2023

When was the last time you have validated and/or updated the information security policy documents?

Yes, true for some this is a boring topic. However, most people will try to use the excuse that as long as it is not stated in the information security policy it is allowed whatever they are doing. But then they forget the intent of the information security policy. Therefore, the question is what do you need to think about when validating and/or updating the information security policy documents?

May 29, 2023

Phishing emails – The one thing you don’t want to receive, but you can’t avoid it. So, now what?

A phishing email is a fraudulent attempt by scammers or cybercriminals to deceive recipients into revealing sensitive information, such as passwords, usernames, credit card details, or personal identification information. These emails are designed to appear as if they are sent by legitimate organizations, such as banks, social media platforms, or e-commerce websites, in order to trick individuals into providing their confidential data. And as phishing emails as a technique has proven to be effective, the adversaries will continue dispatching them. So, the question is what can you do to protect yourself? In this article, I give some tips on how to deal with phishing emails.

May 21, 2023

Can ChatGPT takeover the role as a use case developer?

Currently, many people are talking about ChatGPT and how it will affect everybody’s life. Some (including me) are also investigating it. Therefore, let’s put it to the test. Does ChatGPT know how to find the right and relevant information to design and implement a use case around a password spray attack? Put differently, can ChatGPT replace the use case developer?

May 21, 2023

Can you piece back the puzzle of the timeline?

Sooner or later, the environment you are responsible for will be hit by a security incident. Small or big. But no matter how significant the incident is, the high-level steps to remediate the incident are the same. Identification, containment, eradication, and post-mortem. And each of these steps has one thing in common. The timeline. In order to contain the incident, you need to find both Patient Zero and Moment Zero. Most people are familiar with the term Patient Zero. But what is Moment Zero?

April 22, 2023

Judgment day: are you ready for it?

If you are a security professional, you know this day is coming. The day the security is breached. And you think you have all the relevant processes and procedures in place. Let’s zoom out a little bit. According to NIST, a security incident has five distinct phases: identification, containment, eradication,...

March 26, 2023

Do you have an effective cyber hunting team?

In cybersecurity, everything is evolving rapidly. It is an ongoing battle between adversaries and defenders. And the terrible thing is, the defenders indeed drew the short end of the stick. They need to defend against any type of threat while the adversary has the time and can sharpen and perfect his threat. Therefore, the logical question is ‘How do you keep up with the developments of the adversaries?’

March 12, 2023

Are you really remediating all the discovered vulnerabilities?

According to an article published by PcMag, LastPass was breached in 2022 by a 3-year-old vulnerability! You would expect that a security vendor is remediating all discovered vulnerabilities swiftly. But that on its own raises a few questions. Questions like ‘Do you really scan all your assets?’ and ‘Do you really track remediation efforts?’. These are questions that every CISO/Security Manager should be asking its vulnerability scanning team. But is it that simple?

March 5, 2023

2022

The Maiden Flight

The Boeing 777x was on the brink of its highly anticipated maiden flight, yet uncertainty loomed. The COVID-19 pandemic brought the aviation industry to a grinding halt, with remote work, staffing shortages, and logistical disruptions becoming part of daily operations. The transition back to “normal” life post-pandemic has been anything but straightforward, with lingering challenges affecting both the workforce and the industry.

November 27, 2022

Oops, I did it again

As Carl gazes out the window, his mind stumbles upon something extraordinary – an idea that has the potential to change his and Jennifer’s lives forever. While studying for his exams, inspiration strikes, and a daring plan begins to take shape. Quietly, he sketches out each step, determined to surprise his girlfriend and finally achieve the happiness they’ve both dreamed of.

May 27, 2022