All posts by teamchao
Ransomware Defense
What are some of the quickest defenses for ransomware? CIS security controls are some of the quickest controls to put in place to reduce the risk of ransomware and human issues that result in ransomware attacks working. Take a look at the image below for a quick overview of how to be proactive, preventive and…
Agile – SDLC & Security
Are these three topics in the same blog article an oxymoron? Well having worked in development shops for a long time, including Red Hat Linux, I decided a while back to get my Certified Scrum Master (CSM) certificate. My objective was to learn how the three could live in harmony and how security could be…
Top AI content on LinkedIn
So sometimes I post things on LinkedIn that are a bit rhetorical in nature. I asked AI to generate this image based on what everyone was doing on AI. Number 9 struck me as ironic! I recently had a leader present AI generated materials to me but could not speak for the content nor answer…
Top 10 Cybersecurity Events
Below I had AI do the hard work and review 10 sites as listed in the image for cybersecurity breaches, incidents and cyber insurance claims to see what the top 10 key issues are. To no surprise and as I always tell my clients the human counts for over 95% of cybersecurity issues. The image…
NIST CSF Maturity Levels
The NIST Cybersecurity Framework (CSF) is a best security practice framework established by the national institute of standards and technology. It helps guide you in creating a cybersecurity program and tiers to achieve throughout a security programs lifecycle. Most don’t know or leverage the levels of which you can apply the framework to best address…
Security & 7 layers of the OSI Model
In the image below you will see each layer of the OSI model defined and mapped to user activity and security attack vectors. When you think of the “Security Onion” approach to security, think of how many layers an onion has and what it takes to peal back all the layers until you find the…
6 Free AI Frameworks
Here are 6 Free AI Frameworks to help guide the AI Security effort. If you have someone who understands how these frameworks align to the other best practice frameworks and can align controls across your infrastructure you’ll be ahead of the curve. Take a moment to look over each and see which best aligns with…
Mitre ATT&CK
MITRE ATT&CKĀ® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. Often these tactics and techniques are used…
CVE for Me
A CVE, or Common Vulnerabilities and Exposures, is a standardized identifier for publicly disclosed security vulnerabilities in software and hardware, allowing organizations to share and manage information about these vulnerabilities effectively. Each CVE is assigned a unique ID to facilitate tracking and prioritization of security issues. The CVE method is one of the most widely…
The SDLC Process
The Software Development Life Cycle (SDLC), is a structured process used to plan, develop, test, and maintain software applications. It outlines the stages involved in software development, ensuring quality and alignment with business goals. Security needs to be integrated in the process to ensure applications are safe and secure. Within the SDLC there are an…