Lessons Learned from a NERC CIP Audit

Lesson 1 – NERC CIP auditors are not normal auditors.  They are industry veterans from various aspects of the utility industry, and they know their stuff.  They also know the standards inside and out. Lesson 2 – Be prepared.  This goes hand-in-hand with lesson one.  If you do not know what you are talking about,
Read More »

Career update

I’ve made a great deal of progress with my personal goals over the last few months. My CISSP is currently in review waiting for final approval, and my GPEN is in progress. I’ve even managed to post semi-regular blog posts. We are steadily making progress on our family goals as well. A child enrolled in
Read More »

Energy Services Group attacked?

I became aware yesterday that several sources are reporting Energy Services Group was “hacked” or “attacked.”  There’s been a little saber rattling about hackers getting control of the US energy markets.  Being that I’ve had some dealings with ESG over the years, I thought I might speak to this. Here’s what we know at this
Read More »

Why I’m ditching Google

A few months ago, I had moved almost all of my storage into Google Drive, OneDrive, or iCloud depending on the usage.  This allowed me to turn down my old Dell FreeNAS server in an attempt to save on my electric bill.  I’ve never been completely on-board with this model, even though I know I’m
Read More »

Multiple Cisco IOS/IOS XE vulnerabilities posted

Folks – it’s time to tick everyone off with network maintenance windows!  Cisco PSIRT released 30 vulnerabilities in their router firmware across multiple versions of IOS and IOS EX.  Three critical vulnerabilities include one hard-coded credential affecting all IOS XE routers running IOS XE v16, and two which affect v15 under certain conditions.  Fifteen high risk
Read More »