Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On April 15th of 2024, ISC² implemented a refreshed set of objectives for the CISSP exam. The goal of refreshing the exam objectives is to keep the exam relevant to the latest happenings in security. As things progress and new technologies are introduced, the objectives are updated to account for them as well as for the latest standards and processes. In this blog, we’ll look at the changes and explore some of the key things to be aware of as you prepare for the refreshed exam in 2025.

Cloud security monitoring refers to the ongoing surveillance, observation, analysis of cloud-based infrastructure and services to detect security threats, patch vulnerabilities, and address compliance gaps. As cloud environments expand, organizations need effective cloud-based security monitoring tools to ensure those resources remain secured.

People come and go within your organization, and those who remain move throughout the organization through promotions and transfers. However, the fundamental organizational structure remains relatively stable: Customer support agent, sales rep, HR manager, and software developer represent enduring functional roles, even as individual employees cycle through these positions.

Personally identifiable information (PII) is any data that can be used on its own or in combination with other information to identify, contact, or locate an individual. Examples of PII include full name, Social Security number, passport number, driver’s license number,r and biometric data.

Identity threat detection and response (ITDR) is a cybersecurity discipline focused on detecting, investigating, and responding to threats targeting identity systems like Active Directory (AD) and Entra ID, identity providers (IdPs), and authentication mechanisms. It enhances traditional identity and access management (IAM) by introducing threat intelligence, behavioral analysis, and automated response capabilities to mitigate identity-based attacks.

Most IT and security teams think they already have endpoint policy management in place. They’re using Microsoft Intune. Maybe Defender. Maybe a mix of Mobile Device Management, AV, and EDR. But here’s the catch: delivering policies isn’t the same as enforcing them.

What is an SPN? Even a Windows Admin with some experience with Active Directory may be unaware of the role that Service Principal Names have in domain environments. A security principal name (SPN) is a unique identifier that links a specific service instance to the account running it, enabling clients to authenticate and connect to the right service within Active Directory (AD).

The Cybersecurity Maturity Model Certification (CMMC) is a framework designed by the US Department of Defense (DoD) to enhance the cybersecurity posture of companies within the Defense Industrial Base (DIB). It establishes security requirements that contractors must meet to protect Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) from cyber threats.

In today’s competitive IT landscape, certifications serve as valuable credentials that validate technical expertise and enhance career prospects. Whether you’re entering the field or looking to advance, earning the right certification can set you apart from the competition and open doors to better jobs and opportunities. Among the most sought-after IT certifications are CompTIA Security+ and Cisco Certified Network Associate (CCNA).

I’ve been doing some research on group Managed Service Accounts (gMSAs) recently, and reading the MS-SAMR protocol specification for some information.