06 Nov

Now’s the Time to Plan Your iManage Work 10 Upgrade

In the nine months since iManage 10 was released, there’s been a lot of curiosity and excitement about the New Professional Experience and the new iManage Cloud. Whenever I demo the New Professional Experience, attorneys tell me it is very intuitive and they can see the value of using it in addition to the traditional Read more…

15 Jun

Offensive Security Certified Professional (OCSP) Course Recap

Offensive Security Certified Professional (OSCP) is an advanced certification in penetration testing. According to Offensive Security, an OSCP “has demonstrated their ability to be presented with an unknown network, enumerate the targets within their scope, exploit them, and clearly document their results in a penetration test report.” The title is not given lightly. Becoming an Read more…

15 May

Defend Yourself Against the Next WannaCry With Vulnerability Scanning and Patch Management

A widespread ransomware campaign is affecting a large number of organizations across the globe. Currently, tens of thousands of infections have been reported in as many as 74 countries, including the United States, United Kingdom, Spain, Russia, Taiwan, France, and Japan. The malicious software can run on 27 languages, allowing it to spread widely. If you are Read more…

09 May

Best Practices for Passwords

Passwords are annoying. These days we need a password for every aspect of our lives, and an effective password can be difficult to create. Once we’ve come up with a password, we can be reluctant to update it for months, even years. For a long time, some have argued for the need for longer passwords over Read more…

09 May

What I Learned in Security Essentials Bootcamp

When it comes to security, it’s easy to fall into the trap of delegating everything to security professionals. Ultimately, a firm cannot successfully protect itself without everyone’s cooperation, from the CEO to the secretaries. At the beginning of the year, I attended SANS SEC401 (Security Essentials Bootcamp Style), and I have to say, I was impressed. Read more…

06 Feb

Shmoocon 2017: Threat-Casting, Fake News, and Ransomware

Good luck getting in So, you want to go to ShmooCon?  You better start planning now. This conference is harder to get into than your favorite music artist’s concert.  The conference is affordable, but tickets are extremely limited. You have to be prepared if you want to get one. Here are the stats on ticket Read more…

29 Sep

Ransomware and HIPAA- What Business Associates Need to Know

Have you recently signed a Business Associate Agreement? Friday, 3:30pm. Your helpdesk technician calls and, in a slightly panicked tone, tells you that the firm has a ransomware outbreak. You ask a series of questions: Whose computers are affected? Did they crypto lock client information? Can you tell if any data was taken from the Read more…

01 Jun

Learning to Hack: My Experience with SANS SEC560, Network Penetration Testing and Ethical Hacking

You might be surprised to learn that there are accredited classes out there that will teach you how to break into computer systems and networks. I recently had the opportunity to attend the six day SANS SEC560: Network Penetration Testing and Ethical Hacking class here in New York. Here is what I learned. It’s important that security Read more…

29 Sep

Security Best Practices: Tricks Attackers Use

In my last post, Security Training: Why Learning Security Best Practices is in Everyone’s Best Interest, I detailed the importance of security training, including the necessity of being taught to “think before clicking” on malicious links and how a security breach can have horrifying effects on your organization’s productivity. In case your organization chooses to forgo the formal training, this Read more…

  1. 1
  2. 2
  3. 3
  4. 4
  5. 5