Information Security Leader, Author, Instructor and Speaker

5 Questions to Ask About Buying AI-Enabled Security Software

Security products incorporating artificial intelligence techniques may reduce the workload for human analysts,taking over the time-consuming job of correlating information sources and mining voluminous logs to uncover suspicious patterns of activity. Vendors, seeing the hype around AI, are quick to slap the label on almost any technology for a cutting-edge veneer. Here are five questions to ask before purchasing an AI-enabled security system

Published July 2019 in FedTech Magazine.

Read the full article: 5 Questions to Ask About Buying AI-Enabled Security Software

Posted in Articles | Leave a comment

Six Niche Security Certifications

Sometimes you have to step off the beaten path to find the right certification. Let’s take a look at the world of computer security certifications, and see which certs some people may be overlooking.

Published July 2019 in Certification Magazine.

Read the full article: Six Niche Security Certifications

Posted in Articles | Leave a comment

SIEM vs SOAR: What?s the Difference, and Do Businesses Need Both?

The cybersecurity world is full of acronyms; it’s difficult to go an entire year without vendors beating down the door to promote the latest one as the solution to security woes for businesses. The latest entrant into this progression of technologies is the security orchestration, automation and response (SOAR) platform, a platform that vendors promise will decrease incident response time, improve visibility into the security function and make security teams’ lives easier.

That sounds great, but many businesses have already made significant investments in security information and event management technology. Does implementing SOAR involve throwing those SIEM investments out the window? Let’s take a deeper dive into these questions and explore how SOAR and SIEM fit into the enterprise cybersecurity toolkit.

Published July 2019 in BizTech Magazine.

Read the full article: SIEM vs SOAR: What?s the Difference, and Do Businesses Need Both?

Posted in Articles | Leave a comment

IDC PlanScape: Building an Analytics Center of Excellence

“Analytics centers of excellence serve as the nucleus of an organization’s data transformation efforts,” says Mike Chapple, adjunct analyst with IDC’s IT Executive Programs (IEP). “The center brings together talented staff organized around the common purpose of unlocking the value hidden in business data. Using a centralized approach helps analytics efforts gain the resources they need and develop traction within existing organizational structures that might be otherwise resistant to change.”

IDC Research Report published June 2019.

Read the full report: IDC PlanScape: Building an Analytics Center of Excellence

Posted in White Papers | Leave a comment

Taking Social Security numbers public could fix our data breach crisis

Earlier this week, we learned that the American Medical Collection Agency, a billing collection agency, suffered a data breach affecting millions of patients. The perpetrators had access to systems containing Social Security numbers, bank account numbers, credit card numbers and medical records belonging to millions of individuals. Initial reports of the breach came through an SEC filing made by Quest Diagnostics informing investors that at least 11.9 million Quest patients were affected by the breach. LabCorp also used AMCA’s services, and the affected system stored information about 7.7 million of its patients. It’s likely that the number of affected individuals will continue to increase as details of other AMCA customers come to light.

We’ve heard this story so many times that we already know how it will unfold. Giant company announces breach. CEO makes statement of contrition. Executive in charge of cybersecurity is publicly fired. Customers receive letters of apology and identity monitoring services. We go back to life as normal until another breach restarts the cycle.

It’s time to break that cycle by fixing the root cause: the misuse of Social Security numbers as proof of identity by financial institutions, insurance companies, landlords, health care providers and just about everyone else.

Published June 2019 in CNN Business Perspectives.

Read the full article: Taking Social Security numbers public could fix our data breach crisis

Posted in Articles | Leave a comment

Fact or Fallacy: Stay Up to Date on Best Practices for Password Security

How much do you know about passwords? You might believe password authentication is old hat, and that you already know the best practices for implementing passwords. After all, we’ve heard password hygiene messages for years, right?

But unless you’ve updated your knowledge recently, you might be in for surprises.

Published June 2019 in EdTech Magazine.

Read the full article: Fact or Fallacy: Stay Up to Date on Best Practices for Password Security 

Posted in Articles | Leave a comment

Becoming a data security administrator is a great pathway into cybersecurity

In a recent survey of Chief Information Officers, 88 percent reported that cybersecurity initiatives were on their shortlist of priorities for 2019. That’s an astounding figure that cuts across industries and geographies as organizations struggle to protect their systems and data in an increasingly dangerous threat environment.

Implementing cybersecurity initiatives requires talented and skilled staff, and surveys consistently reveal that filling cybersecurity positions continues to challenge organizations. In a 2018 CSO survey, 53 percent of organizations reported that they suffered from a “problematic shortage of cybersecurity skills.” This news might keep senior technology leaders awake at night, but it also presents an opportunity for individuals seeking to find employment in a high-demand, lucrative field.

Published May 2019 in Certification Magazine.

Read the full article: Becoming a data security administrator is a great pathway into cybersecurity

Posted in Articles | Leave a comment

Password-Based Attacks Pose New Dangers for Agency Networks

Last year, the United States Computer Emergency Readiness Team (US-CERT) issued an alert that hackers were targeting organizations in the United States with a ­massive wave of attacks based on ­successful guesses of common passwords.

These password-spray attacks seek to identify accounts at targeted organizations that use common or simple passwords, and then use those accounts to steal sensitive information. Nine Iranian nationals were indicted last year in New York for hacks of U.S. universities, companies and government agencies using this method.

In a password-spray attack, the attacker does not need advance knowledge of a user’s password. Unlike social engineering, in which the attacker tricks a user into revealing his or her password, spray attacks rely on the fact that, unless prevented, users will choose easy-to-remember passwords.

Published May 2019 in FedTech Magazine.

Read the full article: Password-Based Attacks Pose New Dangers for Agency Networks 

Posted in Articles | Leave a comment

Big Tech can’t be trusted. It’s time for regulation

Big Tech is under the spotlight, and for good reason.

In the past couple of years, an onslaught of incidents have shook public confidence in major technology firms. Facebook apologized for allowing Cambridge Analytica to harvest the personal information of more than 80 million users. Google shut down its social network in the wake of reports that it failed to disclose a serious security vulnerability that could have revealed the private information of as many as 500,000 users. The company said it found “no evidence” that any data was actually misused. Then, just a couple months later, Marriott announced a data breach that affected 500 million individuals.

It’s become clear that Big Tech can’t be trusted to govern itself. It’s time for regulators to step in.

Published April 2019 in CNN Business Perspectives.

Read the full article: Big Tech can’t be trusted. It’s time for regulation

Posted in Articles | Leave a comment

Does Your Business Need Unified Endpoint Management?

Consider how many endpoint device types exist in the typical business: Virtually all have desktop and laptop computers, as well as smartphones and tablets. Many also have virtualized desktops running in a data center or the cloud. And some have wearable devices or containerized computing.

Now, think about how each of those device categories is managed. Are standard management practices applied to each and every type of device or are some left out in the cold? Is there a single management interface that allows the IT team to view the status of each of those devices and apply configuration updates as needed? How quickly can the security team move to protect data and provision a replacement device for a user with a lost, stolen or damaged device?

Published April 2019 in BizTech Magazine.

Read the full article: Does Your Business Need Unified Endpoint Management?

Posted in Articles | Leave a comment

Mike Chapple, CISSP, Ph.D.

Mike is an IT leader, information security professional, author, speaker and trainer with over fifteen years of experience in the field.

Full Biography

@mchapple