Resources

Blog

DevOps Days – PDX 2018 Review

I had the opportunity to go to my local DevOps Days this year – DevOps PDX. If you've never been, and this was my first time attending, I highly recommend finding the next one closest to you and going. When I say closest to you, it's quite likely there will be one in a city nearby. Aside from the wonderful content, community and interactions, DevOps...
Blog

Staying Secure When Online Shopping: Getting the Basics Right

Online shopping has become so popular that it has contributed to the fall of once giant businesses like Sears. But beneath the convenience of ordering goods at home is a mammoth cybersecurity problem that affects millions of users every year. You may think shopping on sites like Amazon and eBay is completely safe – but it’s not. Hackers can get your...
Blog

Women in Information Security: Jennifer Fernick

Last time, I had the privilege of interviewing Fortalice Solutions founder Theresa Payton. Her combination of White House and private sector intelligence and cybersecurity experience gives her a truly one-of-a-kind perspective in this industry. This time, I got to speak to someone else I’ve met in person in Toronto’s cybersecurity community,...
Blog

Scraping Social Security Numbers on the Web

One of the most accredited forms of validation for a citizen’s identity is a Social Security Number. A Social Security Number is a significant piece of government-issued identification in the United States. When this information is compromised, it can lead to serious problems where an individual to impersonate someone. A citizen may never know that...
Blog

U.S. National Cyber Strategy: What You Need to Know

On September 20, 2018, the White House released a new cybersecurity strategy with several important changes in direction meant to give government agencies and law enforcement partners a greater ability to respond to cybercrime and nation-state attacks. The new U.S. cyber strategy makes one message clear: America will not sit back and watch when...
Blog

NCSAM: Six Tips to Help Keep your Business Secure

During the last half of the 1990s, there was a concern for employees using their own home desktop computers to dial in to the corporate network from home. Thousands of articles and hundreds of conference sessions discussed the associated risks and then how to mitigate them through documented policies and the use of new tools. Soon after the year...
Blog

35 Million US Voter Registration Records Found for Sale on Dark Web

Weeks before the November midterm elections, roughly 35 million U.S. voter registration records from 19 states have appeared for sale on the dark web. Researchers from Anomali Labs and Intel 471 discovered the data for sale, which reportedly includes voters’ “full name, phone numbers, physical addresses, voting history, and other unspecified voting...
Blog

Women in Information Security: Theresa Payton

Last time, I had fun speaking with my friend, red team-minded student/teacher Alana Staszczyszyn. This time, I had the privilege of speaking with cybersecurity and intelligence industry veteran Theresa Payton. She’s always had tons of responsibility. She went from the White House to start her own private sector firm, Fortalice Solutions. Kim Crawley...
Blog

Dating App for Trump Supporters Exposed Members' Information

A dating app geared towards connecting supporters of U.S. President Donald Trump exposed members' personal and account information. On 15 October, security researcher Baptiste Robert (who also goes by the name "Elliot Alderson") discovered security weaknesses in the Donald Daters dating app that exposed several pieces of users' information. https:/...
Blog

The U.S. Government Is Getting Smarter on Cloud

Since 2010, the U.S. Executive Office has been encouraging agencies to leverage the cloud to improve citizen services. Now, according to the new “Cloud Smart” strategy, a group of federal agencies are taking the lead to identify the best way to make that happen. Relying on input from industry and the broader federal IT community, OMB, DHS, GSA and...
Blog

Scottish Ambulance Service Exposed Employees' Data Online

The Scottish Ambulance Service suffered a data breach in which it exposed its staff members' personal information online. On 12 October, the NHS Ambulance Services Trust, which is part of NHS Scotland, sent an email to its staff in which it disclosed the data breach. As quoted by BBC News: For a time, the names and telephone numbers of staff, as...
Blog

New Sextortionist Scam Uses Email Spoofing Attack to Trick Users

A new sextortionist scam is using spoofing techniques to trick users into thinking that digital attackers have compromised their email accounts. As reported by Bleeping Computer, an attack email belonging to this ploy attempts to lure in a user with the subject line "[email address] + 48 hours to pay," where [email address] is their actual email...