March 30, 2023

Types of Live-Fire Exercises

What is a Live-Fire Cybersecurity Exercise? A type of cybersecurity exercise known as a live-fire exercise (LFX) is a controlled, real-world simulation of a cyberattack where an organization's cybersecurity team actively responds to a simulated threat. This practice allows teams to assess their preparedness, identify weaknesses, and improve their response capabilities. By simulating a real cyberattack, teams can evaluate their defenses and tactics, learn from their mistakes, and refine their strategies.


March 28, 2023

How to Build an Elite Cyber Ops Team

In the rapidly evolving digital landscape, cyber threats are becoming more sophisticated daily. As a result, organizations are under increasing pressure to build and maintain effective cybersecurity teams.


March 24, 2023

PTP - The Tri-Factor Approach to Cybersecurity: People, Technology, and Procedures

Cybersecurity has become an increasingly critical aspect for businesses of all sizes and industries. To ensure the protection of sensitive data, companies must invest in people, technology, and procedures. In this article, we will discuss the top 8 reasons why investing in people, technology, and procedures is important for cybersecurity and how money can be saved without risking a reduction in security.


March 21, 2023

Cybersecurity Hygiene Tips for Individuals and Organizations

Just like brushing your teeth twice daily to prevent tooth decay, cybersecurity hygiene refers to the small but critical daily practices individuals and organizations can take to counter cyber threats. With global reports citing a 38% increase in cyber attacks in 2022 from 2021, everyone must practice good cybersecurity hygiene to protect against potential data breaches, identity theft, and other malicious activities. Cybersecurity is not only the responsibility of the IT team but of everyone in every department. In this blog post, we will explore some practical tips that individuals and organizations can follow to enhance cybersecurity hygiene.


March 16, 2023

The Importance of Government-Grade Cybersecurity in the Face of State-Based Threats

A seismic shift has shaken the foundations of the global cybersecurity threat landscape in the last year. Russian cyber aggression against Eastern Bloc infrastructure has given rise to increasingly sophisticated adversary techniques. Cybersecurity giant Mandiant said Russian cyber operations since the start of the Ukraine war have greatly increased in frequency, with nation state-backed cyber-attacks against critical infrastructure doubling in the past 12 months.


March 14, 2023

Cyber Ranges: Aim for Success March Madness Style

It’s that time of year again… March Madness is officially here! Today, I’m going to talk about what sets teams up for success in the Big Dance and how you can learn from that when thinking about how to train and prepare your cybersecurity teams to go up against advanced cyber threat actors. We all want the perfect tourney bracket, but know it’s probably not going to happen. Let’s take that same energy and effort and strive for perfection in our cybersecurity practices!


March 13, 2023

ZTA V. Open Trust models, What’s the Score?

In light of the DOD's broadly announced adoption of "zero trust" and the numerous articles about risk reduction and implicit trust, it is worth taking some time to examine the two dominant philosophies in the space. Zero Trust Architecture (ZTA) and Open Trust security models are juxtaposed methodologies.


March 9, 2023

Cyber Frameworks for the C-Suite

Cyber frameworks are a collection of best practices designed to provide a high-level overview of cybersecurity. Most CISOs use one or a combination of these frameworks to develop their cybersecurity strategies and map testing validation results for driving improvements. NIST Cybersecurity Framework (NIST CFW) and the MITRE ATT&CK Framework are the most common cybersecurity frameworks. The NIST CSF and the MITRE ATT&CK frameworks are essential tools for managing cybersecurity risks, but they differ in scope and focus. As a C-Suite executive, what should you know about the NIST Cybersecurity Framework and the MITRE ATT&CK Framework, and why each matters? Here are some key points C-Suite executives should know about each framework.


March 6, 2023

Cyber Readiness on the Eastern Front

In my lifetime, four significant events have changed my perspectives on what security means in the European theater. These events profoundly impacted how we view safety, security, and risks to our nations, economies, and defensive strategies.


March 1, 2023

Women in Cybersecurity 2023

The Pivotal Moment In February 2020, at the beginning of the COVID-19 pandemic; I had been monitoring countries mandating masks, companies restricting building access, shipping and receiving docks globally were quickly becoming uninhabited, and major cities were sheltering in-place, street signs were signaling to nothing.


February 27, 2023

What is a Cyber Range?

Cybersecurity is a rapidly changing field, with new threats and vulnerabilities emerging daily. As such, it’s critical for individual practitioners and cybersecurity teams to stay abreast of the latest developments in the security space and keep up-to-date on the latest techniques and best practices for protecting against cyber attacks. This is where a cyber range can be an invaluable tool to cybersecurity organizations.


February 23, 2023

Preparing Critical Infrastructure for the Cyber Battlefield

Watching Red and Blue cyber teams go up against each other continues to be one of the most fascinating aspects of cyber operations. While the scope of duties, responsibilities, and capabilities these teams represent is relatively consistent across organizations, the way individual teams implement tactics and responses can vary widely. Over the last six months, I've been fortunate to observe a few large-scale cyber range exercises involving significant enterprises. Some with multiple teams engaging against each other using common external attackers (both automated and live Red teams). The key to “winning” these exercises is how successful teams prepare for the battlefield.