Tag

Security Awareness

Develop a strong security mindset with articles focused on security awareness principles, social engineering defense, safe browsing habits, password hygiene, and recognizing manipulation tactics used by attackers targeting human vulnerabilities.

posts

Zero Trust Network Access

Zero Trust Network Access: A Practical Guide for 2026

In January 2024, Microsoft disclosed that a Russian-linked threat actor — Midnight Blizzard — breached corporate email accounts by exploiting a legacy test tenant that lacked multi-factor authentication. No zero-day. No sophisticated exploit chain. Just a password spray against an old account that trusted the network it sat on. That's

Carl B. Johnson Mar 30, 2026 5 min read
NIST Cybersecurity Framework

NIST Cybersecurity Framework: A Practical Guide for 2026

The Framework 83% of Organizations Claim to Follow — But Few Actually Implement When the City of Dallas was hit by a devastating ransomware attack in May 2023, investigations revealed systemic gaps in risk management, incident response, and access controls — the exact areas the NIST Cybersecurity Framework was designed to address.

Carl B. Johnson Mar 28, 2026 6 min read
Cybersecurity Terms Explained

Cybersecurity Terms Explained: A No-Nonsense Guide

During a breach investigation last year, I watched a CFO stare blankly at an incident response report and ask, "What's lateral movement? What does 'exfiltration' mean? Can someone just speak English?" That moment crystallized something I've known for two decades: the cybersecurity

Carl B. Johnson Mar 28, 2026 6 min read
Smishing

FBI Warning on Smishing Texts: What You Must Do Now

In December 2025, the FBI issued a stark public warning: delete suspicious text messages immediately. The advisory specifically called out a wave of smishing texts — SMS-based phishing attacks — targeting Americans with fake toll road notices, package delivery scams, and fraudulent financial alerts. The bureau's Internet Crime Complaint Center

Carl B. Johnson Jan 18, 2026 7 min read
Phishing

Definition of a Phishing Attack: What It Really Looks Like

The MGM Breach Started With a Single Phone Call In September 2023, a threat actor called the MGM Resorts help desk, pretended to be an employee, and talked their way into a credential reset. Within hours, the Scattered Spider group had deep access to MGM's systems. The result:

Carl B. Johnson Jan 17, 2026 7 min read
Fake Mail

Fake Mail: How to Spot It Before It Costs You

In May 2025, the FBI's Internet Crime Complaint Center reported that business email compromise — a sophisticated form of fake mail — accounted for over $2.9 billion in adjusted losses in 2023 alone. That number has only grown. I've personally worked cases where a single convincing email

Carl B. Johnson Dec 27, 2025 7 min read
Fake Emails

Fake Emails: How to Spot Them Before They Cost You

In May 2024, the FBI's Internet Crime Complaint Center reported that business email compromise — a category built almost entirely on fake emails — accounted for over $2.9 billion in adjusted losses in a single year. That figure dwarfed ransomware losses by a factor of nearly 50. And those

Carl B. Johnson Dec 13, 2025 7 min read
Phishing Links

What Is a Phishing Link? How to Spot and Stop Them

In March 2024, a finance employee at a multinational firm in Hong Kong wired $25.6 million to threat actors after joining a video call that appeared to feature the company's CFO. The deepfake was convincing, but the attack started with something far simpler — a phishing link embedded

Carl B. Johnson Dec 09, 2025 7 min read