Tag

Zero Trust

Understand the Zero Trust security model, which operates on the principle of never trust, always verify. Posts cover Zero Trust architecture, identity verification, micro-segmentation, least-privilege access, and practical steps for implementing Zero Trust frameworks across enterprise environments.

posts

Remote Work Cybersecurity Tips

Remote Work Cybersecurity Tips That Actually Work

The Largest Unplanned Security Experiment in History In March 2020, roughly 16 million U.S. knowledge workers shifted to remote work within two weeks. That's not a migration. That's an evacuation. And like any evacuation, people grabbed what they could and ran — personal laptops, home Wi-Fi

Carl B. Johnson Nov 08, 2020 6 min read
Work From Home Cybersecurity

Work From Home Cybersecurity: A Practical Guide

In April 2020, the FBI's Internet Crime Complaint Center reported it was receiving between 3,000 and 4,000 cybersecurity complaints per day — a roughly 400% increase from pre-pandemic levels. The single biggest catalyst? Millions of employees suddenly working from home on networks and devices that no corporate

Carl B. Johnson Nov 08, 2020 7 min read
VPN Best Practices

VPN Best Practices: What Actually Protects You in 2026

In early 2024, Ivanti disclosed critical vulnerabilities in its Connect Secure VPN that were already being actively exploited by threat actors — including nation-state groups. CISA issued an emergency directive ordering federal agencies to disconnect affected devices within 48 hours. It was a brutal reminder: a VPN isn't a

Carl B. Johnson Nov 08, 2020 7 min read
Cybersecurity Policy for Employees

Cybersecurity Policy for Employees: A Practical Guide

In 2023, MGM Resorts lost an estimated $100 million after a threat actor social-engineered a help desk employee using information scraped from LinkedIn. One phone call. One employee without clear verification protocols. That's all it took to shut down slot machines, hotel key cards, and reservation systems across

Carl B. Johnson Nov 08, 2020 7 min read
Cloud Security Best Practices

Cloud Security Best Practices That Actually Stop Breaches

A Single Checkbox Left 100 Million Records Exposed In 2019, a former cloud engineer exploited a misconfigured web application firewall at Capital One and accessed over 100 million customer records stored in AWS S3 buckets. The breach cost Capital One over $270 million in settlements and remediation. The root cause

Carl B. Johnson Nov 04, 2020 7 min read
Cloud Storage Security Risks

Cloud Storage Security Risks Your Team Is Ignoring

The Misconfigured Bucket That Exposed 540 Million Records In 2019, researchers at UpGuard discovered that Facebook app developers had stored hundreds of millions of user records in Amazon S3 buckets with public access enabled. No hacking. No zero-day exploit. Just a misconfiguration checkbox that nobody reviewed. That single oversight sits

Carl B. Johnson Oct 27, 2020 7 min read
Securing Cloud Applications

Securing Cloud Applications: A Practical Guide for 2026

The Misconfiguration That Exposed 100 Million Records In 2019, Capital One learned the hard way that a single misconfigured web application firewall in AWS could expose the personal data of over 100 million customers. The breach cost the company more than $270 million in fines and remediation. That incident wasn&

Carl B. Johnson Oct 27, 2020 7 min read
Shadow IT Risks

Shadow IT Risks: The Hidden Threat Draining Your Budget

Your Employees Already Built a Second IT Department A marketing manager signs up for an AI writing tool using her corporate email. A sales rep stores client contracts in a personal Dropbox. An engineering team spins up an AWS instance without telling anyone. None of these people are malicious. Every

Carl B. Johnson Oct 27, 2020 7 min read
SaaS Security Best Practices

SaaS Security Best Practices to Protect Your Stack

The SaaS Sprawl Nobody's Watching In 2023, a single misconfigured Salesforce Community site exposed sensitive health records from a government agency in Vermont. The data was public for months before anyone noticed. The application wasn't hacked in any traditional sense — it was simply left open because

Carl B. Johnson Oct 27, 2020 8 min read
Mobile Device Security Policy

Mobile Device Security Policy: What Yours Is Missing

A Single Lost Phone Cost This Company $3.3 Million In 2023, the healthcare provider Yakima Valley Memorial Hospital disclosed a data breach where a security guard used login credentials on a personal mobile device to access the records of over 400 patients. That incident triggered an OCR investigation, reputational

Carl B. Johnson Oct 27, 2020 7 min read