Validating the security of your organization’s sensitive information at a single point in time with an annual risk assessment can be helpful, but what about the other 364 days of the year? If you have a cloud application and hope to sell your services to federal agencies, point-in-time assessments won’t be enough.

Cloud application, platform, and infrastructure vendors (cloud service providers, or CSPs) do a great job of advertising online. They offer seemingly painless ways to sign up for their services through “freemiums” and two-week trials, advertisements that follow you from Google to LinkedIn, and what appear to be straight-forward sales processes.

The Cybersecurity Maturity Model Certification (CMMC) 2.0 is a compliance requirement that all Department of Defense (DoD) Contractors (aka, the Defense Industrial Base) will soon have to meet. See my blog Why is CMMC a Big Deal? for more information about the legal implications of CMMC. The CMMC official mandate is expected to be released from rulemaking in the first quarter of 2024 and be in full implementation in the first quarter of 2026.

What is the culture of cybersecurity, anyway? When most people hear the phrase “Cybersecurity is a Culture,” their minds jump immediately to cybersecurity awareness training videos that help employees avoid phishing scams. Certainly, that is an important part of driving security awareness in your organization, but the true culture of cybersecurity is so much more. To quote our CTO, Jerald Dawkins, Ph.D., “Cybersecurity is a team sport.

If your organization has complied with the PCI DSS (Payment Card Industry Data Security Standard) for any length of time, the most recent release (PCI 4.0) is probably not news to you. In fact, despite the new version PCI compliance may feel like business as usual for you. ASV scanning, penetration testing, and a comprehensive compilation of documentation are probably well under way – and you may even have scheduled your next audit with a QSA. Easy, right?

In our last installment of this series, we were introduced to some dangerous characters one might encounter on darknets. This week, we will finish out that list, looking into both organized groups and individuals. Wrapping my head around why people do what they do, and how they execute operations that end up costing corporations millions, is always fascinating.