Apr 25, 2019 9:00:00 AM

Cybersecurity in the City: What You Need to Know

Last week, HORNE Cyber, in partnership with Willis Towers Watson Nashville, hosted a cybersecurity seminar at the Franklin Marriott Cool Springs in Franklin, Tennessee. This seminar featured a unique series of presentations given by renowned subject matter experts. Topics included offensive security testing (ft. a live hacking demo!), incident response planning, how company culture impacts cyber risk, and today’s threat landscape.

Topics: Executive Insights

Jan 24, 2019 9:30:00 AM

What's Missing from Your Security Strategy?

I have seen that there’s often a flaw in logic with organizations when it comes to cybersecurity. The market has been flooded with products and services that “AUTOMAGICALLY” take care of security and stop attackers. That’s right, “automagically.”

Topics: Executive Insights

Jan 3, 2019 9:30:00 AM

Our 5 Most Read Blogs of 2018

As we transition into the new year, we look back at 2018… from previewing DEF CON and Black Hat USA talks to cryptocurrency mining and blockchain, our readers, clients, friends, and teammates gave us a space to discuss the latest in cybersecurity. For this, we thank you!

Topics: ransomware, black hat USA, SOC for Cybersecurity, Executive Insights, DEF CON

Oct 31, 2018 9:30:00 AM

Cybersecurity Lessons from WWII Propaganda

In honor of National Cybersecurity Awareness Month, let's look at how principles from World War II propaganda can teach us valuable lessons in the way we treat cybersecurity today.

Topics: Executive Insights

Oct 15, 2018 9:00:00 AM

Attack Surface Ep. 1: Three Strategic Investments for Your IT Shop

Join HORNE Cyber’s marketing director, Ashley Madison, as she sits down with Mike Skinner and Brad Aldridge to discuss “Three Strategic Investments for Your IT Shop” on Episode 1 of Attack Surface: The Cybersecurity Podcast for the Want-To-Know Organization.

Topics: Executive Insights, Podcast

Mar 13, 2018 9:09:30 AM

High Expectations for Service, With Reverse Engineering

A cornerstone of a cybersecurity firm is in their “reverse engineering” capability. It is a necessary part of responding to breaches, keeping up with the state-of-the-art in threats, and enhances the coverage of penetration testing and red-team engagements. While it separates leaders from followers in the industry, very few business stakeholders have had the opportunity to learn what “reverse engineering” means, how it can be a measure of a security service provider’s capability, and how such services can directly benefit an organization.

Topics: digital forensics, Penetration Testing, data security, cybersecurity, information security, ransomware, advanced penetration testing, incident response, Malware, Executive Insights

Mar 6, 2018 10:30:00 AM

Choosing the Right Security Option for Your Organization

Cybersecurity in layers has been the go-to security model for some time now. There’s no one solution that will properly secure your organization’s network and sensitive information. In today’s environment, it takes an orchestra of teams, tools, and active threat detection and prevention operations to properly secure your organization from an attacker. It has become very clear that traditional layers, such as anti-virus, firewalls and monitoring tools, are just not enough. Attack emulation is a critical security layer that not only focuses on known vulnerabilities but also shows what a real attacker could do to your organization. If you are serious about finding your organization’s security weaknesses and resolving them, you’re likely going to need help from a third-party.

Topics: Penetration Testing, cybersecurity, advanced penetration testing, Security Budget, Executive Insights, Good Enough Cybersecurity

Oct 3, 2017 10:26:00 AM

The Cybersecurity Industry: Ignorance is Bliss

As I’ve pointed out before, the greatest threat to cyber security that organizations face today is the cybersecurity industry itself. I’ve long noticed that every business advisory firm in the country is now offering “penetration testing”, even as a critical industry talent shortage points to that not being possible. All you have to do now is buy a $2000 license for a vulnerability scanning tool, send an employee to a two-week training, and BOOM you have a “penetration tester.” 

Topics: Executive Insights, Good Enough Cybersecurity

Jun 13, 2017 10:03:00 AM

Why an Engaged C-Suite Matters in Improving Cyber Security

In a recent article, I talked about how the C-Suite can get past not being technical and take an offensive mindset to cyber security. I think the big message there was to get involved. Part of an organizations IT leadership and consultant’s responsibility is to provide logical explanations of the threats and vulnerabilities that exist and how they can impact confidentiality, integrity, and availability of an organization’s operations, and the C-Suite should want to hear about it. It’s also important to understand the level of effort it takes from your team to mitigate and remediate threats and vulnerabilities so that you can begin to evaluate if you need to make a decision such as realignment of staff or finding a 3rd party partnership.

Topics: Executive Insights

May 30, 2017 10:11:00 AM

Cyber Security Silver Bullet: If It Seems Too Good to be True, It Probably Is

I’ve said it before and I’ll keep on saying it: The greatest threat to cyber security could likely be the cyber security industry itself and the “good enough” mindset.

Topics: Executive Insights

May 23, 2017 10:14:00 AM

There’s Simply No Such Thing as “Good Enough” in Cyber Security

History tells us that there comes a time when almost every new innovative service starts to lose ground to a “good enough” competitor.  In fact, many of the products that we buy are much cheaper than the original models, because competitors cut corners to make something that is good enough to fit our needs at a cheaper price. As a director of operations, I can fully appreciate a lower priced option that still fits the needs of my organization.

Topics: Executive Insights