A major Communications & Media company faced a large number of long-lived vulnerabilities in their service delivery network for which the asset owner was unknown. Without an asset owner for whom to turn for remediation, each day the situation was going from bad to worse. Their existing manual ownership identification processes were hopelessly overwhelmed by […]
Read MoreMichael Morgenstern, a Partner at DayBlink Consulting, has spent his career navigating cyber practices, pitfalls, and opportunities in the security vulnerability space. Vulnerability reporting has built its way up from a grassroots movement, when Michael published one of the first public calls for a responsible vulnerability disclosure approach, to well resourced public and private sector […]
Modern application systems are significantly more complex than they were a decade ago. Organizations aiming to scale effectively have adopted distributed microservice ecosystems in lieu of monolithic architectures. Microservices allow organizations to deliver efficiently and decrease time to market. This is great for the customer, but innovation often comes with a tradeoff. So where is […]
DEFCON is an experience that covers a breadth of security topics from Lock Picking to International Cyber Policy and Security. After spending a jam-packed weekend in Las Vegas, the DayBlink Consulting Cybersecurity Group gathered key takeaways with security practitioners and IT executives in mind. Read more here: Zachary White on Medium About the Authors Zachary […]
On October 14th, the DayBlink Consulting team came together for the 2nd annual Harbor Day, our firm-wide day of volunteering. This year, our firm volunteered, learned, and reflected on the impact that several organizations have in their communities across the country. DayBlink Consulting thanks the following organizations for the opportunity to support their critical missions: […]
In 2021, DayBlink Consulting employees were more involved in their communities than ever before. This past year, the team donated $29,000 to over 35 of our favorite charities in addition to providing pro bono consulting services and direct volunteering. We are excited to continue donating and volunteering with these organizations and more in 2022, using […]
Given the vast amount of data the United States maintains, the federal government has a unique responsibility to secure its own IT infrastructure to minimize the potential harm from a cyber intrusion. With persistent and inventive threats from bad actors in mind, the Biden Administration announced it is moving toward a Federal Zero Trust Architecture […]
In Q4 2021, the Department of Health and Human Services (HHS) published a briefing that detailed the concept of Zero Day attacks and their recent impact on the Healthcare and Public Health sector (HPH). As one of the 16 critical infrastructure sectors designated by Presidential Policy Directive 21, implementing advanced detection and protection tactics to […]
Most sophisticated cybersecurity organizations have embraced technical controls as a management mechanism. Some organizations have even begun mandating their adoption. Forced technical controls, if integrated appropriately into the culture, can dramatically increase cyber defense capabilities as well as combat employees’ inherent resistance to change. While proactively initiating change may seem counterintuitive to creating a strong […]
This October, the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) published the first of a four-part series of position papers called “Security Guidance for 5G Cloud Infrastructure.” The first part, “Prevent and Detect Lateral Movement,” outlines five actions to prevent threats while building and hardening 5G cloud infrastructure. Although this position paper is specifically […]