Nathan Cunningham

What would Security as a company value look like? More companies are focusing on their values; Integrity, Transparency, Speed, Humility, Ownership, etc., but one value I rarely see is Security. So what would happen if a company put the same effort into Security as it does its other company values?

Let's get away from check-the-box security and make it more relatable. Teach employees how to protect themselves outside of work and those good habits they develop at home will naturally make its way into their work. When employees see security as protecting the company AND themselves you will see a better ROI on your security awareness training.

Studies show that most cyber incidents companies face were attributable to human error. So let's get back to basics:

Use MFA whenever possible; even if it's just SMS, something is better than nothing.
Don't repeat passwords; use a password manager.
Longer passwords are better; "passwords-don't-have-to-be-complicated-just-long".

When people have the basics down you can focus resources on the other areas:

Keep your systems and software up to date; reduce your attack area.
Enable logging wherever possible; you can't threat hunt without visibility into your systems.
Monitor and respond; once you have visibility you need to take action.
Securely configure; follow industry best practices for securely configuring your tools and systems.
Test your controls; hire outside testers to regularly test that your controls are working as intended.

CompTIA Security+ ce Certification was issued by CompTIA to Nathan Cunningham.Earners of the CompTIA Security+ certification have the knowledge and skills necessary to perform core security functions required of any cybersecurity role. CompTIA Security+ professionals know how to identify and address potential threats, attacks and vulnerabilities and they have established techniques in risk management, risk mitigation, threat management and intrusion detection.

Payment Card Industry Professional (PCIP) was issued by PCI Security Standards Council to Nathan Cunningham.The Payment Card Industry Professional (PCIP) is an individual certification in payment security information that provides you with the tools to help your organization build a secure payment environment. PCIP's demonstrates a level of understanding that can provide a strong foundation for a career in the payments security industry. This renewable career certification is not affected by changes in employment assignments and stays in effect as long as the individual continues to meet requirements.

PCI Internal Security Assessor (ISA) was issued by PCI Security Standards Council to Nathan Cunningham.Internal Security Assessors are taught how to perform internal assessments for their company and recommend solutions to remediate issues related to PCI DSS compliance. Assessors are sponsored by their companies, so when you receive this qualification you will be able to act as a liaison with external PCI auditors and manage interactions with a Qualified Security Assessor (QSA).

MTA: Database Fundamentals - Certified 2016 was issued by Microsoft to Nathan Cunningham.Earners of the MTA: Database Fundamentals certification have demonstrated introductory knowledge of and skills with databases, including relational databases, such as Microsoft SQL Server. The MTA program provides an appropriate entry point to a future career in technology.

Google Sites

Report abuse