-
Reflections on Women in Cybersecurity
Anne Bayerkohler, Senior Director, Quality and Compliance, Coalfire
I joined Coalfire in 2014. At the time, there were very few women in cyber, much less in leadership roles. As it sometimes happens, I found myself in an elevator with Tom McAndrew, who is now our CEO. We started talking about the direction of my career and plans for my role as Director of Coalfire’s Quality Management System. He asked me a simple question, “What are you doing next?” I had to suddenly come up with a literal elevator pitch of what I could do in my sphere of influence.
Read more
-
The impact of Covid-19 on SOC reporting
Jamie Kilcoyne, Partner, Coalfire Controls
The audit cycle for organizations that receive SOC reports includes new challenges related to Covid-19. Remote workforces are now the norm throughout the world, which introduces new risks. For example, connecting to corporate networks using personal computers that may be infected with malware is one such risk. Additionally, hackers and fraudsters have stepped up their game and increased the frequency and sophistication of their attacks to take advantage of the vulnerabilities that come with a remote workforce. Many organizations have suffered economically due to Covid-19 with workforce reductions to help reduce costs. However, this could result in a failure to re-assign control responsibilities and a corresponding failure to perform certain controls.
Read more
-
FedRAMP 101: How to get listed as “In Process”
Marc Zurcher, Senior Manager, FedRAMP Assurance Services, Coalfire
Are you a cloud service provider working on a federal contract and need a FedRAMP authorization – but don’t have a sponsor yet? Acquiring a committed government agency sponsor early in the FedRAMP process is crucial to your success and will ensure a smoother process. A major role for an agency sponsor is to identify which risks they are willing to accept in your Cloud Service Offering (CSO) that may not fully align with FedRAMP requirements.
Read more
-
Chasing doorbells: Finding IoT vulnerabilities in embedded devices
Tyler Bennett, Consultant, Penetration Testing, Coalfire
The goal of this research project was to see if we could find any vulnerabilities and obtain full persistence on an IoT device, while learning about embedded devices in general. This post will take you through our journey to find vulnerabilities in a common, reasonably priced IoT device. For our research, we chose a Night Owl ISP Smart Doorbell – WD2CLM.
Read more
-
New OCR-ready risk analysis: Why the confusion?
Rich Curtiss, Director, Healthcare Cyber Risk Services, Coalfire
Are you ready for an Office for Civil Rights (OCR) investigation? Will your risk analysis and risk management methodologies and documents be sufficient to meet the HIPAA Security Rule?
Read more