Information Security Leader, Author, Instructor and Speaker

Security Automation: Eight Things You Can Do Now for Security at Scale

Automation plays an increasingly important role in cybersecurity programs,” said Mike Chapple, adjunct research analyst at IDC’s IT Executive Programs. “Automation serves as a force multiplier by taking routine tasks off the plate of the cybersecurity team and allowing specialists to focus their effort on adding higher-level value to the organization.”

IDC Research Report published December 2018.
Read the full report: Security Automation: Eight Things You Can Do Now for Security at Scale

Posted in White Papers | Tagged | Leave a comment

IDC PlanScape: Launching a Bug Bounty Program

Bug bounty programs incentivize security researchers to test your systems for weaknesses and then provide you with an opportunity to fix the problems and strengthen your defenses,” says Mike Chapple, adjunct analyst with IDC‘s IT Executive Programs (IEP). “These programs allow you to benefit from the collective thinking of a large community of security professionals. You’ll have more minds focused on your security posture than you could ever hire as employees or consultants.”

IDC Research Report published December 2018.
Read the full report: IDC PlanScape: Launching a Bug Bounty Program

Posted in White Papers | Tagged | Leave a comment

5 Steps to Integrate a Business’ Security Solutions

Your organization probably has a diverse set of security tools working to help reduce your risk profile and combat active threats. You might have a vulnerability scanner seeking out unpatched systems, an intrusion prevention system monitoring network traffic, a firewall controlling the border, and a threat intelligence vendor feeding you current information about the adversary.

But how well do these tools work with each other? If you’re like many of us, these tools may exist in silos only to be linked together by the work of cybersecurity analysts. One of the best ways to quickly improve the efficiency of your team is to build integrations between security tools, allowing them to work in harmony while minimizing user intervention.

Let’s take a look at five things that you can do right now to better integrate your security tools.

Published October 2018 in BizTech Magazine.
Read the full article: 5 Steps to Integrate a Business’ Security Solutions

Posted in Articles | Tagged | Leave a comment

4 Ways to Keep Sensitive Data from Escaping to the Public Cloud

Think about how many cloud services you use every day. Chances are that it’s a mixture of services managed by your employer and others that you’ve chosen to use in your personal life.

As an IT professional, you might carefully manage the separation between those worlds, but it’s easy for non-IT users to accidentally spread information from their work life into their personal cloud services. When this happens without IT staff being aware of it, the institution is at risk of exposure to loss, theft or public disclosure of sensitive information.

Let’s look at four ways to manage faculty and staff use of cloud services to detect data leaks and repatriate improperly exposed data.

Published September 2018 in EdTech Magazine.

Read the full article: 4 Ways to Keep Sensitive Data from Escaping to the Public Cloud 

Posted in Articles | Tagged , | Leave a comment

How to Choose Between Penetration Tests and Vulnerability Scans 

Even seasoned cybersecurity professionals confuse penetration tests with vulnerability scans. Both play an important role in the security practitioner’s toolkit, but they vary significantly in scope and expense. Here are answers to some common questions about the topic.

Published August 2018 in EdTech Magazine.
Read the full article: How to Choose Between Penetration Tests and Vulnerability Scans 

Posted in Articles | Tagged , | Leave a comment

Security Certifications: Seven Things CIOs Need to Know

“Cybersecurity certification programs play an important role in our professional community,” said Mike Chapple, adjunct research analyst, IDC. “They demonstrate an individual’s commitment to the profession and willingness to study cybersecurity topics with both breadth and depth. CIOs should recognize the importance of these programs but also be mindful of their limitations.”

IDC research report published July 2018
Read the full white paper: Security Certifications: Seven Things CIOs Need to Know

Posted in White Papers | Tagged | Leave a comment

Cybersecurity Threats: Eight Things CIOs Need to Know

“It’s no secret that cybersecurity adversaries have become increasingly sophisticated over the past few years,” says Mike Chapple, adjunct research analyst, IDC. “Organizations seeking to protect their information assets in this day and age must remain cognizant of evolving threats and design security controls that remain effective not only against the threats of today but also provide protection against the unknown threats of tomorrow.”

IDC Research Report published July 2018.
Read the full report: Cybersecurity Threats: Eight Things CIOs Need to Know

Posted in White Papers | Tagged | Leave a comment

Why You Should Conduct Risk Assessments Before Buying New Cybersecurity Products

The worldwide market for cybersecurity products and services will surpass $95 billion this year, according to Gartner. That’s a staggering amount of money, and it represents an ­8­ percent increase in the size of the market since the beginning of 2017.

Is all of that spending really necessary? Much of it is, of course. But in my experience, many organizations purchase new security solutions without first conducting a thorough risk assessment and gap analysis to identify and prioritize their security needs. Some never evaluate their ability to meet emerging threats with existing resources.

Following such an assessment, an organization may conclude that new controls are required, but they may also discover that upgrades and configuration changes to existing controls are also needed — or, perhaps, are all that’s needed — to provide a solid, layered defense.

Read the full article: Why You Should Conduct Risk Assessments Before Buying New Cybersecurity Products

Published May 2018 in BizTech Magazine

Posted in Articles | Tagged | Leave a comment

An old exam format is making an IT certification comeback

In a quiet announcement last year, cybersecurity industry association (ISC)² made a major change to its long-established flagship testing program. Starting in December of 2017, the Certified Information Systems Security Professional (CISSP) exam moved to a new exam format: adaptive testing. This change took effect in December for all test-takers sitting for the English-language version of the CISSP exam.

Social media immediately lit up with concern, as test-takers tried to figure out what effect the announcement would have on their test-taking experience, as well as how the changes to the CISSP exam would affect the difficulty and content of the exam. Let’s take a look at adaptive testing in general, discuss ways that you might prepare for an adaptive certification exam, and then talk about how this change might affect the IT certification industry over the coming years.

Read the full article: An old exam format is making an IT certification comeback

Published May 14, 2018 in Certification Magazine

Posted in Articles | Tagged , | Leave a comment

Iran Doesn’t Have Nukes Yet, But It Has a Powerful Weapon It Can Use Right Now

This week’s collapse of the Iranian nuclear deal justifiably caused global consternation at the thought of Iran moving closer to becoming a nuclear power.

There is, however, a much more immediate threat. Iran is already a cyber power and has a history of launching hacking attacks against American interests.

Restoring sanctions removes an important deterrent to those cyberattacks and may have immediate adverse consequences.

The United States and Iran have quietly waged cyberwar for more than a decade. The U.S. fired the first shot in this war as early as 2007 after joining forces with Israel to use malicious software to destroy equipment at Iran’s Natanz uranium enrichment facility.

Published May 10, 2018 on CNBC.

Read the full story: Iran Doesn’t Have Nukes Yet, But It Has a Powerful Weapon It Can Use Right Now

Posted in Articles | Tagged | Leave a comment

Mike Chapple, CISSP, Ph.D.

Mike is an IT leader, information security professional, author, speaker and trainer with over fifteen years of experience in the field.

Full Biography

@mchapple