Tom Olzak

Tom Olzak is a security researcher for the InfoSec Institute and an IT professional with over 27 years of experience in programming, network engineering and security. He has an MBA as well as CISSP certification. He is currently an online instructor for the University of Phoenix. He has held positions as an IS director, director of infrastructure engineering, director of information security, and programming manager at a variety of manufacturing, health care, and distribution companies. Before joining the private sector, he served 10 years in the United States Army Military Police with four years as a military police investigator. He has written two books, "Just Enough Security" and "Microsoft Virtualization." He is a frequent contributor of security management papers for CBS Interactive and the Infosec institute.

MQTT is not evil, just not always secure

IoT messaging protocol is big security risk

IoT messaging protocol is big security risk

MQTT, a popular IoT messaging protocol and Oasis standard, is often left wide open to attacks. Organizations like hospitals, prisons, and critical infrastructure are often vulnerable to IoT device compromise.

Anatomy of an insider attack

Anatomy of an insider attack

Planning for insider attacks requires attack path analysis. Using scenarios, like the one in this post, help identify weaknesses.

Identity governance and admin: beyond basic access management

Identity governance and admin: beyond basic access management

IGA solutions go beyond traditional identity management by allowing deep insight into access, providing data owners, auditors, and security teams with valuable information needed for timely management decisions and response.

It's all about critical processes

It's all about critical processes

Critical processes run the business and should be the targets of risk assessments, pen tests, and vulnerability management procedures.

9 critical controls for today's threats

9 critical controls for today's threats

Many controls we've used for years can't effectively deal with today's threats. We must extend some and add others to prevent, detect, and respond to emerging threats to our business operations.

Ensure business continuity with change management

Ensure business continuity with change management

Change management is not an option. It is an important piece of business interruption prevention and helps ensure security risk does not drift up during projects and day-to-day activities.

Keep your critical systems safe

Keep your critical systems safe

Critical infrastructure runs your organization. It creates and delivers products and services. It is also used to collect and process customer information during operations. If these systems are compromised, operations fail and...

Workarounds without data?

A big part of business continuity planning is making sure we have manual processes or other workarounds in place.  They act as interim bandages to keep business processes moving forward.  Many organizations, especially those required...

Business Continuity != Best Buy * Geek Squad

Never trust the salesperson to provide accurate information about maintenance agreements. Always check with the actual techs to make sure you are covered against four to six week business interruptions.

Does bug-fix speed reflect browser value?

Is it time to move from browsers with bloated code and slow bug-fix reaction times?

White House Blowing Smoke?

The White House Cybersecurity Coordinator wants us to believe that breaches into national infrastructure is simple hactivism.

Load More