Tag

Cybersecurity Strategy

Explores how individuals and organizations can develop comprehensive cybersecurity strategies that align security investments with business goals. Topics include risk assessment frameworks, incident response planning, security roadmaps, and building a culture of cyber resilience across teams.

posts

NIST Cybersecurity Framework

NIST Cybersecurity Framework: A Practical Guide for 2026

The Framework 87% of Organizations Claim to Follow — But Most Get Wrong When the Change Healthcare breach exposed the records of over 100 million people in 2024, investigators found something familiar: the organization had a cybersecurity program on paper. What it lacked was disciplined execution against a proven structure. That

Carl B. Johnson Nov 04, 2020 7 min read
Zero Trust Security Model

Zero Trust Security Model: A Practical Guide for 2026

The Breach That Proved Perimeters Don't Work In 2020, the SolarWinds breach gave roughly 18,000 organizations a brutal lesson: once a threat actor gets past your perimeter, they can move laterally for months without detection. Government agencies, Fortune 500 companies, and critical infrastructure providers all had firewalls.

Carl B. Johnson Oct 01, 2019 7 min read
Zero Trust Network Access

Zero Trust Network Access: A Practical Guide for 2026

The Breach That Proved Perimeter Security Was Dead In early 2024, a threat actor gained access to Microsoft's corporate email system — including accounts belonging to senior leadership and cybersecurity staff. The attacker didn't exploit some exotic zero-day. They used a password spray attack against a legacy

Carl B. Johnson Sep 28, 2019 8 min read
Zero Trust Implementation

Zero Trust Implementation: A Practical Guide for 2026

The Breach That Proved "Trust But Verify" Is Dead In early 2024, a major healthcare provider disclosed that attackers had spent nine months inside their network — moving laterally, escalating privileges, and exfiltrating millions of patient records. Their perimeter defenses were solid. Their VPN was enterprise-grade. None of it

Carl B. Johnson Sep 28, 2019 7 min read