Why cybersecurity due diligence is critical in mergers and acquisitions deals

Cybersecurity due diligence is an important part of the mergers and acquisitions (M&A) process because it helps ensure that the target company’s information assets are secure and that the acquiring company is not taking on any unexpected cybersecurity risks. M&A deals can be complex, and it is important to thoroughly assess the cybersecurity posture of […]

How to hire a CISO – for HR and IT executives

Hiring a CISO is like hiring the top general for an army just before a war. Some generals stay in history as the greatest military leaders of all time, leading their armies from victory to victory and putting any attacker to shame. Others cause loss after loss. In this article, we will expand on the […]

7 risks of working with a part-time CISO

2 am on a Friday night with all your servers and desktops encrypted by ransomware is not the best way to start a weekend. A security incident is just a symptom of a deeper underlying problem – usually that problem starts with the lack of security leadership. Most small firms of up to 500 employees […]

How to write your own SSP (System Security Plan)

How to prepare and write an SSP (System Security Plan) for business cyber continuity The CMMC 2.0 certification process requires that you generate and follow an SSP (System Security Plan). But that is not what you should start with! Look at the graph below. Your first step is to identify all risks as per NIST […]

Is your Active Directory in urgent need of attention?


Image credit: https://github.com/Orange-Cyberdefense/arsenal Active Directory is responsible for authorisation, authentication and privilege control as the core of most organisations’ IT infrastructure. And the image above is how a hacker sees it – the mind map is specifically called “Pentesting Active Directory,” created by an organisation specialising in attacking Active Directory the same way a hacker […]

How to obtain a SOC 2 Type 1 or Type 2 report for SaaS companies

This article clarifies some of the terminology and processes around getting your SOC 2 Type 1 and Type 2 reports if you are a SaaS company. What is SOC 2? SOC stands for “service organization controls.” SOC 2 is a reporting framework developed by AICPA. It is not a security framework; AICPA sets the criteria, […]

Cyber Attacks

“Everyone has a plan until they get punched in the face.” – Mike Tyson
Not an everyday occurrence, but certainly a reality experienced or heard of, and perhaps on-going within your organisation as you read this.

Alternative Tech

“Everybody has to pay attention to the digital revolution.” David Bonderman