Susan Bradley

Contributing Writer

Susan Bradley has been patching since before the Code Red/Nimda days and remembers exactly where she was when SQL slammer hit (trying to buy something on eBay and wondering why the Internet was so slow). She writes the Patch Watch column for Askwoody.com, is a moderator on the PatchManagement.org listserve, and writes a column of Windows security tips for CSOonline.com. In real life, she’s the IT wrangler at her firm, Tamiyasu, Smith, Horn and Braun, where she manages a fleet of Windows servers, Microsoft 365 deployments, Azure instances, desktops, a few Macs, several iPads, a few Surface devices, several iPhones and tries to keep patches up to date on all of them. In addition, she provides forensic computer investigations for the litigation consulting arm of the firm. She blogs at https://www.askwoody.com/tag/patch-lady-posts/ and is on twitter at @sbsdiva. She lurks on Twitter and Facebook, so if you are on Facebook with her, she really did read what you posted. She has a SANS/GSEC certification in security and prefers Heavy Duty Reynolds wrap for her tinfoil hat.

How and why threat actors target Microsoft Active Directory

How Microsoft Purview can help with ransomware regulatory compliance

How Microsoft Purview can help with ransomware regulatory compliance

Microsoft's renamed compliance portal provides guidance and rule-setting capability to help comply with ransomware and other security and privacy requirements.

How to mitigate Active Directory attacks that use the KrbRelayUp toolset

How to mitigate Active Directory attacks that use the KrbRelayUp toolset

Attackers are using the KrbRelayUp toolset to compromise Kerberos in on-premises Active Directory networks. This two-step process should protect you.

Best practices for deploying multi-factor authentication on Microsoft networks

Best practices for deploying multi-factor authentication on Microsoft networks

Microsoft will soon mandate MFA for some customers, and these are the key considerations before you deploy it.

How to audit Microsoft Active Directory

How to audit Microsoft Active Directory

Patching alone won't fix all known Active Directory vulnerabilities. Here are the steps to audit your Active Directory domains and shore up weaknesses.

Patching the latest Active Directory vulnerabilities is not enough

Patching the latest Active Directory vulnerabilities is not enough

Follow these steps after running the November and May Microsoft updates to fully address Active Directory vulnerabilities.

What Microsoft Defender can tell you about your network

What Microsoft Defender can tell you about your network

Microsoft Defender for Business alerts can show what's happening in your network. The better you understand your network, the faster you can triage alerts.

What your cyber insurance application form can tell you about ransomware readiness

What your cyber insurance application form can tell you about ransomware readiness

The annual cyber insurance application form shows what the carriers think you should be doing to best prevent and recover from ransomware attacks. Pay attention.

9 most important steps for SMBs to defend against ransomware attacks

9 most important steps for SMBs to defend against ransomware attacks

Here's how small- to medium-sized businesses can effectively protect their networks against the risk of ransomware without breaking their security budgets.

Protecting on-premises Microsoft servers

Protecting on-premises Microsoft servers

Many organizations still have on-premises Microsoft Exchange, SharePoint, or Office servers with inadequate protections.

Spring4Shell: Assessing the risk

Spring4Shell: Assessing the risk

Spring4Shell does not affect most systems, so a calm, methodical approach to assessing the real threat is best.

It's time to re-evaluate your 2FA setup on Microsoft networks

It's time to re-evaluate your 2FA setup on Microsoft networks

Attackers are exploiting some 2FA settings to gain network access. Does your current configuration provide the best protection?

Best advice for responding to today's biggest cyber threats

Best advice for responding to today's biggest cyber threats

Scary new threats don't necessarily require big changes to your security infrastructure. These simple actions can be more effective and less disruptive.

4 ways attackers target humans to gain network access

4 ways attackers target humans to gain network access

These are some of the favorite ways cybercriminals try to get around an organization's cyber defenses to steal credentials or commit fraud.

Using Windows Defender Application Control to block malicious applications and drivers

Using Windows Defender Application Control to block malicious applications and drivers

WDAC allows security and IT admins to control which applications, drivers and certificates can run on Windows systems.

Preparing Microsoft cloud networks for regional disruptions

Preparing Microsoft cloud networks for regional disruptions

The Ukrainian crisis shows has heightened awareness of risks to cloud infrastructure affected by political or natural disasters.

Responding to heightened cyberattack risk: Focus on the basics

Responding to heightened cyberattack risk: Focus on the basics

The Russia-Ukraine crisis has raised alarms about heightened risk of cyberattacks. Don't panic, but do make sure you're on top of these fundamental security best practices.

How to prep for increased Russia-based cyberattacks

How to prep for increased Russia-based cyberattacks

As governments warn about more cyber threats due to the Ukraine crisis, it's time to follow published guidance and take common-sense precautions.

Microsoft changes default settings to improve network security

Microsoft changes default settings to improve network security

Here's what IT and security admins for Microsoft networks need to know about recent changes to Office and Windows.

What's new in Microsoft's Sentinel cloud SIEM

What's new in Microsoft's Sentinel cloud SIEM

Microsoft is previewing new Sentinel features that will make it easier for security admins to manage and analyze event logs.

Load More