Blog

By Bert Amodol, Posted in Security

When most individuals think about hacking, they often envision someone in a hoodie typing intensely in a dark room with green code streaming across the screen. Actual penetration testing is somewhat less cinematic; nevertheless, it remains an intriguing process that requires meticulous planning, extensive knowledge of cybersecurity and cybersecurity tools, and a strategic approach. In this post, we will provide insight into a real-world penetration test conducted for a mid-sized technology company. The det... read more.

• April 23, 2025

By Steve Gold, Posted in Security

Written with contributions from Bryon Singh, Director of Security Operations, RailWorks Corporation Establishing and Maintaining a Data Classification Scheme: The "Sorting Hat" of Cybersecurity If you are a Harry Potter fan, you know the Sorting Hat plays a pivotal role in determining the future of young witches and wizards by categorizing them into one of the four Hogwarts houses: Gryffindor, Hufflepuff, Ravenclaw, or Slytherin. You probably also know which Hogwarts house you want to be in. This classifi... read more.

• April 22, 2025

By Eric Corcoran, Posted in Technology Week in Review

Monday 4/14 Citrix and Unicon: Control the endpoint, control the experience (Citrix) When the acquisition was announced in January, we immediately saw the potential to create meaningful synergies. Citrix already leads in delivering virtual apps and desktops, zero trust access, and secure application delivery. By integrating Unicon’s secure endpoint OS and management capabilities, Citrix now offers end-to-end control across the entire technology stack. https://www.citrix.com/blogs/2025/04/09/citrix-... read more.

• April 18, 2025

By Eric Corcoran, Posted in Technology Week in Review

Monday 4/7 The Expanding Attack Surface: How One Determined Attacker Thrives in Today’s Evolving Digital Workplace (Proofpoint) While email remains the primary threat vector, cybercriminals are exploiting new channels like messaging collaboration platforms, cloud apps and file-sharing services. This has created a fragmented security landscape with disconnected point products, resulting in higher operational costs, and increasing security gaps. https://www.proofpoint.com/us/blog/email-and-cloud-thre... read more.

• April 11, 2025

By Ken Phelan, Posted in Security

I spent some time with the CrowdStrike team last month going through their annual Global Threat Report. If you haven’t seen it, please do. This should be required reading for every cyber operator - https://go.crowdstrike.com/2025-global-threat-report.html 79 is the percentage of breaches that occurred without malware. Hence the much-used quote, “hackers don’t break in, they log in.” For years a quick explanation of cyber-attacks read as follows: Software has vulnerabilities. Ha... read more.

• April 10, 2025

By Eric Corcoran, Posted in Technology Week in Review

Monday 3/31 What is a Data Poisoning Attack? (Snyk) Data poisoning is a sophisticated adversarial attack designed to manipulate the information used in training artificial intelligence (AI) models. By injecting deceptive or corrupt data, attackers can hurt model performance, introduce biases, or even create security vulnerabilities.  https://snyk.io/blog/what-is-a-data-poisoning-attack/ Microsoft to Start Enforcing New Outbound Email Limits (Proofpoint) Microsoft has consistently made it clear tha... read more.

• April 04, 2025

By Eric Corcoran, Posted in Technology Week in Review

Monday 3/24 Lurking Threats in Post-Authentication Sessions (CyberArk) MFA is critical, but it’s not enough. Attackers are no longer breaking in; they’re logging in—by taking over valid sessions. Organizations need to rethink identity security beyond just authentication. https://www.cyberark.com/resources/blog/lurking-threats-in-post-authentication-sessions Inside a Scammer’s Toolbox: Common Tools, Tactics and Technologies (Bitdefender) Over the last decade, digitalization, soci... read more.

• March 28, 2025

By Ed Bratter, Posted in Infrastructure

One benefit to Microsoft 365 is the ability to share data and collaborate with partners, customers, vendors and users who are external to your tenant. This benefit, however, can be a scary endeavor as information can be inadvertently exposed to outside entities. Couple this with the fact that tenants by default allow users to share data with outside individuals. Equally concerning is that configuring external collaboration can be complicated because there are multiple options available and there are many ad... read more.

• March 27, 2025

By Eric Corcoran, Posted in Technology Week in Review

Monday 3/17 Beyond the Cloud | How Edge Computing is Unlocking IoT’s Full Potential (Check Point) As more devices come online, relying solely on cloud computing can lead to slow response times, high bandwidth costs and security risks. The traditional cloud-based infrastructure struggles to keep up with the demands of real-time data processing, low latency, and proactive, preventative security. https://blog.checkpoint.com/innovation/how-edge-computing-is-unlocking-iots-full-potential/ The Urgent Re... read more.

• March 21, 2025

By Eric Corcoran, Posted in Technology Week in Review

Monday 3/10 ICYMI: On March 6, 2025, Gotham's CTO, Ken Phelan, was joined by LogSeam's CEO and Co-founder, Daniel Wiley, to discuss cost effective strategies for managing cyber and compliance data. Click the link below for the full video. https://youtu.be/dKopbMqIkrE Key Takeaways from the 2025 State of AI in the Cloud Report (Wiz) AI is revolutionary technology, but its widespread adoption raises necessary questions about governance, security, and risk. The DeepSeek data exposure incident underscores... read more.

• March 14, 2025