Author Archives: JKimmitt

Its an interesting question to ponder… What is privacy? Lets look first at the definition of privacy from Merriam-Webster.com: For the purposes of this conversation I believe the important word in that definition is the unauthorized part of “unauthorized intrusion”. I believe privacy means Choice. It means that you as a human being have the …

Continue reading “What is Privacy?”

I feel bad that I have not posted in a while to the blog. With starting the Certificate in Privacy and Cyber law and with the pandemic, my time over the last 6 months has been limited. However, I have recently presented at the EDUCAUSE Security Professionals Conference 2020 and after some great conversations with …

Continue reading “The Art of Privacy”

With the unprecedented move to telecommuting in the last week for many industries, it is critical for security teams to understand that many traditional security measures become difficult for the organization to maintain, thus needing a different mindset. The idea of maintaining border security on your organization’s central network is changing to the need to …

Continue reading “Border Security to Border-less Security”

Department of Defense is now requiring contractors to meet a standard level of cyber security protection.  The “Capability Domains” seems to be a mix of the various standard controls that the IT Security profession has been promoting for years (ie. CIS top 20). I can definitely see this as a requirement that gets adopted by …

Continue reading “DoD now requiring minimum cyber security controls from its contractors.”

“The U.S. will have as many as 3.5 million unfilled cybersecurity jobs by 2021.” I received that sentence in an email yesterday. I was curious to where these numbers come from? How do you calculate this sort of shortage? I understand it was intent to be a ‘shock and awe’ type of message, but I …

Continue reading “The “Cyber Workforce: Do we have an employee shortage, or an employer shortage?”

For the last few days I have been watching old episodes of ‘The Computer Chronicles’. Its amazing the computer advancements in the late 80’s and early 90’s. The technology for the hardware, such as monochrome to color screens, battery life, size, etc., were making huge jumps every year. It was an amazing time for computers. …

Continue reading “History of IT”

During a recent incident response, it was necessary to take a very large text file (70,000 lines, about 25,000 printed pages), query and redact information to pass to the incident response team. With some command line processing I was able to redact personal identifiers (MAC address, and Username) except for the ones in question. I …

Continue reading “Incident Response: Command Line Log Redaction”

I was talking with a friend yesterday about presenting, and I remembered something that I learned years ago that I thought I would share: When you are asked to present on a topic, you should determine what are the 3 questions you are being asked to cover? What is it that the audience is looking …

Continue reading “To Present or not to Present, that is the question.”

NIST has released a preliminary draft if their Privacy Framework…. Important snippets from the article about the focus of the framework: – the importance of collaboration between privacy and cybersecurity teams. – it’s important to build a tool that is usable regardless of an organization’s structure. https://www.nist.gov/blogs/cybersecurity-insights/preliminary-draft-nist-privacy-framework-here

This afternoon I had a great conversation with a colleague about securing servers. He specifically asked what we need to do to ‘Secure’ them? My first question was “How are they being attacked?” Which led to a good conversation, and a discussion on the philosophy of securing computers and networks. It is very easy to …

Continue reading “The Art of the CISO: What comes first, the attack or security?”