Tag

Zero Trust Security

Zero trust security content examines the principle of never trusting and always verifying every user, device, and connection. Articles explore micro-segmentation, least-privilege access, continuous monitoring, and how organizations transition from perimeter-based defenses to zero trust models.

posts

What Is Cybersecurity

What Is Cybersecurity? A Practitioner's Real-World Guide

In March 2022, Lapsus$ — a threat actor group made up largely of teenagers — breached Microsoft, Nvidia, Samsung, and Okta in rapid succession. They didn't use sophisticated zero-day exploits. They used social engineering, credential theft, and the kinds of gaps that exist in almost every organization. If you'

Carl B. Johnson Aug 11, 2022 7 min read
IT Security

IT Security in 2022: What Actually Stops Breaches

In March 2022, the Lapsus$ threat actor group breached Okta, Microsoft, Nvidia, and Samsung — not by exploiting sophisticated zero-day vulnerabilities, but by buying stolen credentials and socially engineering employees. A teenager-led group dismantled the IT security of some of the most well-resourced technology companies on the planet. If that doesn&

Carl B. Johnson Aug 11, 2022 7 min read
Web Security Best Practices

Web Security Best Practices That Actually Stop Breaches

In March 2022, the Lapsus$ group breached Okta by compromising a third-party support engineer's laptop — and suddenly, thousands of organizations realized their web security posture was only as strong as their weakest vendor's. That single incident forced a reckoning across the industry. If your organization runs

Carl B. Johnson Jul 30, 2022 7 min read
Cyber Security Definition

Cyber Security Definition: What It Really Means in 2022

Costa Rica declared a national emergency in May 2022 after the Conti ransomware gang crippled 27 government institutions. Tax systems went offline. Foreign trade ground to a halt. An entire country — not just a company — was brought to its knees by a cyberattack. If you think the cyber security definition

Carl B. Johnson Jun 27, 2022 7 min read
Computer Security Service

Computer Security Service: What Actually Works in 2022

The Colonial Pipeline Fallout Changed Everything About How We Buy Security One year ago, a single compromised password shut down the largest fuel pipeline in the United States. Colonial Pipeline paid $4.4 million in ransom. Gas stations across the Southeast ran dry. And the FBI later confirmed that the

Carl B. Johnson Jun 20, 2022 7 min read
Cybersecurity Definition

Cybersecurity Definition: What It Actually Means in 2022

In March 2022, the FBI's Internet Crime Complaint Center reported that Americans lost over $6.9 billion to cybercrime in 2021 — a 64% jump from the year before. That number makes the standard cybersecurity definition you'll find in a textbook feel almost dangerously quaint. If you&

Carl B. Johnson Jun 20, 2022 6 min read
Define Cyber

Define Cyber: What It Really Means for Your Security

In May 2021, a single compromised password shut down Colonial Pipeline — the largest fuel pipeline in the United States — for six days. The company paid a $4.4 million ransom. Flights were disrupted. Gas stations ran dry across the Southeast. All because one set of credentials was exposed on the

Carl B. Johnson Jun 20, 2022 6 min read
Cybersecurity Awareness Training

Cybersecurity Awareness Training: What Actually Works

The 82% Problem Nobody Wants to Own The 2022 Verizon Data Breach Investigations Report found that 82% of breaches involved a human element — phishing, stolen credentials, misuse, or simple error. That number has barely budged in years. And yet most organizations still treat cybersecurity awareness training as a checkbox exercise:

Carl B. Johnson Apr 04, 2022 8 min read
Employee Cybersecurity Training

Employee Cybersecurity Training: What Actually Works

In March 2022, Lapsus$ — a threat actor group largely composed of teenagers — breached Okta, Microsoft, Samsung, and Nvidia in rapid succession. Their primary weapon wasn't a sophisticated zero-day exploit. It was employee cybersecurity training failures: stolen credentials, SIM swapping, and social engineering attacks that targeted the humans sitting

Carl B. Johnson Apr 04, 2022 7 min read
Data Breach Prevention

Data Breach Prevention: 9 Steps That Actually Work

The Breach That Started With a Single Stolen Password In May 2021, a single compromised password shut down fuel distribution across the Eastern United States. The Colonial Pipeline ransomware attack disrupted gas supplies for days and cost the company a $4.4 million ransom payment. The root cause? A legacy

Carl B. Johnson Mar 18, 2022 6 min read