Tag

Security Awareness Training

Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.

posts

Cybersecurity Training Compliance

Cybersecurity Training Compliance: What Regulators Want

In October 2024, the FTC finalized a settlement with Marriott International and its subsidiary Starwood Hotels over data breaches that exposed the personal information of 344 million customers. Among the FTC's requirements: Marriott had to implement a comprehensive information security program — including mandatory employee training. That wasn'

Carl B. Johnson May 10, 2025 7 min read
NIST Cybersecurity Framework

NIST Cybersecurity Framework: A Practical Guide for 2025

The Framework Nobody Reads — Until After the Breach In February 2024, Change Healthcare suffered a ransomware attack that disrupted pharmacy operations across the United States for weeks. UnitedHealth Group eventually disclosed that the breach affected roughly 100 million individuals — making it one of the largest healthcare data breaches in history.

Carl B. Johnson May 10, 2025 7 min read
Cybersecurity for Healthcare

Cybersecurity for Healthcare Organizations: A 2025 Guide

In February 2024, a ransomware attack on Change Healthcare — one of the largest health payment processors in the United States — disrupted claims processing for hospitals, pharmacies, and clinics across the country for weeks. UnitedHealth Group, its parent company, later confirmed that the personal health information of roughly 100 million individuals

Carl B. Johnson May 10, 2025 8 min read
Cybersecurity for Nonprofits

Cybersecurity for Nonprofits: A Practical Defense Guide

The Breach That Cost a Charity Its Reputation — and Its Donors In 2023, the nonprofit organization Save the Children Federation confirmed it was hit by the BianLian ransomware group, which claimed to have stolen nearly 7 GB of data including financial records, personal information, and medical data. A global charity

Carl B. Johnson Apr 22, 2025 7 min read
Cloud Security Best Practices

Cloud Security Best Practices That Actually Stop Breaches

A Single Misconfigured S3 Bucket Exposed 3 Billion Records In 2021, a researcher discovered that a misconfigured cloud storage bucket belonging to data analytics firm Cognyte had exposed more than five billion records. Capital One's infamous 2019 breach — a misconfigured web application firewall in AWS — cost them over

Carl B. Johnson Apr 22, 2025 7 min read
Cloud Storage Security Risks

Cloud Storage Security Risks: What's Actually Exposing You

The Misconfigured Bucket That Exposed 540 Million Records In 2019, researchers at UpGuard discovered that Facebook user data — over 540 million records — sat exposed on misconfigured Amazon S3 buckets maintained by third-party app developers. Nobody hacked anything. Nobody exploited a zero-day. The data was simply left open to the public

Carl B. Johnson Apr 22, 2025 8 min read
Securing Cloud Applications

Securing Cloud Applications: A Practical 2025 Guide

The Snowflake Breach Changed How I Think About Cloud Risk In mid-2024, threat actors compromised over 165 organizations by exploiting stolen credentials against Snowflake cloud accounts that lacked multi-factor authentication. Ticketmaster, AT&T, Santander — massive names, massive data losses. The root cause wasn't some exotic zero-day. It

Carl B. Johnson Apr 22, 2025 7 min read
SaaS Security Best Practices

SaaS Security Best Practices: A 2025 Field Guide

In January 2025, the Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive after threat actors exploited misconfigured SaaS environments across multiple federal agencies. The attackers didn't need sophisticated zero-day exploits. They walked in through overprivileged service accounts, dormant API tokens, and single-factor authentication — problems that every

Carl B. Johnson Apr 22, 2025 7 min read