Information Security Leader, Author, Instructor and Speaker

Fact or Fallacy: Stay Up to Date on Best Practices for Password Security

How much do you know about passwords? You might believe password authentication is old hat, and that you already know the best practices for implementing passwords. After all, we’ve heard password hygiene messages for years, right?

But unless you’ve updated your knowledge recently, you might be in for surprises.

Published June 2019 in EdTech Magazine.

Read the full article: Fact or Fallacy: Stay Up to Date on Best Practices for Password Security 

Posted in Articles | Leave a comment

Becoming a data security administrator is a great pathway into cybersecurity

In a recent survey of Chief Information Officers, 88 percent reported that cybersecurity initiatives were on their shortlist of priorities for 2019. That’s an astounding figure that cuts across industries and geographies as organizations struggle to protect their systems and data in an increasingly dangerous threat environment.

Implementing cybersecurity initiatives requires talented and skilled staff, and surveys consistently reveal that filling cybersecurity positions continues to challenge organizations. In a 2018 CSO survey, 53 percent of organizations reported that they suffered from a “problematic shortage of cybersecurity skills.” This news might keep senior technology leaders awake at night, but it also presents an opportunity for individuals seeking to find employment in a high-demand, lucrative field.

Published May 2019 in Certification Magazine.

Read the full article: Becoming a data security administrator is a great pathway into cybersecurity

Posted in Articles | Leave a comment

Password-Based Attacks Pose New Dangers for Agency Networks

Last year, the United States Computer Emergency Readiness Team (US-CERT) issued an alert that hackers were targeting organizations in the United States with a ­massive wave of attacks based on ­successful guesses of common passwords.

These password-spray attacks seek to identify accounts at targeted organizations that use common or simple passwords, and then use those accounts to steal sensitive information. Nine Iranian nationals were indicted last year in New York for hacks of U.S. universities, companies and government agencies using this method.

In a password-spray attack, the attacker does not need advance knowledge of a user’s password. Unlike social engineering, in which the attacker tricks a user into revealing his or her password, spray attacks rely on the fact that, unless prevented, users will choose easy-to-remember passwords.

Published May 2019 in FedTech Magazine.

Read the full article: Password-Based Attacks Pose New Dangers for Agency Networks 

Posted in Articles | Leave a comment

Big Tech can’t be trusted. It’s time for regulation

Big Tech is under the spotlight, and for good reason.

In the past couple of years, an onslaught of incidents have shook public confidence in major technology firms. Facebook apologized for allowing Cambridge Analytica to harvest the personal information of more than 80 million users. Google shut down its social network in the wake of reports that it failed to disclose a serious security vulnerability that could have revealed the private information of as many as 500,000 users. The company said it found “no evidence” that any data was actually misused. Then, just a couple months later, Marriott announced a data breach that affected 500 million individuals.

It’s become clear that Big Tech can’t be trusted to govern itself. It’s time for regulators to step in.

Published April 2019 in CNN Business Perspectives.

Read the full article: Big Tech can’t be trusted. It’s time for regulation

Posted in Articles | Leave a comment

Does Your Business Need Unified Endpoint Management?

Consider how many endpoint device types exist in the typical business: Virtually all have desktop and laptop computers, as well as smartphones and tablets. Many also have virtualized desktops running in a data center or the cloud. And some have wearable devices or containerized computing.

Now, think about how each of those device categories is managed. Are standard management practices applied to each and every type of device or are some left out in the cold? Is there a single management interface that allows the IT team to view the status of each of those devices and apply configuration updates as needed? How quickly can the security team move to protect data and provision a replacement device for a user with a lost, stolen or damaged device?

Published April 2019 in BizTech Magazine.

Read the full article: Does Your Business Need Unified Endpoint Management?

Posted in Articles | Leave a comment

Five Ways to Modernize Digital Certificate Management

“Digital certificates aren’t the most exciting issue in IT, and they’re not top of mind for most senior IT leaders until a certificate failure suddenly causes them to take center stage. Investing a small amount of time and energy now in modernizing digital certificate practices can protect organizations against future risk,” said Mike Chapple, adjunct research analyst, IDC.

IDC Research Report published April 2019.

Read the full report: Five Ways to Modernize Digital Certificate Management

Posted in White Papers | Leave a comment

5 Ways to Safeguard Student Information

Schools handle a wide variety of sensitive information concerning students and their families. Laws, regulations and ethical obligations require administrators to take active measures to protect that information from unauthorized disclosure.

That warrants a combination of technical and process controls designed to facilitate legitimate use of student records while safeguarding them against intruders. Let’s take a look at five ways that schools can better protect their student records.

Published April 2019 in EdTech Magazine.

Read the full article: 5 Ways to Safeguard Student Information

Posted in Articles | Leave a comment

Nine pitfalls to avoid on your path to certification

Over the past two decades, I’ve helped thousands of people earn cybersecurity certifications through my books, video courses, and online study groups. During that time, I’ve watched many people succeed, but I’ve also seen people who start with good intentions get tripped up by some pitfalls that await on the path to certification.

Let’s take a look at nine of the most common pitfalls that sidetrack certification candidates and talk about ways that you can plan your own certification journey to avoid repeating those common mistakes.

Published March 2019 in Certification Magazine.

Read the full article: Nine pitfalls to avoid on your path to certification

Posted in Articles | Leave a comment

Designing a Risk Management Strategy for SaaS Solutions

“Organizations are adopting cloud technology as a routine business practice. SaaS vendors offer compelling business cases for reducing cost, increasing agility, and improving customer and employee satisfaction. However, the use of these services introduces new risks that IT leaders must consider and manage as they continue to deploy SaaS applications,” said Mike Chapple, adjunct research analyst, IDC’s IT Executive Programs (IEP).

IDC Research Report published March 2019.


Read the full report: Designing a Risk Management Strategy for SaaS Solutions

Posted in White Papers | Leave a comment

Evaluating Intrusion Prevention Systems in Higher Education

Colleges and universities continue to find themselves the targets of large-scale cyberattacks. Some of these come from foreign sources, such as Iranian hackers targeting university professors or Chinese attackers seeking out sensitive defense-related research. Others are more mundane, such as the phishing attack that compromised two East Tennessee State University employees’ email accounts.

No matter the source, the bottom line is clear: higher education institutions have valuable information and resources, and attackers are actively working to steal those valuable assets.

Published March 2019 in EdTech Magazine.

Read the full article: Evaluating Intrusion Prevention Systems in Higher Education

Posted in Articles | Leave a comment

Mike Chapple, CISSP, Ph.D.

Mike is an IT leader, information security professional, author, speaker and trainer with over fifteen years of experience in the field.

Full Biography

@mchapple