 



posture built on anticipating the unknown, clear visibility into vulnerabilities that present the biggest threat 

and locating barriers that prevent successful tracking and remediation. With these tools, organizations 

can take action to protect and secure their sensitive data against lurking cyber criminals. 


Paul German is the CEO of Certes Networks. Paul is an experienced 

sales focused CEO with over 20 years of experience in selling, 

marketing, implementing and supporting networking and security 

technologies. He joined Certes in January 2015 where he initially led 

the EMEA region growing revenues 50% and establishing key 

relationships selling into multiple vertical markets, on which further 

success will be scaled. Paul prides himself with building great teams, 

knowing the right team will ultimately make the company successful. 

With Paul’s broad background in sales and marketing, operations, 

technology management, design and development he is able to bring 

teams together and lead successfully, establishing a solid foundation 

for future growth. Paul German can be reached online at Twitter: 

@pwgerman, LinkedIn: Paul German and at our company website 

https://certesnetworks.com/ 



What Does a CSO Do and How it’s Different to CISO? 

By Anurag Gurtu, CPO, StrikeReady 

A CSO is an employee who is responsible for cyber, physical security and risk posture of an organization. 

The primary job of CSO is to protect infrastructure, assets, people, and technology. An organization's 

assets can be physical such as electronic devices, buildings, or shipping containers. Moreover, an asset 

can be digital such as trading documents, intellectual property, or software. The importance of the CSO 

role has increased in the last few years because of the dramatic growth in information technology. 

Many times, people confuse CSO for CISO, but the fact of the matter is that both of these roles are 

different, and here’s everything you need to know about it. 

CSO Vs. CSO 

CSO stands for chief security officer, and as mentioned, a CSO is responsible for the organization’s safety 

and security. Moreover, CSOs also ensure the technological and physical stability of a corporate sector. 

That’s why they need to understand and use different tools they need to use in order to ensure security. 

On the other hand, CISO stands for a chief information security officer. The primary job of CISO is to 

recognize and track the threats that an organization is facing, and help protect its data and information. 

Here are some important points regarding both of these positions that will allow you to understand these 

roles better. 

• A CSO is liable for the overall security of an organization, which includes risk 



• Organizations depend upon CISOs to perform different tasks regarding information security. 

• The physical security of any firm is in the hands of the Vice President mainly, and in order to 

endure it, the firm refers to the experts such as CISO and CSO. 

CSO Roles and Duties 

The duties and responsibilities of a CSO can vary from sector to sector, and this variation is pronounced 

when comparing public and private sectors. However, the following are the general roles that CSO needs 

to perform. 

• Generally, he leads the organization's risk control operation to improve the brand name and 

image. 

• Manages the generation and implementation of security procedures, guidelines, specifications, 

and protocols. 

• Tracks the network of contractors and security managers to secure the company's properties, 

such as intellectual property. 

• Collaborates with different outside contractors in order to carry out unbiased compliance audits. 

• Operates with other organization’s leaders to solidify and improve protection measures. 

• Manages the organization’s spending to the main focus on secure financial methods and risk 

assessment. 

• Keeps in touch with state, federal, local, and other relevant government departments of law 

enforcement. 

• Investigates all types of security breaches and manages the incident response preparation. 

• Helps in disciplinary and legal matters, which are related to security breaches to ensure future 

security. 

CISO Roles and Duties 

The easiest way to properly understand the responsibilities of CISOs is to learn about their responsibilities 

that they need to perform on a daily basis. Here are some of the most common yet important duties that 

a CISO performs. 

• Carries out digital IT and eDiscovery forensic inquiries. 

• Ensures cybersecurity and privacy of information. 

• Supervises information as well as data security. 

• Manages CSIRT (Computer Security Incident Response Team) and CERT (Computer 

Emergency Response Team). 

• Ensures information control of risk. 



• Helps organizations regarding maintenance of business continuity and the recovery of disasters. 

• Looks after ISOC (Information Security Operations Center) or SOC (Security Operations Center) 

• Performs management of Access and Identification. 

• Regulates the information management of the organization’s financial systems. 

• Carries out danger and compliance governance of the organization such as GLBA, SOX, HIPAA, 

PCI DSS, FISMA, etcetera. 

Verdict 

An Organization can have both CSO and CISO, and both of them usually report to the organization's 

CEO. We hope that this information will help you to understand the difference between these roles and 

why both of them are vital to your organization. 


Anurag Gurtu is the CPO of the StrikeReady. He has over 18 years of 

cybersecurity experience in product management, marketing, go-tomarket, 

professional services and software development. For the past 

seven years, Gurtu has been deeply involved in various domains of AI, 

such as Natural Language Understanding/Generation and Machine 

Learning (Supervised/Unsupervised), which has helped him distill reality 

from fallacy and the resulting confusion that exists in cybersecurity with 

real-world applicability of this technology. Gurtu was fortunate enough to 

have experienced three company acquisitions (by Splunk, Tripwire and 

Sun Microsystems) and an early-stage startup that went public (FireEye). 

Gurtu holds an M.S. degree in Computer Networks from the University of 

Southern California and numerous cybersecurity certifications, including 

CISSP, CCNP Security and more. 

Anurag can be reached online at (https://twitter.com/AnuragGurtu https://www.linkedin.com/in/gurtu/ ) 

and at our company website www.strikeready.co 



Two Sides of the Same Coin: Providing Access While 

Protecting Against Threats 

By David McNeely, chief technology officer, ThycoticCentrify 

In any organization, the duality of granting necessary IT or security team administrative access while 

trying to also protect against malicious threats creates an inherent tension for the security minded. How 

can you accomplish secure access for authorized IT staff while also keeping out the mischief makers 

who want to steal your data? 

Instead of granting an IT administrator unfettered access, best practices demand that all user access be 

routed through a reliable, untainted source. To maintain security, admins can record user activities or, at 

minimum, monitor them to detect suspicious activities. 

If we flip the conversation – or the coin, in this case – security teams can also consider the best practice 

of granting least privilege or least access. Organizations may find that an administrator needs access 

with a local admin account, but this is rare. To perform their responsibilities, access is granted to admins 

using a unique account assigned to them with specific privileges. 

Access for IT staff also needs to be easy, to ensure operational efficiency without bypassing security 

controls. Given the right tools, there are a range of choices that can simplify access while also increasing 

much-needed security. Some things for organizations to consider are choosing a native or web browser 



client; choosing to provide login with an admin account, a shared account or their own account; or 

choosing a cloud SaaS service or an on-premises server gateway for access. 

Customize the experience using abundant options 

For most users, a browser-based portal is probably the best option that will satisfy most users. There are 

many situations where a browser interface is simply the easiest, since it doesn’t require anything on the 

workstation, including network connectivity. This model works extremely well for temporary access with 

outsourced IT, or in remote working arrangements when staff are working primarily outside the corporate 

firewall. 

IT staff may prefer to use a native remote access client under some circumstances, but the networking 

requirements make connectivity difficult without providing a VPN connection for the user. Normally, there 

are firewall boundaries around the machines in a data center and to connect by server name the user 

does a DNS lookup for the target they are trying to get to. However, it won’t work to establish a connection 

if the workstation’s native client cannot perform the DNS lookup. 

A safe bet is to find a solution that can act as a jump host and offer the ability to accept inbound 

connections. Then, find the local systems in order to enable login as well as recording those sessions. 

But what if an administrator wants to use a native client to Remote Desktop Protocol (RDP) vs. using a 

browser? Or if they want to log in as themselves and use their entitlements and privileges, or use an 

Alternate Admin account? They will need other options. 

Options are great – but are they easy? 

The strongest options will remove any and all obstacles to privileged access and make every option 

available based on the preferences of the administrator, and to enforce the security needed while 

simplifying access for the IT staff. In particular, two features enable the most choice: 

First, using a native client by itself to access a specific target without having to visit a central portal: 

usually there is a firewall between the native client and the target system, so IT can use a jump host to 

broker the connection for the user to the target. Second, look for “use-my-account” (UMA) capabilities: 

once the user authenticates to a cloud service, they may want to use their own account to log into a target 

machine. 

Organizations can also choose to enable a single pane of glass to work for both cloud-based PAM as 

well as traditional break-glass password vault scenarios. For example, should an IT administrator break 

glass or just log in as normal and use privilege elevation? With permissions they can do that. They don’t 

need anything on the machine, or they can use a browser on a laptop, workstation, or even a tablet or 

mobile device. Connectivity to any of the target systems is not necessary. 

Ultimately, empowering privileged access controls should be as simple as picking a client, picking the 

network connectivity, and picking an identity. Whether an organization provides privileged access tools 

may depend on which side of the flipped coin they land on. If not, it is almost a guarantee that IT staff will 

find creative ways to work around security best practices to suit their preferences. 

IT professionals want ease of use and access, just as business users do. To work on servers and other 

infrastructure, IT staff will seek the ways they are accustomed to, regardless of whether is aligns with 



security protocols. Given the constant threat escalation of our digital world and the range of easy-to-use 

technology options available, there is no excuse for IT staff to circumvent privileged access management. 


David McNeely is Chief Strategy Officer at ThycoticCentrify, where 

he is focused on helping customers meet the evolving security 

needs of the modern enterprise, while contributing to the strategic 

vision of the company’s product portfolio. McNeely has been with 

Centrify for over 14 years prior to the merger with Thycotic, 

contributing to the company’s high growth via product innovation. 

Prior to joining Centrify, he served in a variety of product roles at 

AOL and Netscape Communications (acquired by AOL). David can 

be reached online at our company websites www.centrify.com or 

www.thycotic.com. 



DDoS Defense: How to Protect Yourself in 2021 

By Dr. James Stanger, Chief Technology Evangelist, CompTIA 

Distributed denial of service (DDoS) attacks are one of the most significant security threats to emerge in 

recent years. Because the majority of businesses rely on internet technologies to get things done, threat 

actors have turned to DDoS attacks more frequently than ever before. The situation is expected to 

become more problematic beyond 2021— as the combination of technologies like IoT and 5G make 

DDoS attacks easier and more effective. 

Failure to protect your business against a DDoS attack can have severe consequences. From loss of 

business and profits to damaged brand reputation — this cybersecurity threat poses a significant risk to 

businesses of all sizes and industries. Many companies fail to adequately protect themselves against 

DDoS activity, which puts them at significant risk. 



In this article, we will explain what DDoS attacks are and how they work. We will also provide you with 

some practical tips on how to implement DDoS defense tactics that can really make a difference. 

DDoS Attacks Explained 

A DDoS attack involves directing a large amount of fake traffic to a targeted network in an attempt to 

overload and crash it. Specifically, a DDoS attack manipulates legitimate internet-based resources, such 

network time protocol (NTP), domain name system (DNS) servers and caching services, to send traffic 

to crash network connection devices. These network devices can include routers, switches and firewalls, 

as well as equipment used by internet service provider (ISP) companies. Because these targeted network 

resources try to process each received request as if it was legitimate, the targeted resources soon 

become overwhelmed by the fake traffic – and fail. As a result, the attacker effectively denies access to 

the organization’s entire network presence. 

DDoS attacks are relatively easy to execute and extremely efficient. Hackers can target internal networks, 

thus halting business processes for an entire company. Both small and large corporations are equally at 

risk. Even major brands are not safe from DDoS attacks. Smaller organizations often fall prey to DDoS 

attacks, because they believe they can’t afford to protect themselves. 

How Can You Protect Yourself Against DDoS Attacks? 

Modern technologies and fast global networks have made DDoS attacks easier to execute and 

exceptionally dangerous. The IoT (internet of things) industry is specially to blame since such devices 

traditionally do not have proper security embedded within them. As a result, hackers use IoT to create 

massive botnets that generate the huge amount of traffic needed for a DDoS attack. Threat actors have 

also identified how to manipulate legitimate network services to send illicit traffic. 

It is a common perception that all DDoS attacks involve large volumes of traffic. But in fact, most DDoS 

attacks are not “volumetric” by nature. The majority of attacks use relatively low volumes of malformed 

packets that nevertheless can crash the critical network connectivity devices for an organization. These 

low-volume attacks are often called protocol-based attacks, because threat actors make subtle changes 

to network protocol packets that make them dangerous to the devices that receive them. So, it is 

important to protect against both volumetric and protocol-based attacks. 

This is why there is no single way to protect your server against DDoS activity. Typical security solutions, 

such as the use of traditional firewalls, network-based intrusion detection and backups, are simply not 

enough to efficiently detect and mitigate this type of cyberattack. The best you can do is a combination 

of security software solutions and internal practices. 

Let’s take a look at some of the basic, yet effective, measures you can take to defend yourself against 

DDoS attacks. 



Double up on your Bandwidth 

Since DDoS attacks aim to overwhelm your network with fake traffic, one logical solution is to create an 

alternative network connection. In other words, contract with another ISP that can provide a second 

network connection. It is possible to work with your alternate ISP to provide its services only under certain 

conditions. This will help keep costs down while still protecting against attacks. 

Invest in Effective Solutions 

It isn’t enough to improve traditional security, such as patching servers or upgrading your antivirus 

applications. It is more effective to implement at least some of the following solutions: 

• Install physical DDoS mitigation devices: DDoS traffic is often quite unique. Therefore, it is 

somewhat difficult to properly identify. Physical devices are often very effective at protecting small 

businesses from DDoS attacks because they can identify unique traffic. They can also work in 

concert with web application firewall (WAF) implementations. 

• Use a web application firewall (WAF): Usually, a WAF is good at thwarting traditional Denial of 

Service (DoS) attacks. The primary difference between a DoS attack and a DDoS attack is that a 

DoS attack targets a specific resource – usually a web server. But it is possible to use a WAF to 

help defend against certain types of DDoS attacks. 

• Use cloud scrubbing services: Often called scrubbing centers, these services are inserted 

between the DDoS traffic and the victim network. They can then take traffic meant for a specific 

network and route it to a different location. This different location is often called a “sinkhole,” 

because it simply buries the offending traffic. 

• Implement a content delivery network (CDN): Also called a content distribution network, this is 

a group of geographically-distributed proxy servers and networks. They are designed to provide 

information, and even services, from your network in case your primary network goes down. Such 

a network can work as a single unit to provide content quickly via multiple backbone and WAN 

connections, thus distributing network load. The result is that if one network becomes flooded, 

the CDN can deliver content from another, unaffected group of networks. 

Create a DDoS Response Plan 

Aside from hardware and software measures, you and your team also need to be prepared to act in case 

a DDoS attack occurs. Make sure you go over each element of your infrastructure and identify weak 

points and vulnerabilities when it comes to DDoS activity. Prepare processes, procedures, mitigation 

strategies and alerting systems as part of a comprehensive DDoS response plan. 

Large and small organizations alike should consider establishing a DDoS response team. This team can 

be composed of organizational leaders, the company CEO or owner, public relations professionals and 

members of the IT department. Ensure that roles are clearly defined, along with escalation procedures 

and practical guidelines. If you manage to detect a DDoS attack before it does any damage, odds are 

you will be able to prevent it altogether — provided you have the technology and training to do so. 



Protect Your Business from DDoS Attacks 

DDoS activity is expected to become more frequent and more dangerous in the years to come. Each 

company that has an online component needs to be aware of this threat. Do not neglect the damage 

DDoS might cause to your business. 

The tips provided above will ensure you have a solid foundation for your anti-DDoS efforts. Even though 

it may seem like an unlikely event, it’s better to be prepared for DDoS attacks. A relatively small 

investment of time and resources can go a long way towards protecting your business from this 

cybersecurity threat. 


As CompTIA's Chief Technology Evangelist, Dr. James Stanger has 

worked with Information Technology (IT) subject matter experts, hiring 

managers, CIOs and CISOs worldwide. He has a rich 25-year history in 

the IT space, working in roles such as security consultant, network 

engineer, Linux administrator, web and database developer and 

certification program designer. 

He has consulted with organizations including Northrop Grumman, the 

U.S. Department of Defense, the University of Cambridge and Amazon 

AWS. James is a regular contributor to technical journals, including 

Admin Magazine, RSA and Linux Magazine. He lives and plays near the Puget Sound in Washington in 

the United States. 



Prioritizing Disinformation Campaigns’ Role in Cyber 

Warfare 

By Dan Brahmy, CEO of Cyabra 

With reports of cyberattacks and hacks like that of the Colonial Pipeline and SolarWinds increasing in 

frequency, it can be easy to forget another aspect of cyber warfare: disinformation attacks and influence 

campaigns. From public health crises to elections to the significance the term “fake news” has taken in 

American households, this type of cyber warfare poses an increasingly formidable threat to defense 

leaders. 

While the U.S. has been doing an adequate job of combatting individual attacks in the eyes of the public 

as they arise, defense agencies need to begin prioritizing comprehensive, thorough programs to 

proactively stop influence campaigns in their tracks. 



Undermining Public Trust 

The cycle of hacks and leaks before prominent elections is almost commonplace. With French President 

Emmanuel Macron’s email leaks ahead of his 2017 election to the pivotal email leaks of then-presidential 

candidate Hillary Clinton via Wikileaks, it’s becoming less of a surprise when these leaks drop. And while 

it might be easier for the public to turn their eyes to these concrete examples of influence campaigns 

rooted in breaches, it is important not to overlook or discredit the ongoing presence of disinformation 

based influence campaigns. 

For example, in early May the Washington Post reported that former President Trump’s lawyer, Rudy. 

Giuliani was the target of a Russian influence campaign ahead of the 2020 election. And with no tangible 

hack or information dump for the public to latch onto, it can become increasingly difficult for citizens to 

discern exactly how and when they are being influenced by the effects of these types of campaigns, 

especially when this “news” is being amplified by fake accounts. Further, if the January 6, 2021 attack on 

the U.S. Capitol is indicative of public trust in elections, it’s easy to see the lasting and significant effects 

disinformation campaigns can have on governmental systems; and that is not even taking into account 

the disinformation spread by conspiracy groups and others around the attack itself. 

Though it is tempting to write off these attacks as one off responses to election cycles, disinformation 

campaigns throughout the pandemic have proved these types of attacks are anything but singular events. 

Both China and Russia launched disinformation campaigns to discredit trust in Western vaccines. 

Over the past few years, we’ve seen continued efforts on the part of Chinese diplomats to increase and 

amplify their social media presence, despite the state’s ban on those platforms. Beyond the posts, Twitter 

has identified a multitude of fake accounts retweeting and engaging with their posts, serving to not only 

amplify their messaging, but also create an appearance of groundswell support. Though Twitter already 

has and will continue to ban fake accounts as they are detected, it hasn’t succeeded in stopping bot 

accounts in support of the Chinese government. As the Associated Press reports, as alleged support and 

engagement with the original Tweets continues, there is an increased risk these propaganda posts can 

distort Twitter’s algorithm that boosts popular posts. 

Yet China’s manipulation of U.S. politics and sentiment via social media is nothing new. Typical internet 

denizens need to look no further than the uproar sparked by a tweet in support of Hong Kong protests by 

then-Houston Rockets general manager, Daryl Morey. The Wall Street Journal in partnership with 

researchers at Clemson University determined that following his tweet, Morey was the target of a 

coordinated harassment campaign. The amplification around supposed internet users’ responses served 

to sway American conversations around Hong Kong and China, both in political discussions, but also in 

matters related to the U.S. companies’ financial interests. 

The effects of disinformation campaigns continue to seep into the everyday life of the average internet 

user, resulting in gradual yet drastic effects in the country’s perception of politics, international affairs, 

finance and the like. The United States needs to start prioritizing these types of attacks when approaching 



cyber warfare. Disinformation and influence campaigns are not a new cause for concern, and they do not 

appear to be going away anytime soon. 

Moving Forward 

With elections, public health crises and the day to day discussions of fake news, Americans rightfully 

continue to struggle to discern the real from the fake online and, more broadly, understand the importance 

of being able to do so. 

According to a study from Pew Research Center in September 2020, “About half of U.S. adults (53%) 

say they get news from social media ‘often’ or ‘sometimes.’” And though the average internet user may 

continue to stay on the lookout for the latest flood of suspicious posts from a distant relative, the gradual 

barrage of dis- and misinformation can serve to slowly wear down their resolve, desensitizing them to 

continued attacks from bad actors. 

As the defense community continues to address the role influence campaigns play in cyber warfare, 

utilizing and integrating technology platforms that can help detect, track and trace disinformation as it 

spreads will better equip government agencies to proactively identify and neutralize serious threats. 

Understanding how disinformation is spreading, and perhaps more importantly, who the disinformation 

campaign is targeting can provide crucial for an agency’s ability to effectively combat these bad actors 

before they have a chance to cause a significant lasting impact. 

About the author 

Dan Brahmy is the co-founder and CEO of Cyabra, a SaaS platform that 

measures impact and authenticity within online conversations to detect 

disinformation. 

Dan can be reached online at @TheCyabra, info@cyabra.com and at our 

company website http://www.cyabra.com 





















You asked, and it’s finally here… we’ve launched CyberDefense.TV 

Hundreds of exceptional interviews and growing… 

Market leaders, innovators, CEO hot seat interviews and much more. 

A new division of Cyber Defense Media Group and sister to Cyber Defense Magazine. 



FREE MONTHLY CYBER DEFENSE EMAGAZINE VIA EMAIL 

ENJOY OUR MONTHLY ELECTRONIC EDITIONS OF OUR MAGAZINES FOR FREE. 

This magazine is by and for ethical information security professionals with a twist on innovative consumer 

products and privacy issues on top of best practices for IT security and Regulatory Compliance. Our 

mission is to share cutting edge knowledge, real world stories and independent lab reviews on the best 

ideas, products and services in the information technology industry. Our monthly Cyber Defense e- 

Magazines will also keep you up to speed on what’s happening in the cyber-crime and cyber warfare 

arena plus we’ll inform you as next generation and innovative technology vendors have news worthy of 

sharing with you – so enjoy. You get all of this for FREE, always, for our electronic editions. Click here 

to sign up today and within moments, you’ll receive your first email from us with an archive of our 

newsletters along with this month’s newsletter. 

By signing up, you’ll always be in the loop with CDM. 

Copyright (C) 2021, Cyber Defense Magazine, a division of CYBER DEFENSE MEDIA GROUP (STEVEN G. 

SAMUELS LLC. d/b/a) 276 Fifth Avenue, Suite 704, New York, NY 10001, Toll Free (USA): 1-833-844-9468 d/b/a 

CyberDefenseAwards.com, CyberDefenseMagazine.com, CyberDefenseNewswire.com, 

CyberDefenseProfessionals.com, CyberDefenseRadio.com and CyberDefenseTV.com, is a Limited Liability 

Corporation (LLC) originally incorporated in the United States of America. Our Tax ID (EIN) is: 45-4188465, 

Cyber Defense Magazine® is a registered trademark of Cyber Defense Media Group. EIN: 454-18-8465, DUNS# 

078358935. All rights reserved worldwide. marketing@cyberdefensemagazine.com 

All rights reserved worldwide. Copyright © 2021, Cyber Defense Magazine. All rights reserved. No part of this 

newsletter may be used or reproduced by any means, graphic, electronic, or mechanical, including photocopying, 

recording, taping or by any information storage retrieval system without the written permission of the publisher 

except in the case of brief quotations embodied in critical articles and reviews. Because of the dynamic nature of 

the Internet, any Web addresses or links contained in this newsletter may have changed since publication and may 

no longer be valid. The views expressed in this work are solely those of the author and do not necessarily reflect 

the views of the publisher, and the publisher hereby disclaims any responsibility for them. Send us great content 

and we’ll post it in the magazine for free, subject to editorial approval and layout. Email us at 



276 Fifth Avenue, Suite 704, New York, NY 1000 

EIN: 454-18-8465, DUNS# 078358935. 

All rights reserved worldwide. 


www.cyberdefensemagazine.com 

NEW YORK (US HQ), LONDON (UK/EU), HONG KONG (ASIA) 

Cyber Defense Magazine - Cyber Defense eMagazine rev. date: 06/01/2021 

Books by our Publisher: https://www.amazon.com/Cryptoconomy-Bitcoins-Blockchains-Bad-Guysebook/dp/B07KPNS9NH 

(with others coming soon...) 



9 Years in The Making… 

Thank You to our Loyal Subscribers! 

We've Completely Rebuilt CyberDefenseMagazine.com - Please Let Us Know 

What You Think. It's mobile and tablet friendly and superfast. We hope you 

like it. In addition, we're shooting for 7x24x365 uptime as we continue to 

scale with improved Web App Firewalls, Content Deliver Networks (CDNs) 

around the Globe, Faster and More Secure DNS 

and CyberDefenseMagazine.com up and running as an array of live mirror 

sites and our new B2C consumer magazine CyberSecurityMagazine.com. 

Millions of monthly readers and new platforms coming…starting with 

https://www.cyberdefenseprofessionals.com this month…

Cyber Defense eMagazine June 2021 Edition

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?