Tom Olzak

Want to Join?
Opinions expressed by ICN authors are their own.

Tom Olzak is an information security researcher and an IT professional with more than 34 years of experience in programming, network engineering and security. He has an MBA and a CISSP certification. He is an online instructor for the University of Phoenix, facilitating 400-level security classes.

Tom has held positions as an IS director, director of infrastructure engineering, director of information security and programming manager at a variety of manufacturing, healthcare and distribution companies. Before entering the private sector, he served 10 years in the U.S. Army Military Police, with four years as a military police investigator.

Tom has written three books: Just Enough Security, Microsoft Virtualization, and Enterprise Security: A Practitioner's Guide. He is also the author of various papers on security management and has been a blogger for, TechRepublic, and Tom Olzak on Security.

The opinions expressed in this blog are those of Tom Olzak and do not necessarily represent those of IDG Communications Inc. or its parent, subsidiary or affiliated companies.

MQTT is not evil, just not always secure

IoT messaging protocol is big security risk

IoT messaging protocol is big security risk

MQTT, a popular IoT messaging protocol and Oasis standard, is often left wide open to attacks. Organizations like hospitals, prisons, and critical infrastructure are often vulnerable to IoT device compromise.

Anatomy of an insider attack

Anatomy of an insider attack

Planning for insider attacks requires attack path analysis. Using scenarios, like the one in this post, help identify weaknesses.

Identity governance and admin: beyond basic access management

IGA solutions go beyond traditional identity management by allowing deep insight into access, providing data owners, auditors, and security teams with valuable information needed for timely management decisions and response.

It's all about critical processes

It's all about critical processes

Critical processes run the business and should be the targets of risk assessments, pen tests, and vulnerability management procedures.

9 critical controls for today's threats

9 critical controls for today's threats

Many controls we've used for years can't effectively deal with today's threats. We must extend some and add others to prevent, detect, and respond to emerging threats to our business operations.

Ensure business continuity with change management

Change management is not an option. It is an important piece of business interruption prevention and helps ensure security risk does not drift up during projects and day-to-day activities.

Keep your critical systems safe

Keep your critical systems safe

Critical infrastructure runs your organization. It creates and delivers products and services. It is also used to collect and process customer information during operations. If these systems are compromised, operations fail and...

Workarounds without data?

A big part of business continuity planning is making sure we have manual processes or other workarounds in place.  They act as interim bandages to keep business processes moving forward.  Many organizations, especially those required...

Business Continuity != Best Buy * Geek Squad

Never trust the salesperson to provide accurate information about maintenance agreements. Always check with the actual techs to make sure you are covered against four to six week business interruptions.

Does bug-fix speed reflect browser value?

Is it time to move from browsers with bloated code and slow bug-fix reaction times?

White House Blowing Smoke?

The White House Cybersecurity Coordinator wants us to believe that breaches into national infrastructure is simple hactivism.

Load More