2 min read
Incident Response Theater: Are We Just Playing the Role of Preparedness?
The curtain rises. The scene: a quiet sunny day on the teller line.
Read More
2 min read
The Wild, Untamed, and Exciting World of Passkeys
In today's digital landscape, securing user authentication is more critical than ever. Recently, I explored the benefits of using Yubikeys and...
3 min read
Is it Time to Go Passwordless?
For years, having long and complex passwords has been ingrained in us as a requirement, so it may seem strange to consider eliminating passwords...
3 min read
How to Manage Vulnerabilities
Most ransomware gangs gain their foothold in an organization by taking advantage of at least one vulnerability. The vulnerability may be on a user...
2 min read
Ruminations on the New Dodd-Frank Section 1033 Rule
When the Dodd-Frank Act was passed in 2010, it included Section 1033. This section required the Consumer Financial Protection Bureau (CFPB) to create...
2 min read
How I Became a vCISO
I have a lot of passion for my role as a Virtual Chief Information Security Officer (vCISO) for financial institutions, and I am always happy to tell...
2 min read
The Waning Days of the CAT Arrive
In late August, the FFIEC announced that they would sunset the Cybersecurity Assessment Tool (the “CAT”) on August 31, 2025. It had been apparent for...
2 min read
Control Assessments Vs. Risk Assessments
When we first start working with new institutions, it is not unusual for us to see them struggling because they have focused their efforts on...
2 min read
Is Ransomware Dying?
In December 2023 the US Justice Department announced that they had disrupted operations of ALPHV/Blackcat, a ransomware group that was responsible...
2 min read
Consent Orders Put Focus on Third-Party Risk Management
There have been multiple consent orders issued recently which have made it clear that regulators are starting to enforce new third-party risk...