ProCircular Information Security Experts Corner

Zach Zaffis

Recent Posts

Risk Rolling: Don’t Let Your Business Roll the Dice with Risk

Posted by Zach Zaffis on May 8, 2020 3:27:04 PM

New to the world of cybersecurity and wondering where to even begin? Ever wonder what it takes to become a professional hacker? Varying levels of IT knowledge and understanding? Everybody must start somewhere, and here is your chance! Reimagine your career as an Information Security Specialist and stop wasting your time with "what ifs." Allow yourself to grow and shine in a field that you are passionate about. Outreach your potential with this fantastic new course!

Read More

Topics: Cybersecurity, Information Security, risk

Remote administration for the security minded

Posted by Zach Zaffis on Feb 13, 2020 2:44:27 PM

Here’s a quick one for all of the administrators and security practitioners. There’s no shortage of third-party programs designed to do remote desktop management and support. And while sure, many of them are secure, the ones we find in use most often are not. The reason being, they tend to be low or no cost solutions. Now, I’m not one to say that security should always be spendy, but let’s be honest, a lot of the time tools are an investment that management is not always willing to invest in. More often then not when we hit a business that is using VNC as their de facto remote management and support tool, the reason behind it is; “Well, it’s free, and we can shadow and control other machines with it for support calls.”

Read More

Topics: Cybersecurity, Network Security, Information Security

Employee Buy-in: Reaching the Unreachable

Posted by Zach Zaffis on Sep 9, 2019 11:02:00 AM

In security, it’s often said that you will have little success within an organization if you do not have buy-in from management. However, there’s a larger group that is often-overlooked though critical to a successful security program. And they impact all aspects of your security posture. That group, of course, is the end users.

Read More

Topics: Cybersecurity, Data Security, Security Awareness Training

Gone Phishing: Training your users to work your phishing boats

Posted by Zach Zaffis on Aug 26, 2019 12:41:00 PM

We’ve all heard of (or worse been part of) a company with a super strict security team. If you fall for a phishing campaign, you need to report in person to the security department, where they ridicule or chastise you for your error, make you take remedial phishing training, and complete an online test, or worse, revoke your network credentials for a period. While this may be effective from a security standpoint, it’s detrimental to the overall health of the security program. See, presenting a punitive result from an action that is, to the end users’ perspective, simply trying to get their work done doesn’t foster knowledge or understanding: it’s simply an attempt at conditioning. This often creates a negative response and image for the security department - both from an interpersonal perspective, but also from a business perspective.

Read More

Where the Holes Aren't

Posted by Zach Zaffis on Jul 16, 2019 11:19:00 AM

Let’s just say there’s a lot to learn from history without quoting Sun Tzu… again. Especially in information and cybersecurity. While much of the birth of cyber realm revolves around the military - many of the members of our community are current or former members of various armed forces - many of us still refer to the military influence of old when working through our business planning and various actions revolving around cybersecurity. A great example is the common use or reference to Boyd’s OODA (Observe–Orient–Decide–Act) loop flow chart in both attack and defensive security applications. In sticking to a military theme, I want to touch on a story from World War II and its applicability in today’s modern cybersecurity world.

Read More

Topics: Cybersecurity, Network Security, Information Security, Penetration Testing

ProCircular is a Full-Service Information Security Firm

We are passionate about helping businesses navigate the complex world of information security, and our blog is another great source of inforamtion. We can assist you no matter where you are in your security maturity journey:

  • Breached or hit with ransomware?
  • Don't know where to start? 
  • Looking to confirm your security with a third party?

Secure your future with ProCircular.

Recent Posts

Subscribe to Email Updates