Tag

Security Awareness Training

Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.

posts

Jobs Computer Security

Jobs in Computer Security: Your 2024 Career Guide

There are roughly 500,000 unfilled cybersecurity positions in the United States right now. That number comes directly from CyberSeek, a project supported by NIST and the National Initiative for Cybersecurity Education. Half a million openings — and the gap keeps widening. If you've been searching for jobs in

Carl B. Johnson Jul 10, 2024 8 min read
Computer Security

Computer Security: What Actually Works in 2024

In February 2024, Change Healthcare — one of the largest health technology companies in the U.S. — got hit with a ransomware attack that disrupted pharmacies, hospitals, and insurance claims processing across the entire country. UnitedHealth Group confirmed the breach affected a substantial portion of the American population. The attack vector?

Carl B. Johnson Jul 10, 2024 7 min read
Cyber Security

Cyber Security in 2024: What Actually Stops Breaches

The Breach That Changed How I Think About Cyber Security In January 2024, Microsoft disclosed that Russian threat actor Midnight Blizzard had been lurking inside their corporate email systems since November 2023. Not a small startup. Not a company that skimps on security budgets. Microsoft. If their cyber security defenses

Carl B. Johnson May 13, 2024 7 min read
Computer Virus Prevention

Computer Virus Prevention: 9 Steps That Actually Work

The Virus That Cost a Hospital Chain $100 Million In 2017, the NotPetya malware ripped through networks worldwide. It wasn't theoretical. Nuance Communications, a major healthcare IT vendor, took a $92 million hit. Maersk, the shipping giant, lost around $300 million. Heritage Valley Health System in Pennsylvania lost

Carl B. Johnson May 13, 2024 6 min read
Computer Security Service

Computer Security Service: What Actually Works in 2024

The Breach That a $200K Security Stack Couldn't Stop In January 2024, a mid-sized accounting firm in the Midwest had firewalls, endpoint detection, SIEM logging, and a managed SOC. They spent over $200,000 a year on their computer security service stack. Then an employee clicked a phishing

Carl B. Johnson May 13, 2024 7 min read
Cloud Computing Security

Cloud Computing Security: 7 Mistakes That Cause Breaches

In January 2024, Microsoft disclosed that a Russian threat actor group known as Midnight Blizzard had breached its corporate email systems — not through some exotic zero-day exploit, but through a password spray attack on a legacy test account that lacked multi-factor authentication. If Microsoft, a company that literally sells cloud

Carl B. Johnson May 13, 2024 7 min read
NIST Standards

NIST Standards: What Actually Matters for Your Security

In February 2024, NIST released version 2.0 of its Cybersecurity Framework — the biggest overhaul in a decade. Within weeks, I watched organizations scramble to figure out what changed and what they needed to do about it. Most of them were still struggling to implement version 1.1. Here'

Carl B. Johnson May 03, 2024 7 min read
Phishing Psychology

How Phishing Emails Work: The Psychology Behind the Click

A Single Click Cost One Company $100 Million In 2019, a Lithuanian national named Evaldas Rimasauskas pleaded guilty to stealing over $100 million from Google and Facebook using nothing but phishing emails. No zero-day exploits. No advanced malware. Just carefully crafted messages that exploited human psychology. If you want to

Carl B. Johnson May 03, 2024 8 min read
Phishing Training for Employees

Phishing Training for Employees: A Practical Guide

In March 2024, a finance employee at a multinational firm in Hong Kong wired $25.6 million to threat actors after a deepfake video call convinced him his CFO had authorized the transfer. One employee. One convincing lure. Twenty-five million dollars gone. That's not a hypothetical — it'

Carl B. Johnson May 03, 2024 7 min read