Audit once – Use a Bunch – SOC Reports (SSAE18) Simplified!

I see a fair amount of confusion from Security Professionals to Auditors and beyond. I’ll try to simplify it here. SOC – Service Organization Controls And I see people confidently speaking about it and they’re wrong. Let’s fix that! All the things I see are in Auditor-ese, lets simplify it! There’s 3 SOC reports. Click …

Read more

How to find outside email forwarding in Office 365 using Powershell

Hi there! Have you ever tried doing simple stuff in Office 365 as an Email Administrator like ya know.. find out how many people have their work email forwarded to outside email addresses? Simple? Not exactly. Don’t worry, we got this. There’s lots of awesome things you can do with Windows Powershell and 365 remotely, it turns out. …

Read more

Wanna know how to get a Security professional to make the stink face? 

Say Security and WordPress in the same sentence.   They’ve seen at least one (or more) hacked sites in their time. For good reason. It happens a lot. They might even look like they need a squish ball for the stress you’ve just brought upon them.   But why? Is it because WordPress isn’t secure? …

Read more

What’s PCI-DSS? tl;dr it!

PCI-DSS stands for Payment Card Industry – Data Security Standard   PCI is a council of all the credit card companies that gathered together to create common security standards to adhere to (e.g., Visa, Mastercard, Discover, American Express). They cover credit card information and PII storage (Personally Identifiable Information).   You either have to select …

Read more

What's the difference between IT Compliance and IT Audit?

What’s the difference between IT Compliance and IT Audit?

I’ve looked all over and have yet to find a clear and simplified explanation on this.  I see why people are confused. Let’s clear it up. Here goes: IT Compliance – Short Answer: What controls should we have in place? Future. Longer answer: IT Compliance asks bigger questions about what should happen and works to …

Read more