Information Security Leader, Author, Instructor and Speaker

Big Tech can’t be trusted. It’s time for regulation

Big Tech is under the spotlight, and for good reason.

In the past couple of years, an onslaught of incidents have shook public confidence in major technology firms. Facebook apologized for allowing Cambridge Analytica to harvest the personal information of more than 80 million users. Google shut down its social network in the wake of reports that it failed to disclose a serious security vulnerability that could have revealed the private information of as many as 500,000 users. The company said it found “no evidence” that any data was actually misused. Then, just a couple months later, Marriott announced a data breach that affected 500 million individuals.

It’s become clear that Big Tech can’t be trusted to govern itself. It’s time for regulators to step in.

Published April 2019 in CNN Business Perspectives.

Read the full article: Big Tech can’t be trusted. It’s time for regulation

Posted in Articles | Leave a comment

Does Your Business Need Unified Endpoint Management?

Consider how many endpoint device types exist in the typical business: Virtually all have desktop and laptop computers, as well as smartphones and tablets. Many also have virtualized desktops running in a data center or the cloud. And some have wearable devices or containerized computing.

Now, think about how each of those device categories is managed. Are standard management practices applied to each and every type of device or are some left out in the cold? Is there a single management interface that allows the IT team to view the status of each of those devices and apply configuration updates as needed? How quickly can the security team move to protect data and provision a replacement device for a user with a lost, stolen or damaged device?

Published April 2019 in BizTech Magazine.

Read the full article: Does Your Business Need Unified Endpoint Management?

Posted in Articles | Leave a comment

Five Ways to Modernize Digital Certificate Management

“Digital certificates aren’t the most exciting issue in IT, and they’re not top of mind for most senior IT leaders until a certificate failure suddenly causes them to take center stage. Investing a small amount of time and energy now in modernizing digital certificate practices can protect organizations against future risk,” said Mike Chapple, adjunct research analyst, IDC.

IDC Research Report published April 2019.

Read the full report: Five Ways to Modernize Digital Certificate Management

Posted in White Papers | Leave a comment

5 Ways to Safeguard Student Information

Schools handle a wide variety of sensitive information concerning students and their families. Laws, regulations and ethical obligations require administrators to take active measures to protect that information from unauthorized disclosure.

That warrants a combination of technical and process controls designed to facilitate legitimate use of student records while safeguarding them against intruders. Let’s take a look at five ways that schools can better protect their student records.

Published April 2019 in EdTech Magazine.

Read the full article: 5 Ways to Safeguard Student Information

Posted in Articles | Leave a comment

Nine pitfalls to avoid on your path to certification

Over the past two decades, I’ve helped thousands of people earn cybersecurity certifications through my books, video courses, and online study groups. During that time, I’ve watched many people succeed, but I’ve also seen people who start with good intentions get tripped up by some pitfalls that await on the path to certification.

Let’s take a look at nine of the most common pitfalls that sidetrack certification candidates and talk about ways that you can plan your own certification journey to avoid repeating those common mistakes.

Published March 2019 in Certification Magazine.

Read the full article: Nine pitfalls to avoid on your path to certification

Posted in Articles | Leave a comment

Designing a Risk Management Strategy for SaaS Solutions

“Organizations are adopting cloud technology as a routine business practice. SaaS vendors offer compelling business cases for reducing cost, increasing agility, and improving customer and employee satisfaction. However, the use of these services introduces new risks that IT leaders must consider and manage as they continue to deploy SaaS applications,” said Mike Chapple, adjunct research analyst, IDC’s IT Executive Programs (IEP).

IDC Research Report published March 2019.


Read the full report: Designing a Risk Management Strategy for SaaS Solutions

Posted in White Papers | Leave a comment

Evaluating Intrusion Prevention Systems in Higher Education

Colleges and universities continue to find themselves the targets of large-scale cyberattacks. Some of these come from foreign sources, such as Iranian hackers targeting university professors or Chinese attackers seeking out sensitive defense-related research. Others are more mundane, such as the phishing attack that compromised two East Tennessee State University employees’ email accounts.

No matter the source, the bottom line is clear: higher education institutions have valuable information and resources, and attackers are actively working to steal those valuable assets.

Published March 2019 in EdTech Magazine.

Read the full article: Evaluating Intrusion Prevention Systems in Higher Education

Posted in Articles | Leave a comment

How Government Can Leverage CASBs and Improve Cloud Visibility

Agencies may already have tools in place to track the presence of sensitive information within internal systems, but the process becomes far more complicated when cloud ­services are involved. Cloud access security brokers (CASBs) can help solve this challenge.

The issues that arise from staff use of cloud services — which can range from complete infrastructure deployments to specialized cloud-based apps — come in two forms.

Published February 2019 in FedTech Magazine

Read the full article: How Government Can Leverage CASBs and Improve Cloud Visibility

Posted in Articles | Leave a comment

A rebooted CCSP certification exam is coming

In just a few short months, the Certified Cloud Security Professional (CCSP) certification offered by IT security professional association (ISC)² will undergo its first refresh since hitting the market in 2015. The CCSP has quickly gained in popularity over its brief four-year existence — it is already (ISC)²’s second-most widely held certification, trailing only the long-established and globally popular CISSP credential.

It may not seem like 2015 was that long ago, but change is constant in the information technology (IT) realm. Let’s take a look at the changes that have occurred in the cloud security landscape over the past four years and how those changes are reflected in the content of the revised CCSP exam.

Published February 2019 in Certification Magazine

Read the full article: A rebooted CCSP certification exam is coming

Posted in Articles | Leave a comment

IDC PlanScape: Threat Intelligence Solutions

“Threat intelligence is a foundational component of a modern cybersecurity program,” says Mike Chapple, adjunct analyst with IDC’s IT Executive Programs (IEP). “Today’s threat environment simply changes too quickly for individuals to keep abreast of developments on their own. Threat intelligence programs provide both qualitative assessments of the field and actionable, automated solutions that bolster existing security defenses.”

IDC Research Report published February 2019.
Read the full report: IDC PlanScape: Threat Intelligence Solutions

Posted in White Papers | Tagged | Leave a comment

Mike Chapple, CISSP, Ph.D.

Mike is an IT leader, information security professional, author, speaker and trainer with over fifteen years of experience in the field.

Full Biography

@mchapple