Tag

Zero Trust

Understand the Zero Trust security model, which operates on the principle of never trust, always verify. Posts cover Zero Trust architecture, identity verification, micro-segmentation, least-privilege access, and practical steps for implementing Zero Trust frameworks across enterprise environments.

posts

Cybersecurity Policy for Employees

Cybersecurity Policy for Employees: A Practical Guide

In 2023, MGM Resorts lost an estimated $100 million after a threat actor social-engineered a help desk employee with a ten-minute phone call. The attacker didn't exploit a zero-day vulnerability. They exploited a gap in employee policy — specifically, the identity verification process for password resets. A strong cybersecurity

Carl B. Johnson Jul 05, 2026 5 min read
VPN Best Practices

VPN Best Practices: What Actually Protects You in 2026

In early 2024, Ivanti disclosed critical vulnerabilities in its Connect Secure VPN that were already being actively exploited by threat actors — including nation-state groups. CISA issued an emergency directive ordering federal agencies to disconnect affected devices within 48 hours. If that doesn't make you rethink your VPN best

Carl B. Johnson Jul 05, 2026 5 min read
Zero Trust

What Is Zero Trust? A Practical Guide for 2026

The Breach That Made "Trust" a Dirty Word In 2020, the SolarWinds breach gave threat actors access to the internal networks of at least nine U.S. federal agencies and over 100 private companies. The attackers moved laterally for months — undetected — because once they were inside the network

Carl B. Johnson Jul 03, 2026 5 min read
CISA Cybersecurity Guidelines

CISA Cybersecurity Guidelines: What They Mean for You

The Federal Agency Most Hackers Wish You'd Never Heard Of In January 2024, CISA — the Cybersecurity and Infrastructure Security Agency — issued an emergency directive after threat actors exploited vulnerabilities in Ivanti VPN products to infiltrate multiple federal agencies. The directive gave agencies 48 hours to disconnect affected devices.

Carl B. Johnson Jul 02, 2026 5 min read
Remote Work Cybersecurity Tips

Remote Work Cybersecurity Tips That Actually Work

Your Home Office Is Now the Attack Surface In 2023, a single remote employee at MGM Resorts answered a social engineering call from a threat actor impersonating IT support. That one interaction led to a ransomware attack that cost the company over $100 million in losses. The attacker didn'

Carl B. Johnson Jul 01, 2026 5 min read
Third Party Risk

Third Party Vendor Cybersecurity Risk: A 2026 Guide

In early 2024, a breach at Change Healthcare — a subsidiary of UnitedHealth Group — crippled pharmacies and hospitals across the United States for weeks. The attack didn't start at a hospital. It started at a third party vendor. A single set of compromised credentials on a system without multi-factor

Carl B. Johnson Jun 24, 2026 5 min read
CISA Cybersecurity Guidelines

CISA Cybersecurity Guidelines: What Actually Matters

Most Organizations Read CISA's Advice — Then Ignore the Hard Parts In 2023, the City of Dallas got hit with Royal ransomware. Services went down. Police dispatch systems broke. Recovery took weeks and cost millions. The attack vector? The kind of basic intrusion that CISA cybersecurity guidelines have warned

Carl B. Johnson Jun 20, 2026 5 min read