May 27, 2026
CISM vs CISSP: Which Certification Fits Your Career Path?
Comparing CISM and CISSP to help IT and security professionals choose the right certification for their career goals in 2026.
Read Article
May 26, 2026
Can You Spot the Phish? Take Our Free Phishing Awareness Quiz
Ten real-world email scenarios, one question each: legitimate or phishing? See how well you and your team spot the attacks behind most breaches.
Read Article
May 26, 2026
Find the Certs That Get You Hired: Introducing the IT Dojo Job Match Tool
IT Dojo's free Job Match Tool shows which certifications hiring managers want for your target role, based on real job postings, not guesswork.
Read Article
May 26, 2026
Stop Guessing How to Study: Introducing IT Dojo's Free Exam Study Plan Generator
IT Dojo's free Exam Study Plan Generator builds a personalized, week-by-week study schedule for 20 IT certifications based on your exam date and hours.
Read Article
May 17, 2026
DoD 8140 Certification Roadmap: How to Get Qualified for Your Cyber Work Role
The DoD 8140 compliance deadlines have arrived. Here is a practical step-by-step guide to identifying your DCWF work role and choosing the right certifications …
Read Article
May 16, 2026
CISSP vs CISM: Which Certification Is Right for Your DoD Career?
CISSP and CISM both satisfy DoD 8140 IAM Level II and III requirements, but they are built for different roles. Here is how to choose the right one for your …
Read Article
May 15, 2026
The CompTIA Certification Pathway: A Guide for DoD and Federal IT Professionals
A complete guide to the CompTIA certification pathway for DoD and federal IT professionals, from Network+ through SecurityX, with DoD 8140 mapping and guidance …
Read Article
May 11, 2026
DoD 8140 vs DoD 8570: What Federal IT Professionals Need to Know
Confused about the DoD 8570 to 8140 transition? Learn what changed, which certifications are required, and how to stay compliant in your federal IT role.
Read Article
February 23, 2026
Guide to Zero Trust Architecture for DoD: Building a More Resilient Defense
The landscape of cyber threats targeting the Department of Defense (DoD) is constantly evolving, demanding a paradigm shift in how we secure critical…
Read Article
April 17, 2024
Demystifying STIGs: Securing IT Systems with Compliance and Confidence
In the realm of cybersecurity, adherence to rigorous standards and best practices is paramount to safeguarding sensitive information and maintaining the…
Read Article
April 17, 2024
Embracing Zero Trust: Redefining Security in the Digital Age
In an era of ever-evolving cyber threats, traditional security models are proving to be inadequate in safeguarding sensitive data and systems.
Read Article
April 17, 2024
Strengthening Cybersecurity: Navigating the Risk Management Framework for DoD IT
In an era marked by evolving cyber threats and stringent security requirements, the Department of Defense (DoD) plays a pivotal role in safeguarding…
Read Article
May 25, 2021
Risk. What to Do With It.
Recently our regional grocery store chain notified their employees and customers that they had a data breach involving some HR data and pharmacy records.
Read Article
November 12, 2019
Cybersecurity Framework – Is it relevant to Federal/DoD organizations?
Just when folks were beginning to get somewhat comfortable … or, at least, familiar … with the Risk Management Framework (RMF), along come our friends at…
Read Article
April 15, 2019
Security Control Inheritance
CNSSI 4009 defines Security Control Inheritance as “a situation in which an information system or application receives protection from security controls (or…
Read Article
April 5, 2019
How Much Information is in a Message?
"How much information is in a message?" Huh??? That sentence, in the context of typical use of those words (information & message), doesn't immediately make…
Read Article
July 13, 2017
Continuous Monitoring Today: And Tomorrow
This article was written by Lon Berman, CISSP, RDRP of BAI Information Security Step 6 of the Risk Management Framework (RMF) is entitled “Monitor Security…
Read Article
February 24, 2017
160 bits …SHAttered!!!
We knew this day was coming. On a long enough timeline, the survival rate for every algorithm drops to zero. Yes, I'm paraphrasing Tyler Durden.
Read Article
January 24, 2017
In the World I See…
My time in the IT world is closer to three decades than two. And anyone else who has been around half as long can testify to the amount of change that has…
Read Article
September 16, 2016
Security Control Spotlight: Contingency Planning
In this issue we will shine the spotlight on the Contingency Planning (CP) family of security controls.
Read Article
June 7, 2016
Security Control Baseline “Tabletop Review”
Let’s take a look at some strategies for reviewing the Security Control Baseline and creating “action plans” for implementation.
Read Article
June 1, 2016
Security Control Spotlight: Inheritance
Security Control Inheritance is one of the most powerful tools available to facilitate the RMF process.
Read Article
April 27, 2016
Learning More About Apple iOS9 MAC Address Randomization
Apple uses a variety of scans for wireless LAN/physical location information. There are Preferred Network Offload (PNO) Scans, Enhanced Preferred Network…
Read Article
March 11, 2016
Security+ CEU Question and Answer
I recently had a client who had a Security+ certification that was about to expire and he asked me a question that I wanted to share with our readers.
Read Article
February 18, 2016
The Danger of Transparent Encryption
With all the renewed furor over the government attempting to force Apple to backdoor iOS devices so the FBI can inspect the phone of the San Bernardino…
Read Article
January 19, 2016
A Somewhat Brief Explanation of Password Entropy
In this post Colin explores password entropy and what it means in terms of password strength.
Read Article
November 23, 2015
Security Control Spotlight: A Little Good News?
Imagine this dialog between Edward, a System Owner, and Christine, his Information System Security Manager (ISSM): Edward (System Owner):“Now that we’ve…
Read Article
November 16, 2015
John Brennan, AOL, and Bruce Schneier Driving Hard Left
I just finished reading Bruce Schneier’s blog entry, titled "The Doxing Trend". Let me start by writing that I am usually a big fan of Mr. Schneier.
Read Article
July 15, 2015
Top Ten: Data Breaches that Made the News
Many information security incidents are newsworthy, especially when they involve compromise of personal, financial and/or medical information.
Read Article
March 13, 2015
Security Control Spotlight: The PM Family
The Beatles were comprised of how many musicians? Easy, right? They were called the “Fab Four”, so there were definitely 4.
Read Article
February 1, 2015
Installing pyrit with GPU Support on OS X
In this post Colin walks you through getting Nvidia CUDA support enabled on your OS X device and illustrates the basics of how to use it with pyrit and cpyrit.
Read Article
January 27, 2015
Spotlight: Information Security Continuous Monitoring
No longer just a technical issue, instead a strategic program to manage cybersecurity risk. Targeted cyber attacks are a strategic organizational problem.
Read Article
November 13, 2014
Security Control Spotlight: By the Numbers
In this issue’s “Spotlight”, we’re not going to focus on any specific controls or families, but rather on a comparison of RMF controls and DIACAP controls.
Read Article
July 21, 2014
Security Control Spotlight: Organization-Defined Parameters
Under RMF, NIST SP 800-53 is the primary source for security controls. If we compare these controls to the DoDI 8500.2 IA controls used in DIACAP, several…
Read Article
May 9, 2014
Offensive Wifi Gear Has Started to Arrive!
We are getting excited about our upcoming Offensive Wifi and Mitigation Techniques class. Gear has started to arrive!
Read Article
April 16, 2014
Cloud Security and FedRAMP. Are you Ready for it?
A deadline for federal agencies to adhere to the government’s baseline cloud security standards and changes to the standards themselves are coming up very…
Read Article
April 7, 2014
Continuous Monitoring: It’s Not (Just) About The Tools
by Annette Leonard BAI Consulting Continuous Monitoring has long been recognized as a critical element in maintaining a strong security posture for any IT…
Read Article
October 2, 2012
Pushing Firewall Admins into an ICMPv6 Frame of Mind
In this post Colin discusses issues the Path MTU discovery (PMTUD) and its implications on networking with IPv6.
Read Article
December 30, 2011
Security Through Obscurity
The effectiveness of Security through Obscurity is closely related to the knowledge (or lack thereof) of the attacker.
Read Article
May 20, 2011
In the World I See…
I wrote this post several years ago. By writing it I was trying to get people to begin to think about how the size of the IPv6 address space, when combined…
Read Article
May 9, 2011
On the Practical Feasibility of Ping Sweeping IPv6 Networks
Exploring the practical feasibility of ping sweeping IPv6 networks. Includes a spreadsheet for determining how long it will take to sweep your own network.
Read Article