The Okta Hack story development continues… On March 23rd, David Bradbury, CSO of Okta, issued a press release detailing a timeline of their incident response. In summary, Okta utilizes third-party vendor Sitel for customer support inquiries. In late January, a support engineer’s account was supposedly accessed but the employee declined the MFA challenge. The Okta security team contained the user account and shared indicators…
Okta Hack: Why it’s Important
On March 22, 2022 news outlets began reporting that identity & access management provider Okta had been the victim of data extortion group LAPSU$ as part of a supply chain attack. Okta is a platform that enables enterprises and small businesses to manage and secure user identities, authentication and access control. The software is part of the Authentication, Authorization and Auditing (AAA) function of…
Stop asking for legal & preferred name on job applications
Recruiters / hiring managers: When you meet someone for the first time, would you demand to see their papers before you will even speak to them? Of course not. That would be rude. And weird. You would just ask them what their name is. So why do your job applications ask candidates to make the distinction between legal and preferred names? From a transgender…
Two-Step Verification vs. Multi-Factor Authentication
Google recently announced that they have seen a 50% decrease in account compromises since auto-enrolling users in 2-Step Verification (2SV) in late 2021. This is great news from a cybersecurity stand-point. However, it’s worth noting that two-step verification is less secure than proper multi-factor authentication (MFA). To understand the difference between 2SV and MFA, consider the following authentication factors: Something you know (usernames, passwords)…
Recovering from Tech Burnout
At the beginning of the pandemic, I had already been feeling burned out for almost a year. In the previous summer of 2019, I had just finished an intense Computer Science degree program. During the previous 2 years, I had been working a part-time job (as a software/IT engineer) while studying computer science and performing undergraduate research. I was putting in 80+ hours a…
Overview of NIST Cybersecurity Framework
What is the NIST CSF? The Cybersecurity Framework (CSF) is a collection of standards, guidelines and best practices created and published by the National Institute of Standards & Technology (NIST). It consists of three components: Implementation Tiers, the Core and Profiles. Implementation Tiers help organizations determine their current and target level of risk management controls. The Core consists of five functions that help reduce…
CIS Critical Security Control Navigator
As a newcomer to GRC (but not IT) I’ve been studying various compliance and control frameworks. I decided to focus on the CIS Top 18 to begin with, but I know there’s also a lot of chatter about CMMC as an up and coming framework, so I wanted to familiarize myself with that too. I found out that the CIS Controls Navigator has a…
Holiday Cybersecurity Tips
The holidays are here and information security is as important as ever. For many of us, that means lots of traveling and online shopping. Here are a few tips to keep in mind to protect yourself this season.
Introduction to REST architecture
This article is a brief introduction to the REpresentational State Transfer (REST) architecture. It is intended for aspiring/junior software developers and other technical professionals who would like to have a better understanding of REST. Representational State Transfer is a system architectural style enabling the creation and utilization of web services. Services compatible with REST are referred to as “RESTful.” This is common among microservices,…
Agile & Scrum for Newbies
Agile is a framework for methodologies that follow the Agile manifesto. One of the most common Agile methodologies in use is Scrum. It’s a really effective and flexible approach that focuses on building fully functional things within a short amount of time. It really shortens the feedback loop! I ended up adapting it for my own life management because of how well it meshes…