Brian Petzold

Recent Posts

Best Practices to Ace Your Penetration Test

by Brian Petzold | Mar 1, 2024

Every institution should have an internal penetration test performed annually. The goal of the penetration test is for the tester to try to gain administrative access to the network. In our...

Adding Perspective to Tabletop Exercises

by Brian Petzold | Dec 1, 2023

Your institution likely performs periodic incident response tabletop exercises to help ensure you are ready when an incident occurs. At the beginning, the participants of the exercises were...

What is a Good Password Length?

by Brian Petzold | Oct 13, 2023

We are often asked what length passwords should be. The answer that we give in general is that we would like user passwords to be at least 14 characters and complex, and that administrator passwords...

Is Your M365 Conditional Access Unconditional?

by Brian Petzold | Sep 1, 2023

As attackers are finding new ways to get around multifactor authentication in Microsoft 365, conditional access is becoming more important. Conditional access refers to a set of policies in M365...

Helping Board Members Sleep at Night

by Brian Petzold | Jul 14, 2023

If you are a board member of a bank or credit union, how do you know that the cybersecurity program of the organization is being managed effectively? I often try to put myself into the shoes of a...

Reviewing the New Interagency Third-Party Risk Management Guidance

by Brian Petzold | Jun 9, 2023

On June 6th, the Federal Reserve, FDIC, and OCC released new interagency guidance on third-party risk management. The new guidance, based on existing OCC guidance from 2013 and 2020, calls for a...

Blocking Outbound Communications

by Brian Petzold | May 12, 2023

All organizations have (or should have) a firewall that blocks unexpected communications from the Internet to internal network hosts. But what about blocking unexpected communications from Internal...

The FDIC InTREX Gets Audited

by Brian Petzold | Feb 10, 2023

While the FFIEC has released three major guidance updates since July 2019, the FDIC has not updated its examination program to include the newer guidance. This is one of the findings of the January...

Discussions Triggered from the LastPass Breach

by Brian Petzold | Jan 6, 2023

Over the past month, many have written about the latest LastPass breach. If you have not kept up with the breach, you can see the disclosure from LastPass here. Since the breach was publicized,...

Regulators Becoming More Prescriptive

by Brian Petzold | Dec 9, 2022

Recently, the New York Department of Financial Services (“DFS”) released a proposed update to its 2017 “Cybersecurity Requirements for Financial Services Companies" law (also known as “23 NYCRR...

Want these articles delivered weekly to your inbox? Subscribe to our Newsletter!

Recent Posts

Stay in the Loop!