NIST Cybersecurity Framework

Bryan C.
The National Institute of Standards and Technology (NIST) developed a framework for improving critical infrastructure cybersecurity known as the NIST Cybersecurity Framework. It is a model used by organizations to assess and improve their capability to prevent, detect, and respond to cyber threats and incidents [1]. The framework is designed for businesses and IT professionals to accurately identify, adequately protect and detect, and efficiently and effectively respond and recover from cyber threats and incidents.

HIPAA Compliance Today

Bryan C.
In the early 1990’s, it became clear that the health care industry needed to become more efficient with medical records and patient information. Managing filing systems in healthcare practices became full time jobs for individuals, progressing to dedicated teams of employees whose sole responsibility was to manage patient information on paper. Computerizing medical records was the next logical evolution of managing medical records, but there needed to be a set of standards that governed how healthcare data should be managed.

Supply Chain Attacks

Bryan C.
A supply chain attack is a cyberattack that targets less secure elements of an organization, be it their third-party API integrations, remote manufacturing facilities, and specifically, weak networks and systems. The term “supply chain” often elicits thoughts of manufacturing processes and logistics, or the process of getting goods such as groceries from the farmer’s fields to the shelves of a grocery store. In cybersecurity, the supply chain refers to all of the above and more, including hardware and software that ends up in the hands of consumers, businesses, and governments.

Encryption and Data Breaches

Bryan C.
This is a slimmed down version of an essay written in early 2017 by Bryan for his Master of Cybersecurity degree at Purdue University. Every department store, clinic, bank, or website a person interacts with involves some form of storing of personally identifiable information. It is common for everyone to trust the organizations with whom they do business, accepting a certain level of risk by allowing those organizations to store and use their personal information.

The Bad and the Ugly - Google Sensorvault

Bryan C.
On April 18, 2019, Jennifer Lynch with the EFF (Electronic Frontier Foundation) wrote an article about Google’s Sensorvault, a database Google keeps that records location data of its users. The Sensorvault is a valuable tool for Google, and as it turns out, an invaluable tool for law enforcement as well. How? Well, it starts with what amounts to a blank search warrant that an incompetent judge signs off on, requiring Google to release data to law enforcement that spans a time period (up to about a week) and a geographic region.

IPv4 versus IPv6

Bryan C.
Internet communication would not be possible without the Domain Name System (DNS). For humans to interact with computers, there is a need for a translator that can translate human readable addresses into addresses that a computer can understand and act upon. Thus, DNS is used to translate computer readable binary into and from human readable IP addresses. DNS takes the process a step further by having records associating IP addresses to their respective common language addresses.

Sarbanes-Oxley Act

Bryan C.
This is a slimmed down version of an essay written in early 2017 by Bryan for his Master of Cybersecurity degree at Purdue University. The stock market crash of 1929 that led to the Great Depression of the early 1930’s also led to the creation of the Securities Exchange Act of 1934 [4]. From the Securities Exchange Act came the Securities and Exchange Commission (SEC) tasked with not only restoring confidence in the financial markets, it defined and enforced laws regarding investments in publicly traded companies, specifically, the placement of investors first above the needs and owners of the business [4].

Mesh vs. Extended WiFi Networks

Bryan C.
About a week ago, Sean Flynn, a contributing writer for Deal News, wrote a short article with the title What is a Mesh WiFi Network?. The article is definitely short, and slightly inaccurate in its definition of extended WiFi networks, and wholly misleading on the context of mesh WiFi networks. To ensure folks understand the differences between the two and why both exist, let’s define what each of these are, their pros and cons, and in what environments they are suited for.

Software Defined Networking

Bryan C.
Here’s a scenario: You’ve just received a request from the development team that the testing virtual machine (VM) needs to “move” to the production environment network immediately to support faster deployment of tested and approved applications and updates. No big deal right? It’s a simple process of changing the VM’s IP configuration, updating some firewall rules in the data center, updating the local network, and do it all in the time the development team allotted during business hours.

The IT Generalist

Bryan C.
I’ve spent the last ten years of my life becoming fully involved in Information Technology. I started my Bachelor’s degree in IT around April of 2009, unclear what direction I would take, only knowing that I would complete my degree as quickly as possible to become better employable, and hopefully secure my future. Early on in my studies, I became fascinated with databases - construction, querying, and the power they have on the modern world.