Articles by 'Steve Gold'

Blog Author - Steve Gold

Steve Gold is the Cybersecurity Practice Director at Gotham Technology Group (Gotham). He is responsible for providing the vision and thought leadership to expand Gotham’s legacy of success and build a world-class cybersecurity practice. He works closely with Gotham’s customers, industry partners, and subject matter experts to develop relevant solutions for Gotham’s clients and prospects.

Prior to joining Gotham, Steve worked with the Center for Internet Security (CIS), where he expanded the global reach, revenue, and impact of the CIS Benchmarks, CIS Controls, and CIS Hardened Images. He led the efforts to promote the CIS portfolio of low-cost and no-cost cybersecurity products and services that help private and public organizations stay secure in the connected world. He grew a team of security specialists from 12 to over 40 to assist organizations with implementing security best practices in their continual journey of cybersecurity maturity.

During his more than 20-year career, Steve led teams responsible for developing and implementing technology solutions at some of the industry’s most recognized companies such as Varonis, VMware, Dell & Wyse Technology

Steve is a frequent speaker/moderator at industry conferences and webinars, covering a wide array of information security topics. He resides and works remotely in Baltimore, MD.

By Steve Gold, Posted in Security

One of my favorite movies is WarGames. If you haven’t seen it, stop reading immediately cause I’m going to spoil it for you. In the movie, David Lightman (played by Mathew Broderick) uses a technique called wardialing, where his computer dials every phone number in a given area to find a modem at the other end. David discovers a modem for a military supercomputer aka WOPR (War Operation Plan Response, because everything needs an acronym). Once he's connected, he relies on easily guessable passw... read more.

  • October 31, 2023

By Steve Gold, Posted in Security

In "Mission: Impossible," one of the most iconic scenes involves Ethan Hunt (played by Tom Cruise) infiltrating a highly secure CIA facility at Langley to steal the NOC list, a comprehensive list of all covert agents. To access this room, Hunt has to bypass multiple security measures: Temperature Regulation: The room is temperature-controlled. A sudden rise could trigger the alarm. Ethan and his team have to ensure that his body heat doesn't increase the room's temperature. Sound Sensors: The room is eq... read more.

  • October 26, 2023

By Steve Gold, Posted in

In Iron Man 2, Ivan Vanko hacks into Lt. Col. James 'Rhodey' Rhodes’ suit (a.k.a. War Machine, Iron Patriot) and programs it against Iron Man. Ivan locks out everyone from Stark Industries and from Hammer Industries, the company that paid him to build the Iron Man-competitive suits. Ivan Vanko ended up building drones instead of suits because “People make problems. Trust me. Drone better”. This is a great example of an automated process to revoke access to an Enterprise Asset aka War Mach... read more.

  • October 17, 2023

By Steve Gold, Posted in Security

One of my favorite scenes in Thor: Ragnarok was when Thor attempted to escape the junk planet. He made it to the Quinjet and tried many different activation codes (access) such as: "Thor", "Son of Odin," and "Strongest Avenger" (twice). None worked. It was only when he said “Point Break” did the Quinjet start. Point Break was the activation code that Tony Stark had assigned him back from the 2012 Avengers movie. Unauthorized access to sensitive information is one of the most significant threats... read more.

  • October 10, 2023

By Steve Gold, Posted in Security

One of the most famous wizards of all time, Harry Potter, learned that he was destined to attend Hogwarts School of Witchcraft and Wizardry on his 11th birthday. It was then that Harry acquired his first wand at Ollivanders shop in Diagon Alley. From the moment he received his first wand, Harry had to learn how to wield the power of his wand. Similarly, in the digital landscape, providing every user with administrator privileges is like handing them a wand without proper training. Just as aspiring wizards... read more.

  • September 27, 2023

By Steve Gold, Posted in Security

If you’re a geek like me, you remember the above line from Star Wars Episode VI: Return of the Jedi where a strike team posing as an engineering crew gives a stolen (dormant) authorization code as they attempt to pass through a security checkpoint. The successful use of that dormant code allowed the rebels to take down the force field, fly inside the superstructure, knock out its main reactor, and destroy the Death Star. Dormant accounts are those virtual identities that lie idle, untouched, and unus... read more.

  • September 19, 2023

By Steve Gold, Posted in Security

If you’ve ever seen Jimmy Kimmel Live, I hope you’ve seen the “What’s your Password” skit. As funny, and as incredibly disappointing this is, it’s real life. We’re not in Kansas anymore folks. Many years ago, all we needed to do to protect our assets was lock our door. Now, our assets are spread across a virtual kingdom. Our online activities touch almost every aspect of our lives. From banking and shopping to work and communication, our digital presence is widespr... read more.

  • September 13, 2023

By Steve Gold, Posted in Security

“Identity theft is not a joke, Jim.” If you’re not familiar with this reference, please DM me as we have much to discuss. For context, the line above is said by Dwight K. Schrute, a character played by Rainn Wilson in the TV series The Office. In this episode a colleague impersonates Dwight, causing the line above. Once again, Dwight highlights the importance of account/identity security within an organization without hiding weapons throughout the office. User and administrator accounts p... read more.

  • September 06, 2023

By Steve Gold, Posted in Security

If you ever played the massively multiplayer online role-playing game (MMORPG) World of Warcraft, you entered a fantastical world where you create a character, embark on quests, and explore vast virtual landscapes. In the early days of "World of Warcraft," the default account for players was the "Guest" account. The account had limited capabilities and was mainly meant for players who were trying out the game before subscribing to a full account. Not surprisingly, some players discovered that the "Guest" a... read more.

  • August 16, 2023

By Steve Gold, Posted in Security

If you were lucky enough to watch Mr. Robot (no judgement here, please!), you learned some valuable lessons on implementing robust security measures and seeing how they can be compromised. In this blog, we will explore how the show's character, Tyrell Wellick, exemplifies secure asset and software management through version-controlled-infrastructure-as-code and accessing administrative interfaces via Secure Shell (SSH) and Hypertext Transfer Protocol Secure (HTTPS). SSH provides a secure and encrypted mean... read more.

  • August 08, 2023