A major Communications & Media company faced a large number of long-lived vulnerabilities in their service delivery network for which the asset owner was unknown. Without an asset owner for whom to turn for remediation, each day the situation was going from bad to worse. Their existing manual ownership identification processes were hopelessly overwhelmed by […]
Read MoreIn 2023, DayBlink Consulting made substantial contributions to our local communities, with our team dedicating over 300 hours of volunteer service. This commitment led to $25K+ in donations and $40K+ in pro bono services delivered to organizations, enriching the communities we hold dear. Follow the link to explore the breadth of our involvement and its […]
As the story goes, and more recently popularized in the movie The Founder, Ray Kroc was speaking to a class at Harvard when asked “What business is McDonalds in?” “Restaurants!” “Hospitality!” “Supply Chain!” “Franchising!” “Entertainment!” “No!” Ray laughed and replied to each student. “Ladies and gentlemen, I’m not in the hamburger business. My business is real estate.” This […]
Vulnerability Management as a function has been around as long as we’ve had sophisticated IT and security organizations. Yet the overall scope and responsibilities of that function have morphed considerably over the past decade. Many organizations used to use a very narrow definition of vulnerability and simply compare configurations and software versions against a database […]
The average cost of a data breach in the United States is nearly 10 million dollars, the highest of any country in the world. In spite of this, the United States does not have a single comprehensive federal consumer privacy law comparable to the European Union’s General Data Protection Regulation (“GDPR”). Due to the fragmented […]
AI-assisted code development (AICD) is a powerful tool that can be leveraged in the DevSecOps cycle to increase code efficiency. However, the increased speed and capacity for development also bring new risks to organizations. While organizations that are fast adopters of this technology will have a significant advantage over their competitors, their new development capabilities […]
Starting today, the SEC’s Cybersecurity Incident Reporting rule requires all publicly traded companies to report material cybersecurity breaches within four days. Companies must include standardized information to ensure consistent reporting of these incidents to the public. Like all SEC rules, there are financial penalties for non-compliance so company leadership should know how to respond when […]
As we continue to operate in a hybrid model, organizations are stuck. Virtual is not providing a space for efficient working conditions nor growing company culture, and going into the office is creating a disgruntled employee base. While both options are optimal for some, the availability of choice has created friction. Many have landed on […]
Automation has become essential in modern SOCs to ensure efficient detection, remediation, and response to security incidents. Successful automation, however, requires a strategic approach that incorporates both technology and human collaboration. Identifying strategic elements in advance can increase your probability of success. Learn more here: Josh Tupper on Medium. About the Authors Josh Tupper is […]
A quick Google search using keywords like “how to scale identity and access” or “how to securely manage identity and access” will yield a plethora of results addressing common Identity and Access Management (IAM) challenges. Notably, many of these results are dominated by companies that offer enterprise IAM products such as SailPoint and Okta. Their […]