‘Tis the Season – A Cyber Awareness Gift from Micro Strategies – Part 2

The holidays are here. With this comes parties, family gatherings, and work functions.

It’s also the time of year when those special unwanted gifts like phishing emails, credit card fraud and identity theft start their annual resurgence of popularity. Granted they are always present year-round, but there’s nothing like an upswing in digital shopping and online spending to spur their growth.

The personal habits and hygiene that people learn at home are naturally brought to work with them. This is true of cyber hygiene as well. In taking advantage of the holiday shopping season, and every other day throughout the year, the security posture of your company is only as good as the habits of your staff.

To enhance corporate cyber wellness and add some security to your season of joy (indeed, all seasons), we’re revisiting the topics covered during the recently celebrated National Cybersecurity Awareness Month. This is the second and final of two installments designed to impart cheerful guidance for your online experiences at home and at work.  In this installment, we cover Part 2 – Own IT and Part 3 – Protect IT (Read the first installment, including Part 1 – Secure IT, here).

Part 2 – Own IT

Be Private

Your personal information is like money. Be smart about where you’re sharing it, who you’re sharing it with and how it’s being used. Cybercriminals love it when you overshare on social media – they can learn all about you!

Make it harder for them by avoiding posting real names, places you frequent, home, school and work locations, when you’re out of your house, etc. Almost all social media sites have strong privacy options. Enable them when possible. Check your privacy settings, make sure they are not public and that only the people you trust can see your postings. If a post is intended to be public, then make only that post available and nothing else.

Remember, others who see your posts can also share the information. Be careful what you share and assume any information you post could eventually become public. Avoid communicating sensitive or private details about yourself or your family. It is also wise to avoid posting any images of yourself that you wouldn’t want someone like your parent or employer to see.

Check Your Phone

Your mobile devices are just as vulnerable as your PC or laptop. Take a moment to read the fine print on your apps. Many social networking sites or mobile device apps also support third-party applications, can deliver malware, or spy on you and your information. Inspect the details when downloading an app or registering for a new network. Only install applications from trusted sources and only install the apps you truly think you need. If it’s a temporary need, get rid of it by uninstalling when you’re finished using it.

Browsing or shopping on your mobile device? Make sure it’s not running suspicious apps or using permissions you didn’t realize you approved. When paying make sure you are on the proper shopping cart for the electronic store, and don’t keep your credit card information on your device unless you have it locked down with encryption and your phone has its access security settings turned on.

Enable automatic app and security updates in your device settings so your software runs smoothly and you stay protected against cyberthreats! Don’t hesitate to uninstall any app that acts suspicious or won’t work with your device’s security.

Rules for Keeping Tabs on Your Apps:

  1. Delete apps you don’t need or no longer use. It also opens up storage.
  2. Review app permissions. Say “No” to any that don’t make sense. 
  3. Only download apps from trusted sources like Google Play or Apple Store.
  4. Use antivirus or anti-malware. Even trusted sources can sometimes have a bad app.

Part 3 – Protect IT

If You Connect, You Must Protect

Any device that connects to the internet is vulnerable to various risks. The best defense is to keep device security software, web browser, downloaded apps, and operating systems up to date by turning on auto-updates. Outsmart the bad guys and cheat cyberthreats by keeping your devices and downloaded app software fresh and clean.

Stay Protected While Connected

Public Wi-Fi networks are not secure. Be very careful of shopping when using public hotspots like the local coffee house or your hotel. Shop anonymously and don’t log in. You never know who is electronically eavesdropping on your internet connection and recording (stealing) the information you put out there on the internet.

Limit what you do on public WiFi. Don’t log in to key accounts like email and financial services. Only purchase using a secure WiFi link like at your home on your secure router, or yes, at your company if your company’s policies allow you to do so.

If You Collect It, Protect It

If you are making online purchases, keeping your payment methods and information on your device, using it for any personal or private information, as we all do, turn on encryption and use your device’s secure access methods. Losing a mobile device is horrible enough when you lose your pictures, but losing your personal identity, compromising your company, or worse, putting your family at risk that way can be devastating.

Be safe and secure by practicing all you’ve learned. Just like we teach personal hygiene to our children, make cyber hygiene a personal habit. And the best way to practice cyber wellness is to pass it on to others. Make it a gift worth giving repeatedly.

Happy Holidays from Micro Strategies and the MSI security team! 

In today’s digital landscape, no one’s data is safe. Cybersecurity awareness can’t be overlooked by organizations; it’s essential for every employee.  Teaching your employees how to recognize cyber threats can turn them into one of your best defenses against cyber-attacks.  Interested in learning how Micro Strategies can help?  Contact us today.

Is Infrastructure Still Relevant?

By Ron Mente, Director of Cloud and Emerging Technologies

When thinking about the extremes of the IT landscape, I often use the comparison of the mainframe vs. microservices.  One embodies a large, legacy hardware platform, best suited for monolithic applications.  The other is a modern serverless paradigm whose lifespan is counted in the hundreds of milliseconds it takes to perform its task.  “Serverless” in this case is a bit of a misnomer, as the functions reside in a container which in turn live on a host, and that host requires compute, storage, and network – in short, hardware.   

The question, therefore, is not “is hardware relevant” but instead “is the hardware relevant to you?”.  The answer lies predominantly in the way your role within the organization requires you to interact with the technology.  I’ve outlined a few use cases below.

Line of Business

Let’s take an example of a Product Manager.  Your job is centered within the business itself and you are probably feeling intense pressure to deliver new innovations to your customers to remain competitive in your market space.  This can sometimes lead to an unfortunate behavior known as “shadow IT”.  You may feel that going to your core IT group takes too long, is too complex, or is too expensive and that public cloud is an attractive alternative.  Generating a new workload in AWS, Azure, or Google can be done with a minimal investment of resources or money.  Most importantly things can be done fast.  Why then, would you care about the platform your workload is running on?  Why even consider running it within your datacenter? A few things to keep in mind:

  • Security is key. Public cloud environments require the same (or more) security considerations as your on-premise.  How are you incorporating security requirements into the environments you are provisioning?  How do you know they are secure?
  • Performance requirements need to be understood. Most workloads interact with other data elsewhere within your environment.  Have you identified if and how often a workload moved to the public cloud interacts with other data?  Have you considered the long-term costs of the interaction of on-premise and public cloud applications?
  • Scalability is possible (and valuable).  Although public environments can be provisioned quickly, how do you know that the environment has been set up to scale up (and down!) to support the application needs?
  • Ongoing operations can be your largest expense. Public cloud environments do not equate to a fully hosted environment.  Who is managing your public cloud environment to ensure effective use of the public cloud environments?  

Application Development

If you are a developer, in a perfect world you would neither know nor care about the infrastructure your applications were running on, so long as the resources you need are both available and performant. Several key concepts to consider:

  • Beware of tooling. Public Cloud providers offer a rich set of tools to assist you in your role as a developer.  Have you considered why these providers have made these services so easily accessible?  Once you leverage these services how easy would it be to port the application to a different public cloud?  
  • Be aware of cost. Flexibility and scalability are tremendous options.  Have you thought about how the value these options augment the value of the application you are developing?  How much would you be willing to pay for this flexibility and scalability?  Is there a threshold as to when the cost can no longer be justified?  How can you manage that proactively? 
  • Security is important. Have you considered the impacts of your production security posture on your development environments?  Are the needs of these environments the same across all levels of development?  Are there new threat vectors you need to consider when using items such as open-source code? 

Core IT

If your role is in the core IT group within your business, you have probably invested a lot of time and effort into understanding the various infrastructure platforms available to you.  You recognize the need for core infrastructure, but now there are more things to consider than ever before.  Some key focus areas are:  

  • Mind the gap. Tremendous advancements have been made in performance, scalability, and reliability within the data center space.  Have you begun to take advantage of software-defined and cloud technologies within your existing footprint?  Have you analyzed the impact of leaving legacy systems in place instead of modernizing those environments?  Has your staff begun to skill up on these newer technologies or are they primarily focused on “keeping the lights on?”
  • It’s a multi-cloud world. One of the challenges for IT is to maintain the various platforms in use by the business.   How robust is your observability into your environment?  How do you maintain control of both cost and capacity of the various providers?  Are you looking at these platforms individually, or as a whole supporting the IT needs of your business?
  • Know your applications. It is imperative to have a true understanding of your application portfolio.  Do you have a documented inventory of the applications in use?  How do new applications get added and how do older applications get removed?  Do you have a specific plan for each workload to either re-platform, rewrite, retire, or retain them?  How do you determine placement of your applications, is it based on a single factor or a matrix incorporating technical requirements, operational needs, and cost?

As you can see, the underlying infrastructure can have a drastic impact on performance, security, elasticity, and price.  Given this, we can say that infrastructure is still a relevant part of the IT conversation.  Your role, however, will determine how much the architecture of that infrastructure is relevant to you.

In the world of software-defined everything, the role of infrastructure is shifting dramatically. At Micro Strategies, we recognize that there is no one size fits all approach to IT. Micro Strategies has a set of solutions that allow you to integrate your emerging needs with your existing operations.  Interested in learning how we can help?  Contact us today.

‘Tis the Season – A Cyber Awareness Gift from Micro Strategies

The holidays are here. With this comes parties, family gatherings, and work functions

It’s also the time of year when those special unwanted gifts like phishing emails, credit card fraud and identity theft start their annual resurgence of popularity. Granted they are always present year-round, but there’s nothing like an upswing in digital shopping and online spending to spur their growth.

The personal habits and hygiene that people learn at home are naturally brought to work with them. This is true of cyber hygiene as well. In taking advantage of the holiday shopping season, and every other day throughout the year, the security posture of your company is only as good as the habits of your staff.

To enhance corporate cyber wellness and add some security to your season of joy (indeed, all seasons), we’re revisiting the topics covered during the recently celebrated National Cybersecurity Awareness Month. This is the first of two installments designed to impart cheerful guidance for your online experiences at home and at work.  In this installment, we cover Part 1 – Secure IT.

Part 1 – Secure IT

Use a Strong Passphrase

Strong passwords or passphrases are one of the easiest ways to bolster personal cybersecurity. You are encouraged to create custom passwords that are unique to each of your accounts and applications. The longer a password or passphrase is, the greater the number of possible combinations there are in order for a hacker to guess the correct password.

Yet, P@s$w0rds_d0n’t_hav3_2_b_th!s_Complic@teD! 

Seriously, who can remember that? Make your password a passphrase. Keep it fun and friendly, something like this: “I love chocolate ice cream with sprinkles!”

When it comes to passphrases, it’s best to mix it up. Don’t use the same passwords or passphrases at home and in the workplace. Use favorite movie or book lines, inside jokes, stuff you don’t post online. Keep them fun, easy-to-remember and don’t reuse them. Passphrases should be just like YOU – fun and unique!

Use Multi-Factor Authentication

Sometimes even long and strong passphrases aren’t enough. No matter how long and strong your passphrase is, a breach is always possible. So, add layers in order to access your accounts.

Online banking and other financial web sites, your email accounts, file sharing web sites, online calendars and social media sites all have (or should have) multi-factor authentication (MFA) settings as a normal means to provide you secure access.

You can make it significantly harder for cybercriminals to access your online accounts by enabling MFA on all sites that ask you to log in to use them. MFA ensures that the only person who has access to your account is YOU.

Those Dreaded Security Questions

Some web sites still use a set of questions to either verify it’s you when you log in, or to help you recover or reset your password if you forget it. When you set up your access for the first time, you may be asked to choose and answer a set of these canned questions.

You do not have to answer truthfully: LIE! Oh boy, did a security professional just say that? Yes. Your mother’s maiden name is not that hard to find out, just ask any genealogy search site.

The key is to provide an answer in the same fashion as your passphrase, something that you will remember but will be extremely unlikely to guess. For example:

  • What street did you grow up on? I own a king-size bed.
  • Your mother’s maiden name? Japanese maple
  • Your best friend’s name? Why should I tell you?

If you can create your own question, that’s better than using a preset selection. But for your own sake and to secure your personal info, fake it.

Let’s Go Shopping

Online shopping is fun, exciting, full of wonderful things to see, and convenient. It can also be a trap for the unwary and novice shopper.

Cyber thieves are skilled at tricking users into shopping on look-alike sites, shoppers who are looking for the best deals and lowest prices. Maybe it’s a scam like selling fake, counterfeit, or even stolen goods. Often the goal is more nefarious: to steal the shopper’s personal credentials, user ID and password, credit card or banking information, even payments for items that will never be shipped. There are ways to protect yourself from this kind of theft or fraud.

Look for obvious warning signs, like deals that are obviously too good to be true. When possible, purchase from websites that you already know, trust, and have done business with previously.  Reviews can be a useful source of information about other shoppers’ experiences, especially from “verified purchasers” as marked on the website. A little extra time reading them before making your purchase can save a possible headache later.

Verify the website has a legitimate mailing address and a phone number for sales or support-related questions. If the site looks suspicious, call and speak to a human. If you can’t get a hold of someone to talk to, that is the first big sign you are dealing with a fake website.

Be suspicious if the web site’s domain in the address line of your browser is slightly different. For example, Amazon is https://www.amazon.com. If you find yourself at web sites pretending to be Amazon, such as http://store-amazoncom.com, watch out!

Before purchasing any items, make sure your connection to the web site is secure and encrypted. Most browsers show a connection is encrypted by having a padlock and/or the letters HTTPS (sometimes in green) right before the website’s name. Web sites like the one above that only use HTTP are NOT secure, so don’t go there.

Speaking of Buying, Use a Credit or Payment/Gift Card

When you are ready to make the purchase, using a debit card is very risky because it directly connects to your bank account. Using an electronic check even more so because you are providing your actual account number and routing information.

Using a credit card gives you better flexibility in the event of fraud or theft. A good method of protection is to ask the card provider to verify with you all purchases (usually by phone or email), or any purchases over a set amount. While you can do this with debit cards also, they are still connected to your bank account. If fraud is suspected or theft happens, it’s a lot easier to change a credit card than a bank account and less disruptive to your other payment activities like direct billing or direct deposit. If you find fraud or theft, contact your bank or card provider immediately. If you’ve experienced identity theft, contact law enforcement for help.

Finally, consider purchasing a gift card for yourself to use as your online payment option. Gift cards are easy to purchase, can sometimes be refilled, and are easily disposed of when expended.

Regardless of how you pay, regularly review your credit card statements and bank statements to identify suspicious charges, especially after you make many online purchases or used a new site. Confirm purchases with all others who have shared cards or are joint account owners.

Something’s Phishy

For the novice or those less experienced, it’s very easy to be fooled by the fake emails known as phish.

Over 90% of all breaches start with a phishing email. Just like the fake web sites, these email messages are designed to fool you, they are very sophisticated and difficult to detect. The senders of these emails don’t hesitate to imitate real sites like Apple, Amazon, Best Buy, Staples, Groupon, etc. They may even include real information like privacy notices or terms of use.

Cybercriminals cast wide nets with phishing tactics, hoping to drag in victims. They may offer a financial reward, threaten you if you don’t respond or engage, claim that someone needs your help, or ask for confirmation of your order or payment info. They may provide a link, an attachment to download, a fake invoice or receipt, ask you to reply to the email with specific personal info, or even ask you to call a phone number to provide that information.

Play hard to get: If you’re unsure who an email is from – even if the details appear accurate – do not respond, and do not click on any links or attachments.


  • Check the FROM address, be wary of perceived reputable companies with GMAIL or foreign domains. Look for generic names, names with random characters, and display names that don’t match the sending email address.
  • Look out for mismatched URLs – hovering your mouse over any link or URL will pop up the real destination, compare the address. If it’s a link that doesn’t match the sender’s domain, a link with random numbers or letters in the domain, a short-cut link like “bit.ly” or some other kind of shortened link, be very suspicious.
  • Using a search engine, look up the phone number separately for the company or person “sending” you the email and call to verify or report it.
  • Keep your antivirus software up to date.


  • Click on any links or attachments unless you have verified separately it’s from a trusted source, especially if it’s unexpected.
  • Click or call listed phone numbers from a suspicious email or ones that are included in pop-up ads.
  • Give out personal or private information through email. Don’t give it over the phone unless you have made the call and verified the party speaking on the other end of the call.
  • Forward a phishing email to other people, except to report it. Do not reply to phishing emails or click the link to unsubscribe (if there is one).

Additional things to look for: It’s most likely a phish if…

  • You haven’t bought anything from a web site that is emailing you about your purchase;
  • Poor grammar and spelling are used in the message;
  • There is a request for personal information, or worse, asking for money, especially with urgency;
  • An offer that appears too good to be true (it probably is);
  • Unrealistic or unlikely threats. The IRS, FBI or other law enforcement are not going to contact you by email.

As the adage says: If it looks like a duck, walks like a duck, quacks like a duck, it’s probably a phish – well… you know. If the content just doesn’t look right – trust your gut.

Happy Holidays from Micro Strategies and the MSI security team!  Look for the second installment of this series next week where we cover Part 2 – Own IT and Part 3 – Protect IT.

In today’s digital landscape, no one’s data is safe. Cybersecurity awareness can’t be overlooked by organizations; it’s essential for every employee.  Teaching your employees how to recognize cyber threats can turn them into one of your best defenses against cyber-attacks.  Interested in learning how Micro Strategies can help?  Contact us today


Predictive analytics is a key milestone on the analytics journey.

Download this free e-book to learn how to help your business:
> Navigate the modern predictive analytics landscape.
> Identify opportunities to grow and enhance your use of AI.
> Empower both data science teams and business
stakeholders to deliver value, fast.




Whether it’s AS/400, iSeries, or IBMi, tens of thousands of
businesses count on the robust reliability of the platform and plan to continue
using it for years to come. Changing demographics and retirement are shrinking
the talent pool, making support for these core business platforms more
difficult each year. As a result, over 57% of organizations now run their IBMi
infrastructure fully unattended in 2019[1],
using automation to remove as much human involvement as possible.

Yet it’s impossible to fully remove the human element. As a result, organizations must answer the question: How will you manage and maintain mission-critical IBMi infrastructure going forward?

Is IBMi still relevant?

The answer is a resounding yes. Over 100,000 companies still run some version of IBMi to run their most critical applications, many of which are developed in-house.[2] Additionally, only 1.3 percent of IBMi users report they will be migrating away from the platform within five years and 43 percent of those surveyed say they run 76-100 percent of their core business applications on IBMi. In fact, 24 percent of those surveyed plan to increase their IBMi footprint in the future.[3]

The numbers show that the platform has staying power and will likely remain a sizeable presence in the IT marketplace.

View on-demand webinar with our experts to learn more about how to overcome IBMi staffing challenges.

What options do you have?

As when any talented resource leaves, the organization must
choose how to address their departure. 

Do you look to hire a replacement?  In this scenario, we already know that the
talent pool is shrinking. You’ll most likely be investing more for a
replacement resource; one that may not be around very long and may become
increasingly expensive, like what’s happening to mainframe support talent

Do you begin migrating applications?  This could take time, which your business might not have.  It might be prohibitively expensive or cause too much disruption at a critical moment for the business.

This leaves a third option, one that we see many of our
customers choosing—outsourcing.

Making the Case for Outsourcing your IBMi Staffing

Outsourcing can be a powerful tool.  What can you gain by outsourcing your IBMi

  • Focus on core functions: You’ll be able to concentrate on your core business and align internal resources to more strategic growth areas of your business.
  • Gain access to expert talent and knowledge:  Outsourcing to a partner with IBMi expertise can help you fill the gaps when your IBMi talent leaves. The right strategic partner will most likely give you access to a seasoned professional with extensive knowledge around IBMi.  Depending on how you are currently using your IBMi, they might even be able to expand the role IBMi plays in your business.
  • Reduce or control costs: Bringing on a new employee represents a large investment.  Recruiters typically charge a 20-30 percent premium; that’s on top of the salary and benefits you will be paying.  If you decide to try and recruit new IBMi talent yourself, there are significant resources that are required—the time needed to screen and interview prospective employees as well as the cost of advertising the position and running background checks. The right strategic partner will most likely be better equipped to attract and retain IBMi talent.  Outsourcing means you only have to consider a single, fixed monthly cost.

Benefits Beyond the Access to IBMi Talent

Service providers who can manage IBMi also have the tools needed to automate maintenance tasks and a more expansive understanding of practices and trends across industries that you’d have difficulty replicating. Managed service providers such as Micro Strategies have seen the needs of the industry change and have developed new offerings to bring the tools, business models, and processes that have been benefiting the x86 world to IBM POWER.

Gone are the days of needing regularly scheduled health checks, often conducted on-site by a visiting technician. Modern tools and a global staff allow managed service providers to continuously monitor IBM equipment 24/7/365. A failed job no longer must wait until the next morning to get addressed. Now you can know when capacity is running low and gain the runway you need to budget and plan for future expenses.

How Can You Prepare?

Preparing for retiring talent requires planning but the
right outsourcing partner should be able to help guide your efforts while
keeping your business goals and needs in mind. For example, Micro Strategies is
currently helping a defense contractor navigate the retirement of their sole
IBMi resource, seamlessly transferring responsibilities to keep their IBMi
system running while keeping the contractor’s in-house estimating software
working and protected.

If you’re still uncomfortable with outsourcing, you’ll find
powerful questions you can ask here
to make sure the organization is the right partner for you.


Finding experienced IBMi professionals can be a challenge in today’s market.  An increasing percentage of talent is retiring and IBMi skill sets are dwindling.  Partnering with a strategic IBMi partner can provide multiple benefits from allowing you to gain access to the expertise you need to saving you time and reducing costs.

Micro Strategies has been helping businesses deploy and manage IBMi for over 15 years. Our team of experienced professionals can help organizations like yours manage, operate and maximize the value of their IBMi systems.  Contact us and let us help you prepare for the future.

[1] 2019
IBM i Marketplace Survey

[2] 2017
IBM i Marketplace Survey

[3] 2019
IBM I Marketplace Survey

5 Questions To Ask Before Upgrading To A SIEM Solution

Protecting an organization against cyber-attacks is
no small task. Information technology (IT) security
teams have to protect their organizations from these
attacks while also addressing internal and regulatory
compliance requirements.

As attackers become more dangerous and the
regulatory environment continuously evolves,
basic tools just can’t keep up.

For organizations facing this situation, a Security
Information and Event Management (SIEM) tool
is a potential solution to this challenge.

Download this free e-book to learn how modern storage solutions can optimize business operations and meet growth needs.


By Juan Nunez, Director of Data & Analytics

This blog is the second in a series of three blogs where we look at how leading digital companies leverage analytics.  The first installment can be found here.

During our first installment of Deciphering the Analytics Hype, we explored the importance of the business context in which changes occur as well as the criticality of understanding the business model, the operational impacts of change and how to assess them.

Today, we will dive a bit deeper into an example of a change our team encountered and how we engaged with our customers to select and deploy analytical approaches.

Deployment of a Loyalty Program

 A Fortune 500 company was looking to test a loyalty program with the following goals in mind:

  • Deliver enhanced experiences to customers
  • Develop a better understanding of purchase behaviors across online and offline channels
  • Reduce use of couponing and margin erosion
  • Increase trips in store and online

With these objectives in mind, the company set out to test and effect change in the way it interacted with customers. As previously discussed, these changes could potentially have a far-reaching impact on the current business model. Our team considered the following in defining the analysis required to assess the testing and eventual launch of the program:

The Analytics Approach

The team’s approach is grounded in the application of analytical methods to gain insight into business model changes and optimize operations to achieve business outcomes. In this example, each of the goals were achieved and the business value created exceeded the estimated return on investment. Interested in hearing how we can help your organization drive business value when analytics are thoughtfully applied? Contact us today to discuss the changes you are facing and the analytics approach that would provide you the best opportunity to serve your customers.



By Edward Serafin, Chief Security Architect

This blog is the second in a three-part series discussing security concepts and tactics I observed and participated in at Black Hat 2019 / DEF CON 27.  The first installment can be found here.

In August, I
attended Black Hat USA 2019 / DEFCON 27 in Las Vegas. What an overwhelming
experience it was—there was so much to see and do! For those of you that don’t
know, Black Hat USA is the world’s leading information security event,
providing attendees with the very latest in research, development, and trends.
DEFCON is the security/hacker community conference that occurs right after the
Black Hat Conference.  Thousands of
hackers and security professionals from around the world congregate to learn
about new technology vulnerabilities, cyberattacks, and more.

My primary reason for attending was for technical training. Black Hat Training offers attendees deeply technical hands-on courses on topics ranging from broader offensive security to the latest in penetration testing, infrastructure hacking, mobile application security, analyzing automotive electrical systems, and everything in between. Often designed exclusively for Black Hat, these hands-on attack and defense courses are led by some of the most sought after industry and subject matter experts from all over the world with the goal of defining and defending tomorrow’s information security landscape..

Black Hat Training: Insider Threat Hunting & Social Engineering

This year I decided to go low-tech and dive into counter social engineering; the official class title was “Insider Threat Hunting – Track, Elicit, Interview, and Mitigate. The course was led by multiple instructors with backgrounds in law enforcement, military, and intelligence/counterintelligence. While the class was fantastic, the only issue I have with courses such as these is the fact that they are condensing a 3+ week course into just a few days (or less). However, while it may be a challenging prospect, it’s well worth the time and effort.

As an ethical hacker, I’ve always enjoyed the social engineering aspect of my craft. As we all know (or should know), hacking people is far more effective than hacking computers; hackers and scammers alike use social engineering against human targets to achieve their goals.  The insider threat course explains the science behind how social engineering works, why it’s so effective and how to leverage the very same tactics against adversaries. Understanding the psychology and scientific method of the tactics I’ve been leveraging for years was fascinating.

This course
has changed my perspective on social engineering, providing a much deeper
understanding as to why social engineering tactics work and how they can be used
for maximum blast effect to the benefit Micro Strategies’ customers.

Defending Against Insider Threats within
your Organization

One of the largest threat vectors we face every day is the insider threat. Defending against this type of threat is challenging and requires practitioners to understand and apply various tactics to detect deception; These tactics include looking for tells such as micro expressions (the 11 subconscious facial expressions we all do under certain circumstances), conducting on-the-spot personality analysis utilizing the OCEAN (Openness, Conscientiousness, Extroversion, Agreeableness, & Neuroticism) and behavior analysis using the TIPI model.

having tools and understanding how to implement them is only half the battle. A
successful business needs employees and a successful security program means interacting
with those employees in a positive, meaningful way. Your staff was hired for a
reason. They are valuable assets and possess important skillsets and knowledge
that are required for the success of your business.

Most incidents
involving insider threats begin small. Whether it’s because a person feels
slighted or because of a conflict with another employee, these problems
escalate into incidents. The key to success is identifying threats early on by using
the various techniques above.

If an employee
exhibiting behaviors consistent with insider threat can be identified early,
it’s in the organization’s best interests to attempt to correct the problem
before it escalates into an incident. After all, it costs more money to replace
an asset then it does to fix an asset.

Understanding Behaviors is Key

This is the reason why I often recommend that security team members make a concerted effort to interact with their colleagues. It’s important to establish a working relationship with the people employed in your organization. Building rapport provides you with an opportunity to spot potential issues before they become bigger problems.

How do you know if an employee is having a bad day if you never established a baseline? Also, it makes approaching the employee a little easier. He or she might even be willing to open up about the issue with you because they’re comfortable with you. It’s the little things in life, they mean a lot to people and those perceived “little things” can add up to big problems if we don’t take the time to understand the people around us.

In the
coming weeks, look for my next, and final, blog in this series where I will conclude
with takeaways and memorable moments from my time at Black Hat 2019 and Defcon

The number of insider-related breaches is rising
every year. Thirty-four percent of all breaches in 2018 were caused by insiders
and the average cost of an insider-related incident is around $513,000. These
types of threats are significantly harder to detect and prevent in comparison
to outside attacks. Implementing an insider threat hunting solution can help you
protect your data.  Interested in
learning more? Contact us



As the pandemic continues to unfold, we wanted to take a moment to update you.

Since mid-March, most of our employees have been working remotely. We have adopted government guidelines and put precautions and protocols in place to ensure they’re operating in a secure environment.  I’m pleased to be able to say that we have not seen any disruptions to our ability to support our customers as our workforce transitioned to virtual operations.

In the instances where a critical situation has occurred that required one of our employees on-site at a customer’s location, we are following CDC guidelines to ensure the safety of our customers and employees.

We continue to operate as closely as possible to business as usual during these unprecedented times.  Our employees are available to continue supporting customers and their projects as needed.

We remain committed to our customers and their operations and we’re grateful for each and every one of you.


Stay safe,

Anthony Bongiovanni