LEO

A Cyber-as-a-Service Firm

Securing Automobile Control Systems Part 1

Securing Automobile Control Systems Part 1 2051 1440 KevinLackey
By Kevin Lackey, OT, ICS & SCADA Cyber Security Principal Driving (pun intended) towards a Minimum Security Standard for automotive control systems is more important than ever, as these systems are quickly becoming fully independent from human control. Within 20 years of the advent of computer regulated electronic fuel injection, first mass produced and available to [...]read more

NIST Releases Cybersecurity Framework 1.1

NIST Releases Cybersecurity Framework 1.1 2160 1440 HeathRenfrow
By Heath C Renfrow, CISSP, C|CISO, C|EH, C|NDA The National Institute of Standards and Technology (NIST) announced on April 16, 2018 the release of the Cyber Security Framework (CSF) 1.1, intended to improve Critical Infrastructure Cybersecurity. The focus of this framework when first developed in 2014 was geared towards industries vital to economic and national security, [...]read more

FDA and the Medical Device Security Action Plan

FDA and the Medical Device Security Action Plan 2160 1440 HeathRenfrow
By Heath C Renfrow, CISSP, C|CISO, C|EH, C|NDA Since 2013, cyber professionals have been warning about the cyber risk and exposure healthcare organizations face from cyber-attacks on medical devices and software. As a result of these concerns the Health and Human Services (HHS) extended security and privacy rules to business associates, and the Federal Drug Administration [...]read more

To Pay or Not to Pay (Ransomware)

To Pay or Not to Pay (Ransomware) 2160 1440 HeathRenfrow
By Heath C Renfrow, CISSP, C|CISO, C|EH, C|NDA The recent ransomware attack on the City of Atlanta cost the city an estimated $2.7 million, and raises the question, do you pay or do you not pay? Ransomware has exploded over the last few years and has been especially hard on the healthcare industry - who can [...]read more

Looking Through the Different Filters of the CISO and the Board

Looking Through the Different Filters of the CISO and the Board 450 270 JustinSilbert
By Justin Silbert. Perhaps the most misunderstood challenge of the modern day CISO continues to be communication with the Board of Directors.  The task seems simple, but there is major disconnect between the CISO and the Board. According to the Cyentia Institute’s 2017 Cyber Balance Sheet report, “even basic questions on the value of cybersecurity [...]read more

Learning Through Gaming, Red vs. Blue

Learning Through Gaming, Red vs. Blue 1179 666 RobBeason
By: Rob Beason, CISSP, GSLC, Security+ At the Houston Security Conference, 2018; fellow LEOs Clint Bodungen and Kevin Lackey put on a red versus blue team training for attendees. The course was a one-day workshop intended to educate ICS practitioners, network defenders and the security conscious on the topics of basic attack methodologies and the [...]read more

Dev Overflow – Part 8

Dev Overflow – Part 8 840 630 MikhailSudakov
By Mikhail Sudakov, Cyber Security Architect and Analyst, LEO Cyber Security. Back to Part 7 This is yet another example of why (software) security cannot be just a checkbox. More generally being a way of thinking, here it specifically takes the form of an ongoing process - a process that should have only one possible [...]read more

The Virtual Future of the CISO

The Virtual Future of the CISO 2160 1440 JustinSilbert
By Justin Silbert, GCIH, GCFE, CISSP. Just last week, the city of Atlanta became known as the latest victim of cyber crime, a ransomware attack crippling the city for 5 days. As admitted by the Atlanta Mayor, cyber security was not made a priority and they suffered greatly because of it. And Atlanta is not [...]read more

ICS Security Manager as a Service – Part 4

ICS Security Manager as a Service – Part 4 IsiahJones
By Isiah Jones, MPS, CISSP, GICSP, C|CISO, Director, ICS Cyber Security Engineering The fourth and final post in our series explores who can benefit from the ICS Security Manager as a Service concept. To revisit the earlier posts, please see Part 1, Part 2, and Part 3. So, who would even benefit from this ICS Security [...]read more

ICS Security Manager as a Service – Part 3

ICS Security Manager as a Service – Part 3 500 238 IsiahJones
By Isiah Jones, MPS, CISSP, GICSP, C|CISO, Director, ICS Cyber Security Engineering This is the third blog post in our series that explores why the ICS Security Manager as a Service is needed. To review the earlier posts please visit Part 1 and Part 2. What is the ICS Security Manager as a Service? The easiest way for [...]read more

ICS Security Manager as a Service – Part 2

ICS Security Manager as a Service – Part 2 500 333 IsiahJones
By Isiah Jones, MPS, CISSP, GICSP, C|CISO, Director, ICS Cyber Security Engineering This is the second blog post in our series that explores the ICS Security Manager as a Service concept. To review Part 1, please visit ICS Security Manager as a Service - Part 1. In my travels over the last four years, I’ve consistently encountered the same [...]read more

ICS Security Manager as a Service – Part 1

ICS Security Manager as a Service – Part 1 500 334 IsiahJones
By Isiah Jones, MPS, CISSP, GICSP, C|CISO, Director, ICS Cyber Security Engineering As industrial control system (ICS) assets and operations increasingly become the targets of opportunity it is important that new strategies and ideas for focused and tailored security approaches are introduced to the community. ICS security manager as a service can enable the community to contract [...]read more