Posts by Brian Carey

5 min

Preparing for the Cybersecurity Maturity Model Certification (CMMC), Part 2: The Larger Picture

In part two of our "Preparing for the Cybersecurity Maturity Model Certification" series, we take a deeper dive to understand how the framework is designed.

6 min

Preparing for the Cybersecurity Maturity Model Certification (CMMC) Part 1: Practice and Process

Learn how to better understand the terms and structure of the Cybersecurity Maturity Model Certification (CMMC).

3 min Vulnerability Management

Why Most Vulnerability Management Programs Fail and What You Can Do About It

In our latest webcast, we explain why most vulnerability management programs fail and what you can do to avoid the same fate.

4 min Penetration Testing

CIS Critical Security Control 20: Measure Your Security Standing with Penetration Tests and Red Team Exercises

Protecting yourself from threats requires consistently asking yourself whether your security program is working as designed. Critical Control 20 covers pen tests and Red Team exercises.

4 min CIS Controls

CIS Critical Security Control 17: Some Assembly Required for Your Security Awareness and Training Program

Developing out a new security program but neglecting to train your employees on it is like shipping out this year’s hottest product but forgetting to stash the instruction manual in the box. The key principle behind CIS Critical Control 17 is implementing a security awareness and training program.

5 min CIS Controls

CIS Critical Control 14 Explained: Controlled Access Based on the Need to Know

This is a continuation of our CIS critical security controls blog series [/2017/04/19/the-cis-critical-security-controls-series]. See why SANS listed Rapid7 as the top solution provider addressing the CIS top 20 controls. Let’s start with some simple, yet often unasked questions. Do you know what critical assets—information and data, applications, hardware, SCADA systems, etc.—exist in your organization’s network? Do you have a data classification policy? Who defines the criticality of systems