Tag

Zero Trust

Understand the Zero Trust security model, which operates on the principle of never trust, always verify. Posts cover Zero Trust architecture, identity verification, micro-segmentation, least-privilege access, and practical steps for implementing Zero Trust frameworks across enterprise environments.

posts

Shoulder Surfing Attack

Shoulder Surfing Attack: The Low-Tech Threat You Ignore

A $10 Pair of Binoculars Can Beat Your $10 Million Security Budget In 2018, a researcher at a security conference demonstrated how he captured over 100 passwords simply by watching people type at airport gates and coffee shops over a two-week period. No malware. No phishing emails. No zero-day exploits.

Carl B. Johnson Dec 18, 2021 7 min read
Cybersecurity Terms Explained

Cybersecurity Terms Explained: A No-Nonsense Guide

In May 2021, Colonial Pipeline paid a $4.4 million ransom after a single compromised password shut down fuel delivery across the U.S. East Coast. The post-incident reporting was filled with jargon — ransomware, threat actor, credential theft, attack vector — that left most non-technical readers glazing over. Here's

Carl B. Johnson Sep 16, 2021 7 min read
Computer Security Security

Computer Security Security: Layers That Actually Work

The Colonial Pipeline Just Proved Your Security Needs Security On May 7, 2021, a single compromised password shut down 5,500 miles of fuel pipeline. Colonial Pipeline paid a $4.4 million ransom within hours. The attack didn't exploit some exotic zero-day. It walked through a legacy VPN

Carl B. Johnson Jun 01, 2021 6 min read
Cyber Security Definition

Cyber Security Definition: What It Actually Means in 2021

Colonial Pipeline Just Gave Us a Real-World Cyber Security Definition On May 7, 2021, a single compromised password shut down the largest fuel pipeline in the United States. Colonial Pipeline halted operations after a ransomware attack attributed to the DarkSide group, triggering fuel shortages across the Southeast. If you want

Carl B. Johnson May 18, 2021 6 min read
Security in Cloud Computing

Security in Cloud Computing: What Goes Wrong First

In April 2021, a misconfigured cloud storage bucket at a major Android app developer exposed the personal data of over 100 million users. Names, emails, passwords, chat messages — all sitting in plain view because someone forgot to toggle a single setting. This wasn't an exotic zero-day exploit. It

Carl B. Johnson May 13, 2021 6 min read
Multi-Factor Authentication

MFA vs Two-Factor Authentication: What Actually Matters

In July 2020, a teenager orchestrated one of the most high-profile breaches in social media history — the Twitter hack that compromised accounts belonging to Barack Obama, Elon Musk, and Apple. The attack vector? Social engineering and credential theft that bypassed weak authentication controls. It was a brutal reminder that passwords

Carl B. Johnson Jan 11, 2021 6 min read
Insider Threat Awareness

Insider Threat Awareness: What Your Team Isn't Telling You

In July 2020, a 17-year-old in Florida convinced a Twitter employee to hand over internal credentials. Within hours, threat actors had hijacked 130 high-profile accounts — including those of Barack Obama, Elon Musk, and Apple — and used them to run a Bitcoin scam. The breach didn't start with a

Carl B. Johnson Dec 20, 2020 7 min read
Zero Trust

What Is Zero Trust? A Practical Guide for 2021

The SolarWinds Hack Just Proved Your Perimeter Is an Illusion As I write this in December 2020, we're watching the SolarWinds supply chain attack unfold in real time. Threat actors — likely nation-state sponsored — compromised a trusted software update to infiltrate the U.S. Treasury, the Department of Commerce,

Carl B. Johnson Dec 12, 2020 7 min read