May 25, 2022

Managing Cybersecurity is expensive, we all know that. But not managing it is also more expensive. Given my experience, an SME recovers from a critical Cyberattack in 5-10 days, if it can recover (yes I also personally know companies that lost everything because of a Cyberattack).

Post cover
May 20, 2022

Many companies (hopefully) are collecting logs in a central system. The reason besides that is for compliance and sometimes for root cause analysis. In this post, I want to recap that log management is not just about log collections, and why and how the process should be designed.

Post cover
May 18, 2022

In this article, I’m explaining why we are executing VA, why the traditional approach is dangerous and how we should manage the risk bound to vulnerabilities. I’m also discussing a few false myths about VA.

Post cover
May 11, 2022

In the last few years, I started to work (pro bono) on a different topic: personal digital security. In this post, I want to discuss post-mortem security: how to minimize family threats after death.

Post cover
April 20, 2022

My previous post about the UNetLab story become unexpectedly popular. UNetLab has been one of my most important and public projects, and I’m honored so many people all around the world used my homemade project.

Post cover
April 15, 2022

A few months ago a customer asked me about how to integrate custom applications and SIEM. The customer developed a Java application using a Tomcat container and the question came from an insurance company.

Post cover
April 03, 2022

As you probably know, I’m working on learning simulated lab for years. In the last couple of years, I moved to OT/ICS Cybersecurity, and sometimes I need a realistic lab to show the consequence of a Cyberattack targeting OT/ICS devices.

Post cover
March 29, 2022

Nowadays (hopefully) all companies are executing regular vulnerability assessments. They often use different partners/tools each year and they often limit themselves to vulnerability assessments. VAs are not the end of a security strategy, they are just a small step at the beginning.

Post cover
March 28, 2022

A few days ago, together with Rocco Sicilia and FESTO Academy , I presented a webinar on OT/ICS Cybersecurity approach. We are often spending time increasing Cybersecurity awareness, and that webinar was focused to gives Cybersecurity fundamentals to OT managers.

Post cover
March 25, 2022

These days I’m receiving more requests for help than ever. Most of them refer to suspicious emails, maybe because people are more aware, maybe because the current geopolitical situation is evolving fast.

Post cover