Information Security Leader, Author, Instructor and Speaker

A Year of Cloud First: Lessons Learned

I had the privilege of spending an hour with the Internet2 NET+ team today sharing some of the lessons we’ve learned during Notre Dame’s cloud journey.

Posted in Presentations | Tagged , | Leave a comment

Malware Exposed

Malware is perhaps the most dangerous threat to the security of the average computer system. Research by Microsoft recently estimated that 17.8% of computers worldwide were infected by malware during a three-month period. That is an astonishing number that underscores the real and present danger posed by malicious software on the modern Internet.

Information technology professionals must educate themselves about the risks posed by malware and use that knowledge to defend their organizations against the malware threat. In this article, we provide background information on malware and describe ways that you can create a defense-in-depth approach to protecting your computing assets.

Read More: Malware Exposed

Published April 5, 2015 in Certification Magazine

Posted in Articles | Tagged , | Leave a comment

Tech Tips: Running a Vulnerability Scan

Vulnerability scanning plays a critical role in the information security program of any educational institution. Conducting regular security scans ensures that administrators remain aware of the state of security on their networks and allows them to quickly remediate vulnerabilities before an attacker exploits them.

Conducting vulnerability scans consumes network bandwidth and ties up resources on the systems being scanned. In the worst case, these scans may inadvertently result in system outages or other operational issues. IT staff preparing to scan campus networks should follow a set of best practices to protect the integrity of their institution’s information systems. In this article, I offer four tips on operating a safe and effective vulnerability scanning program.

Read More: Tech Tips: Running a Vulnerability Scan

Published March 17, 2015 in EdTech Magazine

Posted in Articles | Tagged | Leave a comment

Could Apple Pay fundamentally change PCI DSS compliance?

Apple Pay, the recently released mobile payment system on Apple’s iPhone 6, is making waves in the security community and being praised for the attention it provides to securing credit card transactions. Tokenization, the technology underpinning Apple Pay’s security model, is not new, but Apple Pay may provide the impetus for this technology to go mainstream.

From the consumer’s perspective, Apple Pay is an ideal way to conduct a transaction with a merchant because it preserves the consumer’s privacy during the transaction. During a normal credit card transaction, the merchant reads the consumer’s name and credit card number from the magnetic stripe on the back of the card. During an Apple Pay transaction, the merchant receives only an anonymized one-time-use code that facilitates the transaction.

Read More: Could Apple Pay fundamentally change PCI DSS compliance?

Published March 8, 2015 on

Posted in Articles | Tagged , , | Leave a comment

Context-Aware Intrusion Prevention

Over the past few years, security professionals around the world have undertaken projects to convert their enterprise firewalls to the latest technology – next generation firewalls (NGFW). These systems leveled up firewall technology by providing the firewall with more information – data that provided context about applications and users and allowed the firewall to make more intelligent decisions about network access. It’s now time for intrusion prevention systems (IPS) to make that same leap.

The newestintrusion prevention technology, next generation IPS (NGIPS), is able to incorporate new data sources that dramatically improve the IPS’ ability to protect networks against attack. With these systems, you can incorporate information about your network and applications into your intrusion prevention strategy to build more robust defenses for your organization’s network.

Read more: Context-Aware Intrusion Prevention

Published March 4, 2015 in BizTech Magazine

Posted in Articles | Tagged , | Leave a comment

Can legal departments complement IT security?

Legal teams have long played an important role in information security and compliance programs. The expertise that attorneys bring to the table complements the technical subject matter expertise of IT professionals and, when working toward a common purpose, contributes to a well-rounded IT risk management program. In this tip, I look at three different ways that legal teams can contribute to information security efforts in enterprises of all sizes.

Legal departments often find themselves thrust into the middle of enterprise risk management programs for two reasons. First, they are normally privy to many of the sensitive risks facing different areas of the business. Second, many organizational risks are legal in nature, requiring the expertise of an attorney to assist in interpreting laws and regulations and to estimate the impact on the organization should a violation arise.

Read more: Can legal departments complement IT security?

Published February 27, 2015 on

Posted in Articles | Tagged , , , | Leave a comment

What the Community Health Systems Breach Can Teach Your Organization

In the spring of 2014, hackers penetrated the systems of Community Health Systems (CHS), a network of 206 hospitals located across the United States. They made off with sensitive personally identifiable information from over 4 million patients, including names, Social Security numbers, birthdates and employment information.

What happened at Community Health Systems? What can enterprises learn from the breach? This tip looks at the lessons you can extract from the CHS breach to protect your organization’s health information and keep HIPAA regulators at bay.

Read the full story: What the Community Health Systems Breach Can Teach Your Organization

Published February 19, 2015 on

Posted in Articles | Tagged , | Leave a comment

Preparing for 802.11ac

Is your agency prepared for the next revolution in wireless networking? The traditional wireless networks that served agencies well for the past decade are quickly becoming outdated relics in desperate need of upgrading. Today’s mobile user requires ubiquitous high-bandwidth connections throughout an agency’s facilities.

The advent of 802.11ac wireless networking promises to fill that demand by tripling the speed of existing 802.11n networks. Technology advances over the next few years promise to further increase 802.11ac speed by a factor of four until the technology provides 6Gbps wireless connections, compared to today’s 0.5Gbps maximum. 802.11ac achieves this benefit by leveraging several technical enhancements, including the use of the 5 GHz radio spectrum.

Read More: Preparing for 802.11ac

Published February 13, 2015 in FedTech Magazine

Posted in Articles | Tagged , , | Leave a comment

Cloud First: Building a Common Strategy


Higher education IT is in the midst of an exciting transformation.  The economies of scale, resiliency, flexibility and agility provided by cloud computing are rendering the construction and maintenance of on-premises data centers obsolete.  Over the next decade, the availability and advantage of new technology models will result in a substantial decrease in the use of on-premises data centers.  In this ITANA webinar, I shared details on a collaboratively built “Cloud First” strategy for higher education IT that moves from a traditional data center model to one centered on the public cloud and cloud-based services.

View the presentation: Cloud First: Building a Common Strategy

Read the strategy document: Cloud Strategy for Higher Education

Posted in Presentations | Tagged , | Leave a comment

Managing Change in the Cloud


In today’s Internet2 Cloud Proud webinar, I had the opportunity to share some thoughts on how organizations can effectively build cloud teams by following three principles:

  • Calm the fear, uncertainty and doubt
  • Make it real
  • Build a strong team

Both the session slides and a session recording are available online.

Posted in Presentations | Tagged , , | Leave a comment

Mike Chapple, CISSP, Ph.D.

Mike is an IT leader, information security professional, author, speaker and trainer with over fifteen years of experience in the field.

Full Biography