Tag

Cybersecurity Strategy

Explores how individuals and organizations can develop comprehensive cybersecurity strategies that align security investments with business goals. Topics include risk assessment frameworks, incident response planning, security roadmaps, and building a culture of cyber resilience across teams.

posts

Zero Trust

What Is Zero Trust? A Practical Guide for 2024

In January 2023, T-Mobile disclosed that a threat actor had been siphoning data from 37 million customer accounts since November 2022 — through a single exploited API. The attacker moved laterally for weeks without triggering alarms. If you've ever wondered what is zero trust and why the entire industry

Carl B. Johnson Dec 09, 2023 7 min read
Zero Trust Network Access

Zero Trust Network Access: A Practical Guide for 2024

The VPN Is Dead. The Breach That Proved It. In May 2023, a threat actor used stolen VPN credentials to breach a major U.S. government contractor, moving laterally across the network for weeks before detection. The attacker didn't exploit some exotic zero-day. They logged in with a

Carl B. Johnson Dec 09, 2023 7 min read
Zero Trust Implementation

Zero Trust Implementation: A Practical Guide for 2024

The Breach That Proved Perimeter Security Is Dead In January 2023, T-Mobile disclosed that a threat actor had been siphoning data from 37 million customer accounts since late November 2022 — by exploiting a single API. The attacker was already inside the network, moving laterally, harvesting names, emails, phone numbers, and

Carl B. Johnson Dec 07, 2023 8 min read
Zero Trust Security Model

Zero Trust Security Model: A Practical Guide for 2022

In May 2021, a single compromised password shut down the Colonial Pipeline and triggered fuel shortages across the U.S. East Coast. The attackers used a legacy VPN account with no multi-factor authentication — a textbook example of what happens when an organization trusts its perimeter instead of verifying every access

Carl B. Johnson Jan 15, 2022 7 min read
Zero Trust

What Is Zero Trust? A Practical Guide for 2022

In May 2021, a single compromised password shut down the Colonial Pipeline and triggered fuel shortages across the eastern United States. The attackers used a legacy VPN account that had no multi-factor authentication. One credential. No additional verification. That's all it took to paralyze critical infrastructure. If you&

Carl B. Johnson Jan 15, 2022 7 min read
Zero Trust Network Access

Zero Trust Network Access: A Practical Guide for 2022

In May 2021, Colonial Pipeline paid a $4.4 million ransom after a single compromised VPN credential gave attackers the keys to the kingdom. One password. No multi-factor authentication. No segmentation between IT and operational technology networks. The attackers from the DarkSide group walked through a flat network like it

Carl B. Johnson Jan 15, 2022 7 min read
Zero Trust Implementation

Zero Trust Implementation: A Practical Guide for 2022

The Colonial Pipeline Made "Never Trust, Always Verify" a Boardroom Priority In May 2021, a single compromised password shut down the largest fuel pipeline in the United States. Colonial Pipeline paid a $4.4 million ransom — and the real costs ran far deeper. The attack exploited a legacy

Carl B. Johnson Jan 15, 2022 7 min read
Zero Trust Security Model

Zero Trust Security Model: Why Perimeter Defense Is Dead

In July 2020, Twitter disclosed that attackers had compromised 130 high-profile accounts — including Barack Obama, Elon Musk, and Apple — by socially engineering their way past internal employees. The attackers didn't breach a firewall. They didn't exploit a zero-day vulnerability. They simply convinced insiders to hand over

Carl B. Johnson Dec 12, 2020 7 min read
Zero Trust Network Access

Zero Trust Network Access: A Practical Guide for 2021

The SolarWinds Breach Just Proved Your Perimeter Is Dead As I write this in December 2020, we're watching one of the most devastating supply chain attacks in history unfold. The SolarWinds breach — disclosed just days ago — compromised U.S. government agencies and major corporations by exploiting trusted software

Carl B. Johnson Dec 12, 2020 7 min read
Zero Trust Implementation

Zero Trust Implementation: A Practical Guide for 2021

When Twitter disclosed in July 2020 that attackers had hijacked 130 high-profile accounts — including Barack Obama, Elon Musk, and Apple — the root cause wasn't some exotic zero-day exploit. It was social engineering. Attackers manipulated employees, gained access to internal tools, and moved laterally through systems that trusted them

Carl B. Johnson Dec 12, 2020 7 min read