Tag

Security Awareness

Develop a strong security mindset with articles focused on security awareness principles, social engineering defense, safe browsing habits, password hygiene, and recognizing manipulation tactics used by attackers targeting human vulnerabilities.

posts

SQL Injection

SQL Injection Explained: The Attack That Won't Die

A 20-Year-Old Attack Still Dominating the Headlines In late 2022, the FBI and CISA issued a joint advisory warning about ongoing exploitation of a SQL injection vulnerability in a widely used healthcare software platform. The flaw had been known for years. The patches existed. And yet, threat actors kept walking

Carl B. Johnson Jan 09, 2023 7 min read
Phishing Definition

Phishing Definition: What It Really Means in 2022

Twilio, a company with a sophisticated security team and a tech-savvy workforce, got phished in August 2022. Attackers sent SMS messages to employees pretending to be the IT department, directing them to a fake login page. The result: compromised credentials, unauthorized access to customer data, and a breach that rippled

Carl B. Johnson Nov 21, 2022 6 min read
Spoofing Caller

Spoofing Caller Attacks: How Hackers Steal Trust

In March 2022, the FBI warned that threat actors were spoofing caller IDs of financial institutions and government agencies to steal millions from unsuspecting victims. The Bureau's Internet Crime Complaint Center (IC3) received over 18,000 complaints related to spoofing in 2021 alone, with adjusted losses exceeding $82

Carl B. Johnson Sep 04, 2022 6 min read
Group Online Svindel

Group Online Svindel: How Organized Fraud Rings Work

A Single Phishing Email Led to a $100 Million Heist Between 2013 and 2015, a Lithuanian man orchestrated one of the most audacious cases of group online svindel ever documented. Evaldas Rimasauskas and his associates impersonated a legitimate Asian hardware manufacturer and tricked both Google and Facebook into wiring over

Carl B. Johnson Sep 04, 2022 7 min read
What Is Cybersecurity

What Is Cybersecurity? A Practitioner's Real-World Guide

In March 2022, Lapsus$ — a threat actor group made up largely of teenagers — breached Microsoft, Nvidia, Samsung, and Okta in rapid succession. They didn't use sophisticated zero-day exploits. They used social engineering, credential theft, and the kinds of gaps that exist in almost every organization. If you'

Carl B. Johnson Aug 11, 2022 7 min read
Cyber Security Definition

Cyber Security Definition: What It Really Means in 2022

Costa Rica declared a national emergency in May 2022 after the Conti ransomware gang crippled 27 government institutions. Tax systems went offline. Foreign trade ground to a halt. An entire country — not just a company — was brought to its knees by a cyberattack. If you think the cyber security definition

Carl B. Johnson Jun 27, 2022 7 min read
Computer Security Jobs Pay

Computer Security Jobs Pay: What You'll Earn in 2022

3.5 Million Open Positions and Salaries That Reflect the Desperation Cybersecurity Ventures projects 3.5 million unfilled cybersecurity jobs globally in 2025. We're already feeling the squeeze in 2022. That talent gap isn't just a headline — it's the single biggest driver of what

Carl B. Johnson Jun 20, 2022 6 min read
Cybersecurity Definition

Cybersecurity Definition: What It Actually Means in 2022

In March 2022, the FBI's Internet Crime Complaint Center reported that Americans lost over $6.9 billion to cybercrime in 2021 — a 64% jump from the year before. That number makes the standard cybersecurity definition you'll find in a textbook feel almost dangerously quaint. If you&

Carl B. Johnson Jun 20, 2022 6 min read
Define Cyber

Define Cyber: What It Really Means for Your Security

In May 2021, a single compromised password shut down Colonial Pipeline — the largest fuel pipeline in the United States — for six days. The company paid a $4.4 million ransom. Flights were disrupted. Gas stations ran dry across the Southeast. All because one set of credentials was exposed on the

Carl B. Johnson Jun 20, 2022 6 min read
NIST Standards

NIST Standards: A Practical Guide to Real Security

In March 2022, the Verizon Data Breach Investigations Report team released preliminary findings showing that 82% of breaches involved the human element — phishing, stolen credentials, and social engineering. Meanwhile, most organizations I work with still treat NIST standards like a dusty compliance checkbox rather than what they actually are: a

Carl B. Johnson Jun 20, 2022 7 min read