Tag

Cybersecurity Strategy

Explores how individuals and organizations can develop comprehensive cybersecurity strategies that align security investments with business goals. Topics include risk assessment frameworks, incident response planning, security roadmaps, and building a culture of cyber resilience across teams.

posts

Zero Trust

What Is Zero Trust? A Practical Guide for 2026

The Breach That Made "Trust" a Dirty Word In 2020, the SolarWinds breach gave threat actors access to the internal networks of at least nine U.S. federal agencies and over 100 private companies. The attackers moved laterally for months — undetected — because once they were inside the network

Carl B. Johnson Jul 03, 2026 5 min read
Zero Trust Network Access

Zero Trust Network Access: A Practical Guide for 2026

The Breach That Proved Firewalls Aren't Enough In 2023, MGM Resorts lost an estimated $100 million after a threat actor used social engineering — a single phone call to the help desk — to bypass perimeter defenses and move laterally through internal systems. The attackers didn't need to

Carl B. Johnson Jun 30, 2026 6 min read
Zero Trust Security Model

Zero Trust Security Model: Why Perimeter Defense Is Dead

The Breach That Proved "Trust But Verify" Was a Lie In 2020, a threat actor compromised SolarWinds' Orion software update mechanism and silently infiltrated over 18,000 organizations — including multiple U.S. federal agencies and Fortune 500 companies. The attackers didn't blast through firewalls. They

Carl B. Johnson Jun 25, 2026 6 min read
Zero Trust Network Access

Zero Trust Network Access: A Practical Guide for 2026

The Breach That Started Behind the Firewall In 2023, MGM Resorts lost an estimated $100 million after a threat actor social-engineered their way past the help desk with a single phone call. The attacker didn't punch through a firewall. They didn't exploit some exotic zero-day. They

Carl B. Johnson Apr 24, 2026 5 min read
Zero Trust Network Access

Zero Trust Network Access: A Practical Guide for 2026

In January 2024, Microsoft disclosed that a Russian-linked threat actor — Midnight Blizzard — breached corporate email accounts by exploiting a legacy test tenant that lacked multi-factor authentication. No zero-day. No sophisticated exploit chain. Just a password spray against an old account that trusted the network it sat on. That's

Carl B. Johnson Mar 30, 2026 5 min read
Zero Trust Security Model

Zero Trust Security Model: Why Perimeter Defense Is Dead

In January 2024, Microsoft disclosed that the Russian threat actor Midnight Blizzard had breached corporate email accounts — not by exploiting some exotic zero-day, but by password spraying a legacy test tenant that lacked multi-factor authentication. One overlooked account. No MFA. Catastrophic access. If a company with Microsoft's resources

Carl B. Johnson Jun 12, 2025 7 min read
Zero Trust

What Is Zero Trust? A Practical Guide for 2025

The Breach That Made "Trust But Verify" Obsolete In January 2024, Microsoft disclosed that a Russian state-sponsored threat actor known as Midnight Blizzard had compromised executive email accounts — not by exploiting some exotic zero-day, but by password-spraying a legacy test tenant account that lacked multi-factor authentication. One overlooked

Carl B. Johnson Jun 12, 2025 8 min read
Zero Trust Network Access

Zero Trust Network Access: A Practical 2025 Guide

The VPN That Let Attackers Walk Right In In January 2024, the Cybersecurity and Infrastructure Security Agency (CISA) confirmed that Chinese state-sponsored threat actors had exploited Ivanti Connect Secure VPN vulnerabilities to breach multiple U.S. federal agencies. The attackers didn't kick down the door. They walked through

Carl B. Johnson May 25, 2025 7 min read
Zero Trust Implementation

Zero Trust Implementation: A Practical Guide for 2025

In January 2024, Microsoft disclosed that a Russian threat actor known as Midnight Blizzard breached corporate email accounts — not through some exotic zero-day, but by password-spraying a legacy test account that lacked multi-factor authentication. One forgotten account. No segmentation. No least-privilege enforcement. The result: a nation-state actor reading executive emails

Carl B. Johnson May 25, 2025 7 min read
NIST Cybersecurity Framework

NIST Cybersecurity Framework: A Practical Guide for 2025

The Framework Nobody Reads — Until After the Breach In February 2024, Change Healthcare suffered a ransomware attack that disrupted pharmacy operations across the United States for weeks. UnitedHealth Group eventually disclosed that the breach affected roughly 100 million individuals — making it one of the largest healthcare data breaches in history.

Carl B. Johnson May 10, 2025 7 min read