Jeff Schroeder

Recent Posts

The State of Cybersecurity: Some Alarming Statistics

Posted by Jeff Schroeder on Aug 10, 2016 3:19:29 PM


(ISC)2 recently released a report based on the survey results of a targeted pool of executive-level government officials and contractors with the goal of reporting on the state of cybersecurity in the Federal Government. The individuals surveyed are accountable for enterprise-wide security and the key findings from the report paint a rather bleak picture for the federal workspace. While some federal entities protect their assets better than others, it’s hard not to feel like cybersecurity is still consistently put on the back burner when budgets get tight and hard decisions have to be made.

Read More

Topics: cybersecurity

Law Firms Continue to be Targeted by Cyber Criminals

Posted by Jeff Schroeder on May 6, 2016 4:33:00 PM


A list recently compiled by the cyber threat intelligence company Flashpoint (via Crain’s Chicago Business) reveals that law firms are not immune to cyber threats and are indeed active targets for today’s cyber criminals. Since January 2016, 48 elite law firms have been targeted by the criminal “Oleras” and his (or her) gang members attempting to access confidential client information for use in insider trading plots. While there has yet to be any indication that the hackers were successful, it raises the question of when law firms will be held to the same (or any) standards that are starting to be applied to other industries.

Read More

Topics: Security Assessment, policy, Data Breach

Why Is Vulnerability Management So Hard?

Posted by Jeff Schroeder on Jul 16, 2015 2:06:00 PM
Keyboard with red shieldWhat is it about Vulnerability Management (VM) that proves so difficult for organizations to implement and maintain? We continuously see companies stumble over some of the most basic principles of applying patches on any sort of routine schedule, much less identifying misconfigurations, policy noncompliance, or other issues within the environment. Organizations continue to do ‘check the box’ security in which they can honestly say “we perform vulnerability scanning” yet when you look at a vulnerability report, it has thousands, if not tens of thousands of vulnerabilities dating back years (and in some cases a decade or more). They don’t have a program, they have a tool.

“99.9% of the exploited vulnerabilities had been compromised more than a year after the associated CVE was published.”

Read More

Top 3 Leadership Pitfalls in a Security Operations Center

Posted by Jeff Schroeder on Mar 9, 2015 8:51:00 PM

 Security Operations Centers (SOC) provide businesses with the ability to see what’s going on in order to respond accordingly. SOC teams rely on the ability to learn skills and processes on-the-fly to meet expectations from stakeholders across the business and combat an ever evolving persistent cyber threat. One of the critical contributors to any SOC’s success is skill availability. While technical experts and vendors have done great work building cybersecurity solutions, a SOC is nothing without the right people.

Read More

Topics: Security, Security Leadership, Security Operations Center, SOC

Why Security Assessments are More Important than You Think

Posted by Jeff Schroeder on Feb 13, 2015 8:56:00 PM

Throughout my time as a security practitioner I’ve had the pleasure of working with security conscious customers stretching across almost every vertical market segment. Something I see time and again is small, medium, and large businesses struggling to implement the fundamental basics of cybersecurity. The greatest source I contribute to this problem is that businesses often believe that they are implementing the appropriate protective measures that will effectively managing risk when in fact- they are not.

Read More

Topics: Security Assessment