modernciso.com | Page 0 of 0 | Fresh Thinking for the Modern CISO

Challenges of a New CISO: The First Year

The first year as a new CISO can be exhilarating and at times downright frightening. You have a lot to prove and minds to win over, but you also have the opportunity to start fresh and make a big impact. Early on, the emphasis is on learning the lay of the land of...

Microsoft Passwordless Authentication 101

Passwords have long been a daily part of our lives, but in today's modern, cloud-first world the use of passwords alone leaves us increasingly more vulnerable to compromise. Large-scale data breaches are being reported more and more frequently in the media with more...

You Suck at Office 365 Logging

One of the misconceptions about cloud services is that you have to surrender all control when you sign-up. While it is true that you may no longer have racks of servers with blinking lights humming away in your data center, it doesn’t mean that you no longer have any...

Tips From Over A Decade of Working Remotely

The presence of COVID-19 has led to some unprecedented times. With a large portion of the workforce now working from home, there are numerous security implications that arise. Our previous post is an extensive FAQ that covers everything you need to know about the...

Microsoft Type 1 Font Parsing Critical 0-Day Remote Code Execution Vulnerabilities

Summary On March 23rd, 2020 Microsoft publicly disclosed the existence of two critical 0-Day vulnerabilities in all recent versions of the Microsoft Windows operating system. Microsoft is aware of limited targeted attacks that leverage these 0-Day vulnerabilities and...

Cybersecurity Concerns with COVID-19

We are having increasing numbers of conversations with clients about cybersecurity and business continuity challenges resulting from the rapid adoption of work-from-home scenarios to combat the spread of COVID-19. Clients are interested in cybersecurity policy updates...

Security Advisory: Microsoft Server Message Block 3 (SMBv3) Remote Code Execution Vulnerability

Updated on March 12th, 2020: to reflect that Microsoft has now made a patch for the vulnerability available. As such, we’ve updated the advisory reflects updated mitigations. Summary On March 10th, a critical Remote Code Execution (RCE)...

5 Ways to Up Your Threat Management Game

Good security programs start with a mindset that it's not about the tools, it's what you do with them. Here's how to get out of a reactive fire-drill mode with vulnerability management. The basis of a good security program starts with a mindset that it's not about the...