Tag

Zero Trust Architecture

Zero trust architecture posts dive into the technical frameworks and infrastructure designs that support zero trust implementations. Topics include identity-aware proxies, software-defined perimeters, network access control, policy engines, and integration with cloud and hybrid environments.

posts

Security in Cloud Computing

Security in Cloud Computing: What Goes Wrong in 2026

A Single Checkbox Left 540 Million Facebook Records Exposed Back in 2019, researchers at UpGuard discovered that two third-party Facebook app developers had stored more than 540 million user records on Amazon S3 buckets with no access restrictions. Not encrypted. Not firewalled. Just sitting there, publicly readable, because someone didn&

Carl B. Johnson Jul 09, 2026 6 min read
Zero Trust Network Access

Zero Trust Network Access: A Practical Guide for 2026

The Breach That Proved Firewalls Aren't Enough In 2023, MGM Resorts lost an estimated $100 million after a threat actor used social engineering — a single phone call to the help desk — to bypass perimeter defenses and move laterally through internal systems. The attackers didn't need to

Carl B. Johnson Jun 30, 2026 6 min read
Security in Cloud Computing

Security in Cloud Computing: What Goes Wrong First

Capital One Lost 100 Million Records — The Cloud Wasn't the Problem In 2019, a former AWS employee exploited a misconfigured web application firewall and exfiltrated over 100 million Capital One customer records. The cloud infrastructure worked exactly as designed. The humans configuring it didn't. That breach

Carl B. Johnson Jun 27, 2026 5 min read
Zero Trust Security Model

Zero Trust Security Model: Why Perimeter Defense Is Dead

The Breach That Proved "Trust But Verify" Was a Lie In 2020, a threat actor compromised SolarWinds' Orion software update mechanism and silently infiltrated over 18,000 organizations — including multiple U.S. federal agencies and Fortune 500 companies. The attackers didn't blast through firewalls. They

Carl B. Johnson Jun 25, 2026 6 min read
NIST Standards

NIST Standards: What They Actually Mean for Your Security

A $4.88 Million Average — and a Framework Most Organizations Ignore IBM's 2024 Cost of a Data Breach Report pegged the global average at $4.88 million per incident. That's a record. Yet when I ask mid-size companies whether they've implemented any NIST standards,

Carl B. Johnson Jun 24, 2026 5 min read
BYOD Security Risks

BYOD Security Risks: What Your Policy Is Missing

In 2023, a single employee's personal phone led to one of the most damaging casino breaches in history. Threat actors used social engineering to compromise MGM Resorts, and the attack vector started with a device the company didn't fully control. The resulting disruption cost MGM over

Carl B. Johnson Jun 08, 2026 5 min read
Zero Trust

What Is Zero Trust? A Security Model That Actually Works

In 2020, threat actors compromised SolarWinds' Orion software and used it to breach dozens of U.S. government agencies. The attackers moved laterally through networks for months because once they were inside the perimeter, those networks trusted them. That single breach rewrote how the federal government thinks about network

Carl B. Johnson Jun 03, 2026 5 min read
NIST Cybersecurity Framework

NIST Cybersecurity Framework: A Practical Guide for 2026

When Colonial Pipeline paid $4.4 million in ransom after a single compromised password shut down fuel delivery across the Eastern Seaboard, it wasn't a failure of exotic technology. It was a failure of fundamentals — the exact fundamentals the NIST Cybersecurity Framework was designed to address. I'

Carl B. Johnson May 18, 2026 6 min read
Zero Trust Security Model

Zero Trust Security Model: Why Perimeter Defense Is Dead

A Castle With No Walls Left to Defend In January 2024, Microsoft disclosed that the Russian threat actor Midnight Blizzard had compromised executive email accounts — not by breaching a firewall, but by password-spraying a legacy test tenant account that lacked multi-factor authentication. The attackers moved laterally for weeks before detection.

Carl B. Johnson May 15, 2026 5 min read
Third Party Risk Management

Third Party Vendor Cybersecurity Risk: A Practical Guide

The Breach That Didn't Start With You In early 2024, a massive data breach at Change Healthcare — a subsidiary of UnitedHealth Group — disrupted the entire U.S. healthcare payment system for weeks. The root cause? A threat actor exploited compromised credentials on a remote access portal that lacked

Carl B. Johnson May 07, 2026 5 min read