Skip to content
Home
Services
Fractional CISO – Cybersecurity Leadership
Fractional CTO – Application Development Leadership
Automation
Ransomware Cost Estimator
Customer Success Stories
BUCS: Automation Success
ISSA Cybersecurity
Bear Analytics
Inteleos
MovementX: Automation Transformation
Resources
Publications
Papers
Newsletter
About
  • Home
  • Services
    • Fractional CISO – Cybersecurity Leadership
    • Fractional CTO – Application Development Leadership
    • Automation
    • Ransomware Cost Estimator
  • Customer Success Stories
    • BUCS: Automation Success
    • ISSA Cybersecurity
    • Bear Analytics
    • Inteleos
    • MovementX: Automation Transformation
  • Resources
    • Publications
    • Papers
    • Newsletter
  • About
  • Home
  • Services
    • Fractional CISO – Cybersecurity Leadership
    • Fractional CTO – Application Development Leadership
    • Automation
    • Ransomware Cost Estimator
  • Customer Success Stories
    • BUCS: Automation Success
    • ISSA Cybersecurity
    • Bear Analytics
    • Inteleos
    • MovementX: Automation Transformation
  • Resources
    • Publications
    • Papers
    • Newsletter
  • About
Linkedin-in
Home
Services
Fractional CISO – Cybersecurity Leadership
Fractional CTO – Application Development Leadership
Automation
Ransomware Cost Estimator
Customer Success Stories
BUCS: Automation Success
ISSA Cybersecurity
Bear Analytics
Inteleos
MovementX: Automation Transformation
Resources
Publications
Papers
Newsletter
About
  • Home
  • Services
    • Fractional CISO – Cybersecurity Leadership
    • Fractional CTO – Application Development Leadership
    • Automation
    • Ransomware Cost Estimator
  • Customer Success Stories
    • BUCS: Automation Success
    • ISSA Cybersecurity
    • Bear Analytics
    • Inteleos
    • MovementX: Automation Transformation
  • Resources
    • Publications
    • Papers
    • Newsletter
  • About
  • Home
  • Services
    • Fractional CISO – Cybersecurity Leadership
    • Fractional CTO – Application Development Leadership
    • Automation
    • Ransomware Cost Estimator
  • Customer Success Stories
    • BUCS: Automation Success
    • ISSA Cybersecurity
    • Bear Analytics
    • Inteleos
    • MovementX: Automation Transformation
  • Resources
    • Publications
    • Papers
    • Newsletter
  • About
Linkedin-in
Logo-cyber with three tag words 4000w
Home
Services
Fractional CISO – Cybersecurity Leadership
Fractional CTO – Application Development Leadership
Automation
Ransomware Cost Estimator
Customer Success Stories
BUCS: Automation Success
ISSA Cybersecurity
Bear Analytics
Inteleos
MovementX: Automation Transformation
Resources
Publications
Papers
Newsletter
About
  • Home
  • Services
    • Fractional CISO – Cybersecurity Leadership
    • Fractional CTO – Application Development Leadership
    • Automation
    • Ransomware Cost Estimator
  • Customer Success Stories
    • BUCS: Automation Success
    • ISSA Cybersecurity
    • Bear Analytics
    • Inteleos
    • MovementX: Automation Transformation
  • Resources
    • Publications
    • Papers
    • Newsletter
  • About
  • Home
  • Services
    • Fractional CISO – Cybersecurity Leadership
    • Fractional CTO – Application Development Leadership
    • Automation
    • Ransomware Cost Estimator
  • Customer Success Stories
    • BUCS: Automation Success
    • ISSA Cybersecurity
    • Bear Analytics
    • Inteleos
    • MovementX: Automation Transformation
  • Resources
    • Publications
    • Papers
    • Newsletter
  • About
Linkedin-in

Welcome to v055: It’s Time to Get Cyber-tastic!

  • September 16, 2024

News: Hazy Issue in Entra ID Allows Privileged Users to Become Global Admins

Invisible authentication mechanisms in Microsoft allow any attacker to escalate from privileged to super-duper privileged in cloud environments, paving the way for complete takeover.

 

News: Sonos Speaker Flaws Could Have Let Remote Hackers Eavesdrop on Users

Cybersecurity researchers have uncovered weaknesses in Sonos smart speakers that could be exploited by malicious actors to clandestinely eavesdrop on users.

 

News: How Phishing Attacks Adapt Quickly to Capitalize on Current Events

In 2023, no fewer than 94 percent of businesses were impacted by phishing attacks, a 40 percent increase compared to the previous year, according to research from Egress.

 

Cyber Savvy AI Antics

Give 5 options for finishing a joke that starts….”How many security engineers does it take to tell you the time?”

1. “None, they’ll just tell you it’s a security risk to know.”

2. “One, but they’ll encrypt the answer and make you decrypt it yourself.”

3. “It depends—did you remember to patch the clock?”

4. “Just one, but first they’ll have to run a vulnerability scan on the clock.”

5. “As many as it takes to write a report explaining why they can’t tell you.”

 

AI: The AI Hangover is Here – The End of the Beginning

After a good year of sustained exuberance, the hangover is finally here. It’s a gentle one (for now), as the market corrects the share price of the major players (like Nvidia, Microsoft, and Google), while other players reassess the market and adjust priorities. Gartner calls it the trough of disillusionment, when interest wanes and implementations fail to deliver the promised breakthroughs. Producers of the technology shake out or fail. Investment continues only if the surviving providers improve their products to the satisfaction of early adopters.

 

News: Hackers’ Toolkit Exposed, Wide Range of Tools from Initial Access to Full Control

Cybersecurity researchers have discovered an extensive hacker toolkit, revealing a comprehensive set of tools designed for various stages of cyberattacks.

 

News: DDoS Attacks Surge 46% in First Half of 2024, Gcore Report Reveals

Monitoring evolving DDoS trends is essential for anticipating threats and adapting defensive strategies. The comprehensive Gcore Radar Report for the first half of 2024 provides detailed insights into DDoS attack data, showcasing changes in attack patterns and the broader landscape of cyber threats. Here, we share a selection of findings from the full report.

 

News: Identity Threat Detection and Response Solution Guide

Identity Threat Detection and Response (ITDR) has emerged as a critical component to effectively detect and respond to identity-based attacks. Threat actors have shown their ability to compromise the identity infrastructure and move laterally into IaaS, Saas, PaaS and CI/CD environments. Identity Threat Detection and Response solutions help organizations better detect suspicious or malicious activity in their environment. ITDR solutions give security teams the ability to help teams answer the question “What’s happening right now in my environment – what are my identities doing in my environments.”

 

Incident: Hackers may have stolen your Social Security number in a massive breach. Here’s what to know.

A new lawsuit is claiming hackers have gained access to the personal information of “billions of individuals,” including their Social Security numbers, current and past addresses and the names of siblings and parents — personal data that could allow fraudsters to infiltrate financial accounts or take out loans in their names.

 

News: Microsoft Issues Mandatory 2FA Login Deadline Alert

Microsoft’s public cloud computing platform, Azure, was recently targeted by a cyberattack that led to a multi-hour outage. While a newly announced mandatory two-factor authentication login requirement would not have prevented that kind of distributed denial of service attack, it will have a positive impact when it comes to protecting user data and identity.

 

News: Why you should be worried about massive National Public Data breach and what to do.

The latest data breach uncovered is potentially one of the biggest ever, including 2.9 billion records on millions of Americans. Now many are considering freezing their credit reports. Why?

 

Breach: Hackers Just Leaked a Bunch of Social Security Numbers. Here’s What To Know

On April 8, 2024, a group of hackers known as “USDoD” posted to a hacking forum claims that they had access to over 2.9 billion records stolen from a background checking company known as National Public Data. According to the post, the data contained names, addresses and social security numbers of people located in the U.S. The group wanted to sell the data for $3.5 million.

 

News: Anatomy of an Attack

In today’s rapidly evolving cyber threat landscape, organizations face increasingly sophisticated attacks targeting their applications. Understanding these threats and the technologies designed to combat them is crucial. This article delves into the mechanics of a common application attack, using the infamous Log4Shell vulnerability as an example, and demonstrates how Application Detection and Response (ADR) technology effectively safeguards against such zero-day threats.

 

Cloud: Detecting AWS Account Compromise: Key Indicators in CloudTrail Logs for Stolen API Keys

As cloud infrastructure becomes the backbone of modern enterprises, ensuring the security of these environments is paramount. With AWS (Amazon Web Services) still being the dominant cloud it is important for any security professional to know where to look for signs of compromise.

 

Cybercrime: Ransomware rakes in record-breaking $450 million in first half of 2024

Ransomware victims have paid $459,800,000 to cybercriminals in the first half of 2024, setting the stage for a new record this year if ransom payments continue at this level.

 

News: Human Nature Is Causing Our Cybersecurity Problem

By moving beyond guidelines and enforcing accountability, encouraging innovation, and prioritizing the safety and well-being of our communities in the digital age, we can build a more secure software future.

 

Vulnerability Vortex

Chrome 128 Updates Patch High-Severity Vulnerabilities

Google has released two Chrome 128 updates to address six high-severity vulnerabilities reported by external researchers.

 

VMWare releases Fusion vulnerability with 8.8 rating

The company issued a patch for the high-severity bug that allows arbitrary code execution.

 

Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress

Cybersecurity researchers have discovered yet another critical security flaw in the LiteSpeed Cache plugin for WordPress that could allow unauthenticated users to take control of arbitrary accounts.

 

Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues

Veeam has shipped security updates to address a total of 18 security flaws impacting its software products, including five critical vulnerabilities that could result in remote code execution.

 

Sonicwall Warns That Sonicos Bug Exploited In Attacks

Recently fixed access control SonicOS vulnerability, tracked as CVE-2024-40766, is potentially exploited in attacks in the wild, SonicWall warns.

 

Microsoft Issues Patches for 79 Flaws, Including 3 Actively Exploited Windows Flaws

Microsoft on Tuesday disclosed that three new security flaws impacting the Windows platform have come under active exploitation as part of its Patch Tuesday update for September 2024.

 

Adobe Patches Critical, Code Execution Flaws in Multiple Products

Patch Tuesday: Adobe releases patches for 28 security vulnerabilities and warned of code execution risks on Windows and macOS platforms.

 

Ivanti fixes maximum severity RCE bug in Endpoint Management software

Ivanti has fixed a maximum severity vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers gain remote code execution on the core server.

 

 

Read also

Welcome to V068: They let the hackers in through the ‘cloud’ – whatever that is.

Read newsletter

Welcome to V067: THIS. IS. MARCH CYBER MADNESS

Read newsletter

Welcome to v066 : Jibber Jabber Cyberwocky

Read newsletter

Welcome to v065 : Just when you thought it couldn’t get crazier…

Read newsletter

Welcome to v064: A cybersecurity pro and a business executive walk into a bar….

Read newsletter

Welcome to v063: I can remember all my passwords!

Read newsletter

Welcome to v062 : Roses are red, violets are blue, cyber-hackers are waiting for you

Read newsletter

Welcome to v061 : New Year’s Resolution: Strengthen Cybersecurity, Protect Missions.

Read newsletter

Welcome to v060 : Dashing through the net, in a cloud-based CMS

Read newsletter

Welcome to v059 : It’s Cyber Budget Time

Read newsletter

Welcome to v058 : Cyber Fright Night

Read newsletter

Welcome to v057 : Happy Cybersecurity Awareness Month!

Read newsletter

Welcome to v056 : What is your Neurocyberpathology?

Read newsletter

Welcome to v054 : How to Phish an Association Exec

Read newsletter

Welcome to v053 : Hot Out of the Oven: American Phish Pie

Read newsletter

Welcome to v052 : Quantum Toaster Breaches: Coffee Appoints New CIO

Read newsletter

Welcome to v051: Be thankful you’re not Crowdstrike!

Read newsletter

Welcome to v050 : We’re at v050 and kicking cyber-ass!!!

Read newsletter

Welcome to v049 : Watch Over Your Tech

Read newsletter

Welcome to v048 : BEC is DOA

Read newsletter

Welcome to v047 : Insurance Future: Coverage Linked to Cyber Hygiene

Read newsletter

Welcome to v046 : One Phish, Two Phish, Red Team, Blue Team

Read newsletter

Welcome to v045 : Quantum Humor: Relatively Fun, Universally Secure

Read newsletter

Welcome to v044 : Tongue Twisting Today’s Top Tech Terms

Read newsletter

Welcome to v043 : Where Firewalls Whisper and Passwords Giggle

Read newsletter

Welcome to v042 : Swap Suits for Codes and Be Heroes

Read newsletter

Welcome to v041 : Sweet Security Insights, Slice by Slice

Read newsletter

Welcome to v040 : Staff slip, skip strict security steps

Read newsletter

Welcome to v039: Rockin’ Cyber News

Read newsletter

v038: Choose Your CyberNews

Read newsletter

v037: Cybercrime is as Cybercrime Does

Read newsletter

v036: News You Can’t Refuse

Read newsletter

v035: Have Some Views of Cyber-News

Read newsletter

v034: The Double-Edged Sword in 2024 Cybersecurity Landscape

Read newsletter

v033: Cyber News to Use so You Don’t Lose

Read newsletter

v032: Cybercrime all the time

Read newsletter

V031: Cyber News for Chews

Read newsletter

V030: Cybercrime is a Tasty Wave

Read newsletter
About Us
businessman developing strategic plans, evaluating technology

Developing cybersecurity plans, evaluating and implementing technology, building effective software, and executing strategic initiatives.

Let’s Socialize

Popular Post

Welcome to V068: They let the hackers in through the ‘cloud’ – whatever that is.

April 23, 2025

Welcome to V067: THIS. IS. MARCH CYBER MADNESS

April 3, 2025
About

Reduce cybersecurity risk, maintain compliance, develop strategic plans, and create custom software.

Services
  • Fractional CISO – Cybersecurity Leadership
  • Fractional CTO – Application Development Leadership
  • Automation
  • Ransomware Cost Estimator
Quick Links
  • Latest Publications
  • Testimonials
  • Customer Use Cases
Logo-cyber with three tag words 4000w

Do you want a free sketch for your homepage? Visit Weblify.se

Linkedin-in

Why you need a vCIO?

While CEOs and presidents grapple with the complexities of business, marketplace, industry, strategy, and their board and stakeholders, they are left with little time or inclination to deal with the details of the incredibly dynamic technology landscape. Keeping one’s eye on the myriad of technology changes and how they can and will affect the business takes a specialized, dedicated, and experienced professional. That is exactly the role of the virtual CIO or CTO.
Download

20 Years of CIO Experience

Tracks trends, market direction and customer needs to plan the future of technology.  Recruits high performing team members and develops their skills by providing decision-making ownership and collaborative engagement.  Able to initiate culture change, lead by example, and get buy-in at all levels.  Known for facilitating energizing brainstorming sessions that generate actionable insights and create new revenue opportunities.

In 2000, Brian was introduced to the exhibitions and events industry when he joined 3rd Millennium Communications as Manager of Software Development for a Virtual Tradeshow Product.  That company was acquired by Galaxy Information Services and through additional acquisitions later became Experient.

As CIO of Experient, Brian oversaw the replacement and upgrade of every piece of legacy proprietary systems that supported the registration, housing, and lead retrieval services.  He also oversaw the transition from a paper-based and manual business operations to an entirely online and mobile app-based model.  Brian oversaw the strategy and operations of the Experient data center including their recent adoption and migration to cloud-based hosting to enhance availability, reliability, scalability, and recoverability.

Brian led the product development strategy and spearheaded several product concepts including eventBit™ which was granted a US patent in 2019 (Patent Number: US 10,311,267 B2).  He was also instrumental in the evolution of lead retrieval products from hardware-based units to smart phone-based mobile app technology.

Brian oversaw the cyber-security position for Experient including compliance to the Payment Card Industry Data Security Standard (PCI DSS), SSAE-18 SOC 1 Type II, and internal corporate security standards audits. Security scope included a 400-server data center, 700 end user devices, and credit card data environment, and a data center holding thousands of databases of customer data. Under Brian’s leadership, Experient successfully met or exceeded requirements for PCI since its introduction in 2005.

Brian’s business philosophy is rooted in a belief in the power of high performing teams, the necessity of self-disruption, the focus on the client’s perspective, the criticality of speed of change, and the utility of lean and agile development and operational processes.

Brian has the honor of being the first technology professional to participate as a director on the Board of Directors for the International Association of Exhibitions and Events® (IAEE). Organized in 1928 as the National Association of Exposition Managers to represent the interests of trade show and exposition managers, the International Association of Exhibitions and Events® is the leading association for the global exhibition industry. Today IAEE represents over 12,000 individuals in 50 countries who conduct and support exhibitions around the world. Being a data-centric leader, Brian is also proud to serve on the board of CEIR, the Center for Exhibition Industry Research.

Brian also believes that in today’s competitive employee market, the most successful companies must find ways to create enjoyable and engaged workplace environments. No stranger to performance, Brian was frequently seen on stage in front of the Experient organization delivering educational messages (such as not clicking on links within phishing emails) or just poking fun at his peers within the leadership team through music.

Brian is a Tennessee Volunteer at heart and his blood runs deep orange due to his undergraduate studies at the University of Tennessee, Knoxville where he received his Bachelors of Science in Electrical Engineering with Honors.  He also earned a Masters of Science in Technology Management from the University of Maryland Global Campus.  His personal passions include his wife and two sons, music, and fitness.  He is a 30-year veteran of live music performance, a published musical play composer, and a recording studio engineer and producer.  When he’s not in the studio, you’ll find him out on his bike climbing the local hills.

We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.I agree