Information Security Leader, Author, Instructor and Speaker

Hacking Small Companies is Big Business

Information security often takes a backseat to other issues that small business owners face. With more immediate concerns, such as shipping products or pursuing overdue accounts,business owners can likely dismiss information security concerns as applying only to larger organizations.

It’s easy to think that a small business can remain below the radar of attackers and neglect security controls. Unfortunately, the facts do not support that idea.

When it comes to information security, no business is too small. Small businesses increasingly find themselves the focus of attacks directly targeted against them and designed to steal funds, information and customers.

Read the full story: Hacking Small Companies is Big Business

Published July 27, 2016 in BizTech Magazine

Posted in Books | Leave a comment

Six Most In-Demand New Cybersecurity Certifications

Cybersecurity is one of the hottest fields in information technology and skilled cybersecurity professionals are in high demand. Threats to enterprise security evolve constantly and organizations require increasingly skilled specialists with the knowledge required to combat those threats. As the cybersecurity field becomes increasingly specialized, industry is responding with a series of niche certification programs designed to demonstrate an individual’s qualifications to fill these new positions.

For job candidates, cybersecurity specializations can be extremely rewarding. A recent Certification Magazine salary survey ranked the top IT certification programs and five of the top ten certifications cover cybersecurity issues and command salaries of around $140,000. Let’s take a look at six of the most in-demand cybersecurity certifications that reached the marketplace in the past five years.

Read the full article: Six Most In-Demand New Cybersecurity Certifications

Published July 1, 2016 in Certification Magazine

Posted in Articles | Tagged , | Leave a comment

10 Things Your Business Manager Wishes You Knew

Fortunately, the business managers who support IT organizations want to see those organizations succeed and make deep contributions to their institution’s teaching, research, and service missions. In a series of interviews, business managers from the University of Washington, Muhlenberg College, and the University of Notre Dame offered 10 critical pieces of knowledge about institutional business operations that they consider critical success factors for technology managers. Let’s take a look at the 10 things that your business manager wishes you knew.

Read the full article: 10 Things Your Business Manager Wishes You Knew

Published June 29, 2016 in EDUCAUSE Review

Posted in Articles | Tagged , | Leave a comment

App container, app wrapping and other emerging mobile security tactics

The flood of personal devices entering organizations through both formal bring your own device programs and informal use of personal technology poses a significant risk to enterprise security. While organizations traditionally relied upon mobile device management (MDM) technology to control both the apps installed on mobile devices and the security configurations of the device operating system, this approach does not offer the flexibility necessary for bring your own device (BYOD) models. Users do not want clunky corporate software that intrudes into their personal use of technology, and enterprise IT departments don’t want the support burden the comes along with such heavy-handed management. An app container and application wrapping are emerging as more BYOD-friendly solutions to the mobile security challenge.

Read the full article: App container, app wrapping and other emerging mobile security tactics

Published June 29, 2016 on

Posted in Articles | Tagged , , | Leave a comment

Rule 41: What does it mean for enterprises?

The Federal Rules of Criminal Procedure (FRCP) govern the criminal trials that take place in all federal courts around the nation.  While these rules are often quite dry and don’t often contain controversial provisions, they are extremely important to the conduct of criminal trials and contain the procedural rules that govern not only the conduct of a trial but also the conduct of law enforcement personnel who gather evidence that may be used at trial.

On April 28th, the U.S. Supreme Court submitted proposed amendments to the FRCP that cover a variety of changes to criminal trial procedures.  One of those in particular is of great interest to information security and privacy experts.  Rule 41 governs the search and seizure of evidence that may be used in a criminal proceeding.

Read the full story: Rule 41: What does it mean for enterprises?

Published June 21, 2016 on

Posted in Articles | Tagged , | Leave a comment

Information Security Management: Making the Leap

If you’re looking for a career path that allows you to exercise both leadership and technical skills, technology management may be an appropriate path for you.  In particular, technology professionals with a security background will find that information security management offers the combination of a challenging work environment with a potentially lucrative career in a high-demand field.  Succeeding as an information security manager requires a unique blend of technical, leadership and social skills but offers tremendous rewards to those who make the cut.

Organizations around the world struggle constantly with security challenges and one need look no farther than the evening news to see evidence.  Major security breaches have rocked both the public and private sectors in recent years and Congress finds themselves grappling with thorny legislative issues that seek to balance national security interests with those of information security.  As organizations seek to thrive in this murky environment, they require strong leadership for their information security and compliance functions.  As with many technical disciplines, they often find it challenging to attract highly qualified talent to their information security management positions because there is a relatively small pool of qualified individuals who are in great demand.  This combination of circumstances offers great opportunity to those seeking a career in security leadership.

Read the full article: Information Security Management: Making the Leap

Published May 23, 2015 in Certification Magazine

Posted in Articles | Tagged , , , | Leave a comment

What’s Next for Encryption Legislation?

The legal battle between the FBI and Microsoft this spring brought encryption into the public spotlight in a major way for the first time.  While cybersecurity and law enforcement professionals have long debated issues over key escrow and access to encrypted information, these debates were never part of the greater public discourse until now.  Although the FBI dropped their request for access to the phone in the San Bernardino case, that tactical move merely kicked the can down the road.

In the wake of the FBI’s attempt to access the San Bernardino iPhone, legislatures at the federal and state level have all threatened to take up the issue, with legislators introducing bills that seek to address this challenge.  It’s likely that we will continue to see legislative wrangling over encryption issues this summer and fall.

Read the full story: What’s Next for Encryption Legislation?

Published May 17, 2016 on

Posted in Articles | Tagged , | Leave a comment

Securing the Internet of Things

Browse the shelves of your local home improvement or appliance store and you likely won’t be able to move two steps before encountering a device bearing the adjective “smart.”  From televisions and microwaves to toothbrushes and sprinkler systems, almost every conceivable consumer device comes with WiFi or Bluetooth connectivity.  While exciting, the Internet of Things also introduces a whole new world of security risks, providing hackers with millions of new targets for their nefarious activities.  A recent IDC report predicted that 90% of all networks will experience an IoT-related security breach by the end of 2016.  That’s a sobering statistic!

IoT devices aren’t just popping up in homes – they’re also appearing in offices and on factory floors.  In some cases, these are the results of well-planned IT projects designed to improve automation or facilitate data collection.  In other cases, well-meaning employees may simply plug an IoT device into an available network port without recognizing the risks such a device might pose to enterprise security.  Security and networking professionals must understand the scope of IoT efforts within their organization along with the tools and techniques at their disposal to help protect against this threat.

Read the full story: Securing the Internet of Things

Published April 27, 2016 in Certification Magazine

Posted in Articles | Tagged | Leave a comment

PCI DSS 3.2: Is this really the end?

Has the era of major revisions to the Payment Card Industry Data Security Standard (PCI DSS) come to an end?  Some industry watchers believe that the standard has reached a stage of maturity where only minor tweaks are required and organizations can now expect stability in the world of credit card compliance.

In February, the PCI Security Standards Council (PCI SSC) published a blog interview with Troy Leach, the council’s Chief Technology Officer that announced the upcoming release of PCI DSS 3.2 and discussed the future of the standard.  Let’s dig in and take a look at what merchants should expect in PCI DSS 3.2 and how the standard’s release tempo might change in the future.

Read the full story: PCI DSS 3.2: Is this really the end?

Published April 25, 2016 on

Posted in Articles | Tagged | Leave a comment

Defense Department Puts Bounty on Bugs

Cold hard cash is a strong motivator for many people and the Department of Defense is hoping that hackers are no exception.  In March, DoD announced the upcoming launch this spring of a bug bounty program, modeled after those popular in the private sector.  The press release announcing the program was short on details and long on patriotic hype, but this first-of-its-kind program in the public sector seeks to take an approach that has already proven successful in private industry.

Whether organizations like it or not, hackers will probe their systems seeking out weaknesses in servers and applications that may be exploited for a variety of reasons.  Some of these individuals merely seek the intellectual challenge of identifying vulnerabilities and then leverage their discoveries to gain notoriety within the hacking community.  Bug bounty programs seek to redirect these individuals to disclose their discoveries directly to the company, rather than to the general public, typically in exchange for some form of compensation.  The goal is to harness the intellectual horsepower and work ethic of hackers and use it in the service of improving security.

Read the full article: Defense Department Puts Bounty on Bugs

Published April 12, 2016 in Certification Magazine

Posted in Articles | Tagged , , | Leave a comment

Mike Chapple, CISSP, Ph.D.

Mike is an IT leader, information security professional, author, speaker and trainer with over fifteen years of experience in the field.

Full Biography