Skip to main content

Posts

Identity as a new perimeter and a shift towards novel security approaches.

Security landscape has been steadily changing due to proliferation of cloud computing and online services coupled with increasingly mobile workforce. The traditional perimeter and segmentation-based approaches alone no longer match the needs of this new security landscape. With static, well-defined perimeters eroding, organizations need to implement dynamic security approaches that are flexible and continuous in nature. Identity is quickly becoming a new perimeter and frameworks and architectures such as Zero Trust and Secure Access Service Edge (SASE) are redefining how cybersecurity is tackled. But novel approaches don’t change the fundamentals. That's why I advocate for a time tested defense in-depth strategy that combines multiple and different methods of protection, both traditional and new, and infuses them with the cutting edge Machine Learning (ML) and Artificial Intelligence (AI) technologies that add behavioral dimension and automation to further enhance the practice
Recent posts

Three Pillars of Digital Transformation

A while ago I wrote on Driving Towards Digital Transformation in Federal Government with a focus on background, legislative landscape, and timing. Now, I would like to circle back with a slightly different message of highlighting the three pillars on which (IMHO) the success of the Digital Transformation can be built and sustained. First, let's rehash a couple of things -   Definition (credit to i-SCOOP , well put): Digital Transformation – is a profound transformation of business and organizational activities, processes, competencies and models to fully leverage the changes and opportunities of a mix of digital technologies and their accelerating impact in a strategic and prioritized way. And a quick reminder that while we use Technology as a catalyst for transformation, there are other parts of equal, if not higher, importance - like People , Policy , and Process : This leads us to a - Problem Statement: Technology and organizations are typically govern by a different rate of c

Relentlessly, Radically Relevant

In the age of Agile, DevOps, and Lean Startup culture speed is often prioritized above all else. And perhaps rightfully so, especially if you are dead slow 🙂 However, I would like to posit a slightly different premise - " Speed is less important than Relevance ." Well, that brings up a question - what is relevance  in a business context? I found the following definition by Ralf Blomqvist quite insightful: Relevance is doing meaningful things with and for your customers and being a part of customers' value creation. So, to paraphrase the sentiment of Natural Selection ( it is not the strongest or the most intelligent who will survive but those who can best manage change ): At the end, it is not the fastest who will win, but those most relevant! So, stay Relentlessly, Radically Relevant! (R^3) I will leave you with this thought... and a few reference materials. 🙂 A few books to mention: "The Art of Relevance" by Nina Simon "Relevance: Matter More"

Updating computer's AD Security Group membership without rebooting

I found the following to be very useful - From the elevated command prompt execute “ klist –li 0x3e7 ” to view the logon session of the computer account . To purge them, simply execute “ klist –li 0x3e7 purge ”. A typical use case might involve targeting GPOs based on computer's group membership. When you add computer to the group in order to test the application of policies you can reboot it or, alternatively, run the above mentioned to clear logon sessions, then do “ gpupdate /force ” and check. In a spirit of giving credit where credit is due, I found a few references to this, but the one I learned it from was  http://setspn.blogspot.com/2010/10/updating-servers-security-group.html

PoSh Disable and Move AD Users

A quick and easy way to disable user accounts and move them into designated OU: Import-Csv  "C:\TEMP\users.csv"  | ForEach-Object { `       $u=$_. "sAMAccountName" ; $l= "Disabling and moving: "  +$u; write-output $l; `       Get-ADUser -Identity $u | `       Disable-ADAccount -PassThru | `       Move-ADObject -TargetPath  "OU=Disabled Users,OU=Organization,DC=domain,DC=local"    Input is provided via a CSV file: users.csv (username) sAMAccountName   jdoe1   jdoe2   jdoe3   jdoe4   jdoe5   To generate input file run something like this, review and edit as necessary: Search-ADAccount –UsersOnly –AccountInactive –TimeSpan 180.00:00:00 | `       where {$_.enabled} | `       Get-ADUser | `       select sAMAccountName | `       Export-Csv -Path  "C:\TEMP\users.csv"   

WordPress displays weird characters

Sometimes after a database conversion (e.g. from MySQL to MariaDB) or due to encoding issues a situation might arise when WordPress is showing weird characters. A quick way of remedying the situation would involve examining the pages to discover a pattern (what characters are being substituted, in the example below the apostrophe was replaced by  ’ ) then running an queries against the database to reverse the effect. Here's a quick example (common tables that store content): UPDATE  wp_posts  SET  post_content =  REPLACE (post_content,  'Â' ,  '' )      UPDATE  wp_posts  SET  post_content =  REPLACE (post_content,  '’' ,  "'" )      UPDATE  wp_postmeta  SET  meta_value =  REPLACE (meta_value,  'Â' ,  '' )      UPDATE  wp_postmeta  SET  meta_value =  REPLACE (meta_value,  '’' ,  "'" )      Please, keep in mind that to permanently resolve the issue you would need to get to the root of the p

Skype for Business and VTC Interoperability

Skype for Business (SfB) has a very, very strong potential, I have written about it in my previous post . I can't think of any other platform that shows as much promise in terms of bridging personal and business communications as well as unifying different modes and mediums. And all of this may have started with a strategic acquisition of Skype by Microsoft in 2011. That said, the road ahead is not without challenges. For example, interoperability with other platforms. Making SfB work with existing Video TeleConferencing (VTC) systems, many of which represent significant capital investments in organizations' infrastructure, could be of a particular importance. After reading statements like Skype for Business is based on Session Initiation Protocol (SIP) standards and supports H.264 (MPEG-4 video coding standard) one can come to a quick conclusion that integration and/or interoperability with other VTC solutions is easy or nearly automatic. Unfortunately, the industry is not