Author: Bob Covello

Nearly four years ago, the Department of Defense released the Cybersecurity Maturity Model Certification (CMMC). This was created as a complement to NIST SP 800-171 , which focused on protecting Controlled Unclassified Information (CUI). If you are unfamiliar with what constitutes CUI, the simple way to think of it is to apply the broadest terms of privacy to any information that relates to any government relationship with a company. For example, any information related to general privacy, contract details, and law enforcement all fall under the definition of CUI. Each government agency has...

Cyber Security Awareness Month kicked off its nineteenth anniversary this year. One would hope that after nearly two decades, this would be a time to celebrate, however, the outlook is not as bright as one would expect. There are so many aspects of cybersecurity that have been promoted to make the world a safer place, but one that stands out as the largest failure seems to be the use of password managers. Digital password managers have existed for more than 25 years, starting with Bruce Schneier’s Password Safe program that was originally released in 1997, and updated to an open source project...

Patience is one of those time-dependent, and often situational circumstances we experience. Few things define relativity better than patience. Think of the impatience of people who have to wait ten minutes in a line at a gas station, yet the thought of waiting ten minutes for a perfectly brewed cup of coffee seems entirely reasonable. It can’t be about the cost, since even the smallest cup of coffee is equal to, if not more expensive than a gallon of gasoline. It’s all about the time you are willing to wait. Impatience with technology is legendary. We have all grown frustrated if a piece of...

The past few years have been among the most challenging for most businesses. Lockdowns, staff reductions, and reduced revenues resulted in the demise of many businesses. For those who remained, the new onuses brought about by supply chain concerns and inflation present even greater reasons for maximum resilience in order to survive. With all the physical challenges of running a business, it is equally important for businesses to revisit their cybersecurity preparedness to make sure that they can best protect the valuable information that keeps the business running. Perhaps the biggest threat...

Back in 2015, we published an article about the apparent perils of driverless cars. At that time, the newness and novelty of sitting back and allowing a car to drive you to your destination created a source of criminal fascination for some, and a nightmare for others. It has been eight years since the original article was published, so perhaps it is time to revisit the topic to see if driverless cars have taken a better direction. When the concept of driverless cars was introduced, the pressing questions that surrounded the topic ranged from liability concerns, vulnerabilities leading to...

Most cybersecurity professionals will often try to cybersplain the importance of protection to their friends. In most social circles, many of the businesses that people work in are small businesses. Perhaps you are the owner of a small delicatessen, a dry cleaner, or you run a yoga studio, or some similar individually owned operation. Many of these small business owners will respond to cybersecurity conversations with either the resignation that they can’t afford protection or worse, a shrug and a comment that their business is too small to be an attractive target. Both of these assumptions...

Back in 2015, we published an article about the third party risks that are introduced into a home network. Now, eight years later, it is a good time to revisit the landscape of the home network. If we think about the technology in most homes in 2015, it was fairly sparse, consisting only of a router with an internet connection. The speed of most home internet connections was well below 100Mbps. It was surprising to realize that even in those early days, there were more connected devices than most people could reasonably manage. Most home tech support consisted of a technician who would come...

When it comes to acronyms, Technology and Cybersecurity often rival various branches of government. Technology acronyms are usually somewhat bland, amounting to little more than the arcane argot of the profession, such as SOC, SIEM, and DNS. Government, however, rarely disappoints in its inventiveness, whether it is the acronym of the Puppies Assisting Wounded Servicemembers (PAWS) for Veterans Therapy Act, or the more recent proposal towards Stopping Another Non-Truthful Office Seeker (SANTOS) act, named after embattled US House of Representatives member, George Santos. Sometimes, even...