Editor's Update — May 2026: This post was originally published in January 2019 and has been updated to reflect the current Minnesota cybersecurity landscape, including new compliance requirements, evolving threats, and updated vendor information.   Are you looking for...

How do you weigh compliance in your information security program? Does it take the most important place, the front seat to all other initiatives? Or is it an afterthought that is no longer practical in today's cybersecurity landscape? So many companies that were...

For an information security analyst or security consultant, it is your primary mission to identify and prioritize risk and then focus your efforts on getting the greatest risk return. Before we discuss how to rank security findings, let's elaborate on the idea of...

  Welcome to our OWASP Top 10 series. This series aims at equipping you with foundational security concerns that exist in today's cybersecurity landscape. The best resource to use for this is the OWASP Top 10. If you haven't seen it, take some time to visit the page....

When I work with a client,  that has no formal information security plan or framework, the first thing I recommend getting started on is a security awareness program. This is a fancy way of saying "training staff how to identify, reduce, and react to suspicious...