SecurityGuy

22/02/2023

Today I wrapped up a four-part series on business continuity, disaster recovery, and incident response planning for small business. In case you missed any of the series:

BIA: https://youtu.be/G3STUzC9KP8

BCP: https://youtu.be/W_H_veOZrx4

DRP: https://youtu.be/U_GpytrH6R8

IRP: https://youtu.be/5W6cErspxUM

As always, if you have questions or suggestions for future videos, please let me know!

An Incident Response Plan (IRP) is essential to protect your business from a variety of cybersecurity threats.

08/02/2023

Part 2 of the series: the Business Continuity Plan (BCP)

A Business Continuity Plan (BCP) is essential to protect your business from human and natural threats.

01/02/2023

This is the first video in a series covering four important and related topics with an emphasis on small business: Business Impact Analysis (BIA), Business Continuity Plan (BCP), Disaster Recovery Plan (DRP), and Incident Response Plan (IRP).

This is the first video in a series covering four important and related topics with an emphasis on small business: Business Impact Analysis (BIA), Business C...

27/01/2023

Home Depot: Hammers, nails, and breaching our privacy – again!

A recent investigation by the Office of the Privacy Commissioner of Canada into Home Depot of Canada Inc. has found that Home Depot failed to obtain customer consent before sharing personal data with Meta.

A recent investigation by the Office of the Privacy Commissioner of Canada into Home Depot of Canada Inc. has found that Home Depot failed to obtain customer...

02/01/2023

https://www-bleepingcomputer-com.cdn.ampproject.org/c/s/www.bleepingcomputer.com/news/security/ransomware-gang-apologizes-gives-sickkids-hospital-free-decryptor/amp/

The LockBit ransomware gang has released a free decryptor for the Hospital for Sick Children (SickKids), saying one of its members violated rules by attacking the healthcare organization.

01/01/2023

Vlogmas Day 31: New Year’s Resolutions

Happy New Year! Have you made your New Year’s resolutions yet? Here are 5 resolutions to keep you, your family, and your business safer in 2023.

Happy New Year! Have you made your New Year’s resolutions yet? Here are 5 resolutions to keep you, your family, and your business safer in 2023.For more deta...

30/12/2022

Vlogmas Day 30: EnerGuide for security?

Pop quiz: What do IoT devices, phones, tablets, and web applications have in common?

Pop quiz: What do IoT devices, phones, tablets, and web applications have in common?

30/12/2022

Vlogmas Day 29: Do you “like” your privacy?

Privacy discussions often revolve around the use and abuse of personal information by governments and corporations. While global surveillance is a serious concern, and some corporations abuse the information entrusted to them, the fact remains that most Internet users happily hand over their private information and allow companies to use it in exchange for “free” services.

Privacy discussions often revolve around the use and abuse of personal information by governments and corporations. While global surveillance is a serious co...

29/12/2022

https://www.theglobeandmail.com/business/article-computer-repair-shops-customers-personal-data/

University of Guelph study sent 12 laptops to repair shops in three Ontario cities. In some cases, private information such as passwords and revealing photos were copied to external devices

28/12/2022

Vlogmas 2022 Day 28: Interview with Jerry Bell on Mastodon

In today's episode of SecurityGuy, I discussed Mastodon and the fediverse with Jerry Bell, a Chief Information Security Officer and the administrator of infosec.exchange.

In this episode of SecurityGuy, I'm discussing Mastodon and the fediverse with Jerry Bell, a Chief Information Security Officer and the administrator of info...

28/12/2022

Vlogmas 2022 Day 27: Interview with Ahmed Masud, CEO of saf.ai

In today's episode of SecurityGuy, I speak with my friend and colleague, the co-founder and CEO of Saf.ai, Ahmed Masud about saf.ai's flagship product Resiliate, which applies cutting-edge AI to protect data against unauthorized access and changes, data corruption, and data exfiltration.

Among other things, Resiliate provides cost-effective defence and rapid recovery from ransomware attacks.

In today's episode of SecurityGuy, I speak with my friend and colleague, the co-founder and CEO of Saf.ai, Ahmed Masud about saf.ai's flagship product Resili...

27/12/2022

Vlogmas 2022 Day 26: I hate passwords!

While speaking at the 2004 RSA Conference, Bill Gates predicted the demise of passwords saying, "they just don't meet the challenge for anything you really want to secure." In 2011, IBM predicted that within five years, "you will never need a password again." The death of passwords has been predicted by many people. We’re still waiting...

While speaking at the 2004 RSA Conference, Bill Gates predicted the demise of passwords saying, "they just don't meet the challenge for anything you really w...

24/12/2022

Vlogmas 2022 Day 24: LastPass Breach

Over the past few days, we’ve learned that the LastPass breach disclosed in August 2022 was much worse than previously reported. Here’s my take on the situation, what you need to know, and what to do about it.

Over the past few days, we’ve learned that the LastPass breach disclosed in August 2022 was much worse than previously reported. Here’s my take on the situat...

24/12/2022

Vlogmas 2022 Day 23: Negligent Software?

In 1905, George Santayana wrote, “Those who cannot remember the past are condemned to repeat it.” Variations of his words have been attributed to several famous people, but as far as some software developers are concerned, the underlying message has fallen on deaf ears.

In 1905, George Santayana wrote, “Those who cannot remember the past are condemned to repeat it.” Variations of his words have been attributed to several fam...

23/12/2022

https://arstechnica.com/information-technology/2022/12/lastpass-says-hackers-have-obtained-vault-data-and-a-wealth-of-customer-info/

Password manager says breach it disclosed in August was much worse than thought.

22/12/2022

Vlogmas 2022 Day 22: Does your choice of programming language matter?

When I teach security architecture, I’m often asked if the choice of programming language matters. From a security perspective, the answer is yes. But it’s a bit more complicated than that.

When I teach security architecture, I’m often asked if the choice of programming language matters. From a security perspective, the answer is yes. But it’s a...

21/12/2022

Vlogmas 2022 Day 21: Alert fatigue

Today I’m going to talk about a growing problem in cybersecurity and IT in general: alert fatigue.

Today I’m going to talk about a growing problem in cybersecurity and IT in general: alert fatigue.

21/12/2022

Vlogmas 2022 Day 20: Stop using free email for your business

As a cybersecurity consultant, I work with a lot of small businesses. Please stop using free email services like Gmail and outlook.com for your business.

https://youtu.be/-MN0stElSVs

As a cybersecurity consultant, I work with a lot of small businesses. Please stop using free email services like Gmail and outlook.com for your business.

20/12/2022

19/12/2022

Vlogmas 2022 Day 19: Practical defence in depth

In security architecture, we often talk about defence in depth. But in practical terms, what does it really mean?

In security architecture, we often talk about defence in depth. But in practical terms, what does it really mean?

18/12/2022

Vlogmas 2022 Day 18: Physical security matters

Most of the time this channel is focused on cybersecurity, but today I’m going to switch gears a bit and discuss the importance of physical security as it applies to information technology.

You can see some of the devices I mention in this video at https://hak5.org.

https://youtu.be/No_xwpuUWf0

Most of the time this channel is focused on cybersecurity, but today I’m going to switch gears a bit and discuss the importance of physical security as it ap...

18/12/2022

Vlogmas 2022 Day 17: ITSG-33

Today I’m wrapping up a look at cybersecurity frameworks with the Government of Canada’s ITSG-33.

Today I’m wrapping up a look at cybersecurity frameworks with the Government of Canada’s ITSG-33.

16/12/2022

Oops...I seem to have fallen behind on my FB posts. Here's what I missed...

Vlogmas 2022 Day 14: ISO/IEC 27001

ISO/IEC 27001 is an international standard for Information Security Management Systems. Like many ISO standards, it’s a bit more complicated than it needs to be, and it’s not as flexible as other standards, but it remains one of the most popular.

https://youtu.be/YpwCHV6OIKM

Vlogmas 2022 Day 15: SOC 2

SOC 2 is a voluntary compliance standard developed by the American Institute of Certified Professional Accountants that specifies how organizations should manage customer data. If your company provides cloud services, including software as a service, chances are your customers have asked for a SOC 2 report.

https://youtu.be/VEMPdcqqKmY

Vlogmas 2022 Day 16: NIST CSF

Another popular security framework is the Cyber Security Framework published by the US National Institute of Standards and Technology. You’ll usually hear it referred to by the acronyms NIST CSF.

https://youtu.be/gBsD2oWmArw

13/12/2022

Vlogmas 2022 Day 13: Cybersecurity frameworks

Today we’re talking about cybersecurity frameworks. Today is an overview, and over the next few days we'll look at ISO/IEC 27001, SOC 2, NIST CSF, and ITSG-33.

Today we’re talking about cybersecurity frameworks.

13/12/2022

Vlogmas 2022 Day 12: DMARC

We recently discussed SPF and DKIM. Today I’m completing the email authentication hat trick with DMARC. A lot of companies don’t realize that their emails are ending up in the recipient’s spam folder because they haven’t correctly configured SPF, DKIM, and DMARC.

We recently discussed SPF and DKIM. Today I’m completing the email authentication hat trick with DMARC. A lot of companies don’t realize that their emails ar...

11/12/2022

Vlogmas 2022 Day 11: Understanding DKIM

Yesterday I discussed about how SPF, the Sender Policy Framework, helps reduce spam and email impersonation, and helps get legitimate emails delivered. Today I’m going to talk about another way email can be authenticated at the domain level, DomainKeys Identified Mail or DKIM for short.

Yesterday I discussed about how SPF, the Sender Policy Framework, helps reduce spam and email impersonation, and helps get legitimate email delivered. Today ...

11/12/2022

Vlogmas 2022 Day 10: Understanding SPF

Reducing spam, phishing, and email impersonation have never been more important. If you get your email configuration right, you can help in this fight. But if you don’t, you may inadvertently route legitimate emails that you or your organization send directly into quarantines and spam folders. Today I’m going to talk about one of the tools at our disposal, the Sender Policy Framework.

Reducing spam, phishing, and email impersonation have never been more important. If you get your email configuration right, you can help in this fight. But i...

09/12/2022

Vlogmas 2022 Day 9: Should security pros learn to code?

Today I’m responding to a frequent question from people who would like to enter or progress in a cybersecurity career: Should I learn to write code?

Today I’m responding to a frequent question from people who would like to enter or progress in a cybersecurity career: Should I learn to write code?

09/12/2022

Vlogmas 2022 Day 8: Election manipulation

Two days ago, I introduced the basics of machine learning, and yesterday I outlined how social media sites can use and abuse machine learning. Today I’d like to specifically address election manipulation.

Two days ago, I introduced the basics of machine learning, and yesterday I outlined how social media sites can use and abuse machine learning. Today I’d like...