HORNE Cyber Executive Insights Blog

Topic:

Show All

Brad Pierce

Brad is the director of network security for HORNE Cyber where he focuses on leading the advanced penetration testing teams. Brad has more than 10 years of experience in network deployment, management, support and security.
Find me on:
 

Recent Posts

Dec 10, 2019 6:30:00 AM

Cyber 2020: The Year of Situational Awareness

Situational Awareness: words that were ingrained in my psyche during my years in the military. The phrase is simply defined as, “the perception of environmental elements and events with respect to time or space, the comprehension of their meaning, and the projection of their future status.” By gaining situational awareness, IT teams can begin to form an idea of how an environment should be securely maintained and how it will likely evolve in the near future. Additionally, enhanced situational awareness will likely allow organizations to see a more logical approach to anticipating the future trends in cybersecurity as a whole.

Topics: cybersecurity, ransomware, the cloud

Nov 15, 2019 6:30:00 AM

Friday Brief: The End is Near, Windows 7 End of Support

This year, Microsoft announced End of Support for Windows 7 will begin on January 14, 2020. As we approach the new year, organizations still running Windows 7 should – if you haven’t already – prepare to transition to Windows 10. What does End of Support mean, exactly? End of Support has occurred for previous versions of Windows over the years. Simply put, if your organization continues to use Windows 7 after January 14, 2020, Microsoft will no longer provide technical support, software updates, or security updates. This will *not* cause your machines still running Windows 7 to quit working; however, these machines *will* “become more vulnerable to security risks.

Topics: Software End of Support

Jan 24, 2019 9:30:00 AM

What's Missing from Your Security Strategy?

I have seen that there’s often a flaw in logic with organizations when it comes to cybersecurity. The market has been flooded with products and services that “AUTOMAGICALLY” take care of security and stop attackers. That’s right, “automagically.”

Topics: Executive Insights

Oct 3, 2018 8:55:29 AM

What Cyber Insurance Is Not

The topic of cybersecurity insurance seems to be on the radar of most organizations I speak with. There are a lot of questions around how much coverage is needed and what exclusions one should be on the lookout for when purchasing a policy. I usually try to use this as an opportunity to talk about what a cyber insurance policy is not, and I’ll get to that later.

Topics: Cyber Insurance

Mar 6, 2018 10:30:00 AM

Choosing the Right Security Option for Your Organization

Cybersecurity in layers has been the go-to security model for some time now. There’s no one solution that will properly secure your organization’s network and sensitive information. In today’s environment, it takes an orchestra of teams, tools, and active threat detection and prevention operations to properly secure your organization from an attacker. It has become very clear that traditional layers, such as anti-virus, firewalls and monitoring tools, are just not enough. Attack emulation is a critical security layer that not only focuses on known vulnerabilities but also shows what a real attacker could do to your organization. If you are serious about finding your organization’s security weaknesses and resolving them, you’re likely going to need help from a third-party.

Topics: Penetration Testing, cybersecurity, advanced penetration testing, Security Budget, Executive Insights, Good Enough Cybersecurity

Jun 13, 2017 10:03:00 AM

Why an Engaged C-Suite Matters in Improving Cyber Security

In a recent article, I talked about how the C-Suite can get past not being technical and take an offensive mindset to cyber security. I think the big message there was to get involved. Part of an organizations IT leadership and consultant’s responsibility is to provide logical explanations of the threats and vulnerabilities that exist and how they can impact confidentiality, integrity, and availability of an organization’s operations, and the C-Suite should want to hear about it. It’s also important to understand the level of effort it takes from your team to mitigate and remediate threats and vulnerabilities so that you can begin to evaluate if you need to make a decision such as realignment of staff or finding a 3rd party partnership.

Topics: Executive Insights

Mar 9, 2017 9:42:19 AM

Why "I'm Just Not Technical" is No Longer an Excuse in the C-Suite

I cannot tell you how many board presentations and meetings I have been in and heard "I am just not technical". Not being “tech savvy” is no longer a valid excuse to not understanding the threats your organization faces and what needs to be done to provide protection. If you are in the budgeting, decision making or approval process of technology in your organization, you have no choice.

Topics: cyber risk

Feb 9, 2017 9:50:52 AM

You've Been Breached. Think It Won't Happen Again?

There’s a popular saying in the cybersecurity space, “There’s two types of organizations, those that have been breached and those that don’t know they’ve been breached.” In working with organizations that know they’ve been breached, I’ve noticed a very alarming fact. It’s not their first breach! This left me wondering why and how? How can an organization suffer from one breach and have a second or third similar breach? What did they not learn from the initial breach that would leave them vulnerable to similar subsequent breaches? One of the common themes we see is that they “handled” the first breach themselves or they hired a security consultant with little to no experience in incident response that focused on recovery and not fully understanding how the attack was carried out. This is a very scary reality that we are seeing more and more daily. 

Topics: incident response

Dec 8, 2016 10:00:00 AM

What Should You Learn From Your Penetration Test?

Having a true advanced penetration test performed on your organization’s infrastructure is one of the fastest ways to gain valuable insight on the state of your security posture. It provides quick situational awareness around where your weaknesses are and *should* provide you with a roadmap on how to approach remediation. In working with clients, one thing we are realzing is that many of our clients believe they have been getting an "advanced penetration test" for years, when in fact they have not. Below are a few hints on how to know if you are truly getting a penetration test worth value to your organization. 

Topics: Penetration Testing, cybersecurity, advanced penetration testing

Cybersecurity has quickly become one of the biggest risks in business today. We uncover vulnerabilities others miss and then guide you to the next steps.

Sign Up Now

Clients rely on HORNE Cyber to build their cyber resilience. HORNE Cyber's offense-oriented approach to cybersecurity uncovers hidden cyber risk and significantly reduces exposure to security threats, allowing clients to stay compliant with ever-growing regulations and use technology as a lever for growth. HORNE Cyber is a HORNE LLP company.

Join the Conversation
Subscribe to Blogs