November 13, 2020
What IS Zero Trust?
If you believe that firewalls, VPNs, and Anti-Virus are enough to keep your company and data secure, then this article is for you!
Learn more
.svg)
We release a weekly newsletter recapping what we're seeing as vCISOs. We touch on security news, the state of work, and more!
If you believe that firewalls, VPNs, and Anti-Virus are enough to keep your company and data secure, then this article is for you!
There are things to consider before sending out a phishing test. This article is a simple guide on what to know beforehand.
A guide for those looking to schedule their first pentest AND get the most return on investment for the money from time spent on it.
Whether you are a SIEM vendor or not, looking for a SIEM vendor, these are tips to help you make a good and informed decision.
After running a security audit on your AWS accounts, you found some issues and want to prohibit unauthorized access.
How Did The Ticketmaster Hack Happen? It’s a perfect example of multiple security failures.
Leaders are often confident that their engineers follow security best practices, but here are some security questions to consider.
It might be difficult to safeguard your data after it’s been compromised, but you can protect yourself next time with threat modeling.
We’ve put together a quick list of things NOT to do when working with a security researcher in an official or unofficial bug bounties.
If you believe that firewalls, VPNs, and Anti-Virus are enough to keep your company and data secure, then this article is for you!
After doing some research on JWT Security and Best Practices, I made a collection of the best resources and readings.
Hosting a cybersecurity awareness campaign can showcase your team, raise awareness of infosec, and display how your company is doing that.
Here are 5 cybersecurity lessons learned from the recent Twitter Hack; use these lessons to prevent or minimize an attack on your systems.
It might seem challenging to set up an easy, shareable audit folder structure, but we break it down here in a few easy steps here.
A HOW-TO on how to set up your AWS Organization properly to allow you to deploy services and controls across your AWS Accounts.
Finally, AWS has noticed and made it easier to deploy these services either centrally from the master account, or even better using a delegated administrator account, such as a dedicated AWS Security Account.
I am getting a lot of questions from clients right now regarding the secure use of Zoom. It may be hard to filter the signal from the noise…
There is a vulnerability affecting all versions of Windows with no available patch from Microsoft, but have several workarounds.
You might know that sharing passwords is a bad idea, but do you know why? In this article, I will walk you through the various problems.
There are things to consider before sending out a phishing test. This article is a simple guide on what to know beforehand.
A guide for those looking to schedule their first pentest AND get the most return on investment for the money from time spent on it.
AWS (Amazon Web Services) had its first conference focused on Cloud Security. Below is a list of new releases and videos.
AWS SCP is a maturing AWS Organization feature that allows you to apply IAM-like policies at the organizational level.
AWS Secrets Manager provides a way to securely store and retrieve secrets. I test it, and what if an application was using the secret.
Whether you are a SIEM vendor or not, looking for a SIEM vendor, these are tips to help you make a good and informed decision.
Part 4 in a series of articles that relates information security to replacing and constructing a shingle based roof (take it step by step!).
Part 3 of a series that relates information security to replacing and constructing a shingle based roof (you need to measure more than once)!
Part 2 of a series of articles that relates information security to replacing and constructing a shingle based roof to fill in gaps Based on real-life!
Part 1 of a series of articles that relates information security to replacing and constructing a shingle based roof. Based on real-life!
After running a security audit on your AWS accounts, you found some issues and want to prohibit unauthorized access.
I found a strange user in my account with admin rights that I did not recognize! As you can imagine, this triggered all my alarms.
Securing a new environment without knowing the rules of the road can be hard. Take the time to learn the rules and avoid speedbumps.
Even good security can sometimes become an anti-pattern, just add complacency.
Information Security is about relationships and understanding.
Our brains are big prediction engines. Sometimes this is good, sometimes this is bad.
A couple summers ago I fully replaced the roof of my shed. Here are my reflections on cybersecurity from that experience.
© Copyright Cloud Security Labs 2021. All Rights Reserved
