Processes

So NOW you want a Disaster Recovery Plan

Posted on

Here at BuboWerks, we believe in risk-driven security, and when assessing risks, we attempt to look holistically at the risks businesses face. There is no point in spending big bucks on security controls to keep out nation state hackers when it’s more likely that some thug will use a brick to enter your office and […]

Applied

The Cost of Ransomware

Posted on

Ransomware is particularly insidious. Prior to the rise of ransomware, criminals focused on the attacking the confidentiality of data with large data breaches that compromised personal data like financial and health data. Fortunately for victims, those records are hard to commoditize with credit card numbers selling for mere pennies on the dark web. Ransomware instead […]

Processes

Simple Incident Response Plan Template for SMBs

Posted on

The adage among information security professionals is that everyone will get breached eventually, unless you already have been. As with all business risks, it is best to plan for the inevitable. When you have an information security incident, time is of the essence, so you should prepare your plan in advanced. Incident Response Plans are […]

Applied

Use a Password Manager!

Posted on

Given that BuboWerks aims to provide more support for small organisations than most information security consultancies, we would like to put out a primer of what security controls most small organizations should use. Chief among those recommendations will be, “Use a password manager!” Recently, Stuart Schechter put out a great piece cautioning against such advice. […]

Uncategorized

BuboWerks Flies Its Colors With Pride

Posted on

If you’ve been to the BuboWerks website before, you might notice that it’s a bit more colorful this month. That is because June is Pride Month, and BuboWerks is a huge believer in the importance of the LGBTQ+ community. Our mascot, the wise owl, is not a very flamboyant creature, instead relying on earth tones […]

BuboWerks

BuboWerks Values

Posted on

BuboWerks is now moving into its second year, which prompted us to update our business plan. This time around in the planning process, the question came up as to how our goals align to our values. While we have values, of course, they had never been codified, so this seemed like a good opportunity to […]

BuboWerks

What is a Small, Medium or Large Organization, or Enterprise?

Posted on

Many of BuboWerks service offerings are priced based off the size and complexity of an organization. BuboWerks was started in large part to make the same information security services used by large organizations available to the 99% of organizations that don’t have more revenue than a small country’s GDP. This raises the question of what […]

Processes

DevSecOps versus SecDevOps

Posted on

DevOps has been all the rage lately, and for good reason: it allows an organization to provide a more consistent environment for development, test, and production, decreasing configuration errors, all while reducing development time. Another name given to this technique is “Infrastructure as code”. This is generally good for security, as many technical attacks exploit […]

People

Getting Started in Information Security

Posted on

I volunteer with i.c.stars, an internship program designed to get promising candidates into the technology field. Most of these candidates were not afforded the opportunity to go to or complete college, yet they are all driven and excited by technology. The i.c.stars curriculum is intensive, involving 12-hour days for four months where the interns learn […]

People

Security Program Automation

Posted on

I had a great conversation with a CISO colleague / mentor recently who told me that his biggest challenge is that his staff is swamped with repetitive tasks – things that should be automatible, but have not been for a variety of reasons. Many thanks to him for helping me organize my thoughts on this […]