Dr. Ray M.
Reno, Nevada, United States
2K followers
500+ connections
View mutual connections with Dr. Ray
Welcome back
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
New to LinkedIn? Join now
or
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
New to LinkedIn? Join now
View mutual connections with Dr. Ray
Welcome back
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
New to LinkedIn? Join now
or
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
New to LinkedIn? Join now
View Dr. Ray’s full profile
Other similar profiles
-
Shane M.
Peoria, AZConnect -
Joseph Clemente Rodriguez, MSCIS, CISSP, OCP
San Diego County, CAConnect -
Roosevelt Reynolds, CISSP, HISP
Atlanta, GAConnect -
Adeagbo Kayode
Aurora, COConnect -
Aditya Balapure
New York City Metropolitan AreaConnect -
Darren Anderson
Greater Chicago AreaConnect -
Syed Zaidi
Duluth, GAConnect -
Byron Smith
New York, NYConnect -
Aaron Shanas
Auburn, WAConnect -
John Sweeney
Charlotte MetroConnect -
Sean Walls, MBA
Greater HoustonConnect -
Krishna Tangirala,CISO,CTO,CISSP,AWS,ITIL
New York City Metropolitan AreaConnect -
Noor-ul-Amin Ali
Plano, TXConnect -
Wyatt Christeson
Denver Metropolitan AreaConnect -
Chad Levendoski
Looking for new role.
Amarillo, TXConnect -
Naveen K.
St Paul, MNConnect -
KAREEM KHALIL
Bellmawr, NJConnect -
Joshua Dostie
🔵 Teaming 🔴
Augusta, MEConnect -
Brian Garrett
Westminster, COConnect -
Dushyant Mehta
United StatesConnect
Explore more posts
-
Countermeasures Group
CISA has added four new vulnerabilities to its KEV Catalog: CVE-2024-43093 Android Framework Privilege Escalation Vulnerability CVE-2024-51567 CyberPanel Incorrect Default Permissions Vulnerability CVE-2019-16278 Nostromo nhttpd Directory Traversal Vulnerability CVE-2024-5910 Palo Alto Expedition Missing Authentication Vulnerability
1 -
Alexandre BLANC Cyber Security
Some good reminders as a response to Verizon DBIR report (data breach investigation report) "Credential and Secrets Theft: Insights from the 2024 Verizon Data Breach Report" It's your job as infrastructure manger, developer, security people, solution provider, so secure all of this. connected=hacked cloud=leak #cybersecurity #cloud #dbir #clowd
152 Comments -
Starlight Intelligence
CISA Warns of Actively Exploited Apache HugeGraph Server Bug The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding a critical vulnerability in the Apache HugeGraph server that is being actively exploited by attackers. This flaw could allow unauthorized users to gain access to sensitive data and execute malicious commands on affected systems. This vulnerability is particularly concerning as it affects a widely used graph database service, which many organizations rely on for managing complex data relationships. If exploited, it could lead to significant data breaches, operational disruptions, and potential financial losses. The active exploitation of this vulnerability underscores the urgent need for organizations to prioritize their cybersecurity measures. To mitigate the risks associated with this vulnerability, CISA recommends that organizations immediately apply the latest security patches released for Apache HugeGraph. Additionally, implementing strong access controls, conducting regular security audits, and monitoring for unusual activities can help protect against potential exploits. Educating staff about the importance of cybersecurity best practices is also essential for maintaining a secure environment. #Cybersecurity https://lnkd.in/g8Asi3G2
1 -
Shakeel Ali
Webinar Alert: Learn How ITDR Solutions Stop Sophisticated Identity Attacks: Identity theft isn't just about stolen credit cards anymore. Today, cybercriminals are using advanced tactics to infiltrate organizations and cause major damage with compromised credentials. The stakes are high: ransomware attacks, lateral movement, and devastating data breaches. Don't be caught off guard. Join us for a groundbreaking webinar that will change the way you approach cybersecurity. https://lnkd.in/gqxVX83M
-
Charles Robbins
There are several items that are missed on any data security audit. One is the Cybersecurity Risk Management Plan and Assessment. Typically found in only 1% of audits. An Incident Response Plan. Found less than 1% of the time. But almost never found are Data Flow Diagrams. With over 50% of the organization's data on the cloud, without the data flows completed, no one, yes no one in the organization knows where all the PII, PHI, PFI, PCI and other critical data is located. It takes about a month to complete all the data flows for an organization since all the department heads need to share their knowledge. When complete, these secure documents will allow the organization's leaders to strategize how they will protect their data. Without the data flows, many segments of the organization's data are not properly managed or protected. The organization will not have a backup plan if access to these systems is lost. So ID.AM.03 of the NIST Core V2 is a critical data security control. Please download the CSF and do the work that needs to be done to protect your organization.
10 -
Katalyst
The secret to a hacker-proof password? 👇 ✅ 16+ characters ✅ RANDOM (yes, that includes symbols & numbers) ✅ Different for every account It’s a pain to remember them all, right? That’s where a password manager comes in—total game-changer. You handle your work; let it handle your passwords! https://hubs.li/Q02VZSg30
2 -
Taiye Lambo
This Kiteworks article is a good read for cybersecurity professionals who are interested in a comprehensive checklist for achieving compliance with the Cybersecurity Maturity Model Certification (CMMC) framework. It outlines the steps organizations need to take to meet the requirements of different CMMC levels, from basic cybersecurity hygiene to advanced practices. Your Complete CMMC Compliance Checklist 👇👇 Get the checklist: https://lnkd.in/eEmiVs79 #cybersecurity #compliance #CMMC #NIST #CUI #blog
191 Comment -
Andrew Howard, MBA, CISSP, CCP
I had a fantastic time at the Onspring Indy GRC Day last week! I appreciate the great turnout for my "CMMC & NIST CSF 2.0” presentation. There were so many great questions and conversations, so I decided to share a couple of my favorites with everyone here! Q: Is it true that we cannot use our overseas support team to maintain our systems that contain CUI? A: YES, that is true. An overseas team doing tech support, network monitoring, and other information technology tasks will not be allowed in an environment where CUI is present. There are exceptions, but a tech support role would likely not fall into this category. Q: How do I control my supply chain when I don’t control my supply chain? A: Third-Party Risk Management (TPRM). A mature approach to TPRM is your only real option. Confirming that your suppliers are following solid cybersecurity rules and doing TPRM is also the best way to ensure your supply chain is secure. If you are looking for more #CMMC updates, we got you covered here: www.asuretigov.com #NIST #GRC #Cybersecurity #TPRM #RiskManagement #SupplyChain
402 Comments -
Charlene Deaver-Vazquez
In a recent conversation a cyber assessor asked me how they could get leadership buy-in to using risk quantification. Here are 3 ways I'd suggest doing this. Let me know what you think in the comments. 1. Use Industry Profiles for Context : Show how your organization compares to others in your industry in terms of risk exposure by using industry data. This helps highlight where your organization stands and can spark interest in exploring risk quantification further. 2. Highlight a Recent Attack : Use a recent cyber attack that affected your industry as an example. Show the potential financial impact and likelihood of such an attack on your organization. This makes the concept of risk quantification more real and urgent, helping leaders understand its importance. 3. Clarify Risk Levels : When discussing risk, push for clear definitions of what “high,” “moderate,” or “low” risk means by advocating for a quantified approach. This can help uncover inconsistencies in how risk is evaluated and emphasize the need for a standardized risk assessment method. Have you had success getting leadership buy-in to using risk quantification?
12 Comments -
SSL.com
🚨💼 Over 200,000 individuals' data was compromised in a phishing attack on Los Angeles County's Public Health Department. The breach led to unauthorized access of personal and sensitive information through compromised employee email accounts. 📧🔍 ⭐ Actionable Insights and Tips 🛡️ Implement stringent access controls and regularly review email account permissions to minimize the risk of unauthorized access from compromised credentials. 🔒 Employ real-time monitoring and anomaly detection tools to quickly identify and respond to unusual access patterns that may indicate a breach. 📚 Conduct regular phishing awareness and response training for all employees to enhance their ability to recognize and properly handle suspicious emails. 🤝 Here’s How SSL.com Can Help 📧 Our S/MIME certificates can secure email communications by providing encryption and message integrity, ensuring that sensitive information remains confidential and tamper-proof. 🔐 Utilize our comprehensive identity verification services to enhance email security, adding a layer of trust and authenticity to mitigate the impact of phishing attacks. At SSL.com, Trust is What We Do 🔒 #DataProtection #EmailSecurity #CyberAwareness
41 Comment -
Jason Lawrence
Here's a great perspective on how to improve organizational cybersecurity posture without blaming employees or users. As security leaders, we must leverage and treat our users as allies. Training our employees to be the first line of defense pays dividends and improves morale. I'm confident you'll find this article insightful.
4 -
Meg Fronckowiak
VM remains a cornerstone of preventive cybersecurity, but organizations still struggle with vulnerability overload and sophisticated threats. Tenable’s new Exposure Signals gives security teams comprehensive context, so they can shift from VM to exposure management and effectively prioritize high-risk exposures across their complex attack surface. http://ow.ly/oGFk105PbnX
3 -
Jeff Warren, CISSP
Passkeys are a leap forward for phishing defense which is why I see more consumer-grade services offering them. Just be sure you have strong backup methods in place, especially when using passkeys to auth multiple services. https://lnkd.in/ewV5WN97
1 -
Natsar
CISA added CVE-2024-29824, an SQL Injection vulnerability in Ivanti Endpoint Manager, to its Known Exploited Vulnerabilities Catalog. With a CVSS score of 9.6, it allows unauthenticated attackers to execute arbitrary code. #Cybersecurity #CISA #Vulnerability #Ivanti https://zurl.co/8Gz9
-
Andrew Shea
Thanks to Andrew Skomski, CPA for such a powerful post. And by the way as a semi-frequent late night ranter I feel your need to vent. Many people have labored and continue to labor in a system that needs to evolve. When you have watched vendor and/or third party risk management for twenty years it is easy to identify why we are where we are. We see the same challenges more broadly in audit and risk management which is the use of philosophies, objectives and processes that are past their expiration date. Rather than point out deficiencies - which I have been guilty of - it is essential that we all work together create a new vision for TPRM 2.0. This vision can only be achievable if we define what the desired state is for Third Party Risk Management(TPRM) Having attended a number of events this year targeted at CISO’s, CEO’s, and Board members the common themes being expressed are: Create value not friction with third parties. Evolve from qualitative to quantitative analysis where possible. Focus on top vendors and partner with them don’t audit them. Provide executive support to drive behavior and engagement from the business side with TPRM leaders. Continuously monitor third parties holistically across strategic, operational, financial, legal vectors not just cyber Utilize a geo-political lens for analysis Work to creating a level of trust that would allow for further sharing of security posture beyond the outside in approach of today. Use data science and/or AI to assist with being data not opinion driven in key areas of anslysis always backed by human expertise. And yes focus on both individual and joint operational resilience Please chime in regardless of whether you agree or disagree.
42 Comments
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore More