Profile

CommunityPlatform_1350x900.jpg

Randy Marchany

Edit My Profile


My Content

1 to 20 of 29 total
Posted By Randy Marchany 04-17-2024 01:22:00 PM
Found In Egroup: Cybersecurity
\ view thread
We created a bugbounty program based on Stanford's approach. You can see our version at bugbounty.iso.vt.edu. It's on hold at the moment because we've exhausted our bounty budget. Guess you can say the program has been successful �� -Randy Marchany VA Tech IT Security Office and Lab
Posted By Randy Marchany 01-14-2024 10:17:00 PM
Found In Egroup: Cybersecurity
\ view thread
I've been nominated as one of the 225 finalists for the Top 100 Information Security Professional Award. I'd appreciate your vote. Voting will open on this webpage on January 15th: https://www.onconferences.com/2024-infosec-votes Voting will conclude on February 15th. The Top 100 Information ...
Posted By Randy Marchany 06-29-2023 12:28:00 PM
Found In Egroup: Cybersecurity
\ view thread
Anyone using the Whistic vendor risk assessment tool? whistic.com is their URL. Just curious to hear what your impressions of the tool/service are. Thanks. Randy Marchany VA Tech IT Security Office and Lab ------------------------------ Randy Marchany University IT Security ...
Posted By Randy Marchany 06-27-2023 01:46:00 PM
Found In Egroup: Cybersecurity
\ view thread
Hello everyone. Looking forward to some good discussions from this group. Randy MarchanyCISOVA Tech IT Security Office and Lab
Posted By Randy Marchany 02-13-2023 02:39:00 PM
Found In Egroup: Cybersecurity
\ view thread
Just a reminder that notifying the US Dept of Education of FERPA breaches (actual or suspected) has to be done "on the day" you discover it. See the "when do I report a breach" section at https://askregs.nasfaa.org/uploads/resources/ED_Cybersecurity_FAQ.pdf#:~:text=The%20Department%20has%20reminded% ...
Posted By Randy Marchany 01-17-2023 11:36:00 AM
Found In Egroup: Cybersecurity
\ view thread
Hi there. Save the date! We just got confirmation for SEC 504 "Hacker Tools, Techniques and Incident Handling" (https://www.sans.org/cyber-security-courses/hacker-techniques-incident-handling/) scheduled 5/15-20/2023. The format is TBD. Most likely it'll be via Zoom although SANS will do a hybrid ...
Posted By Randy Marchany 11-30-2022 12:07:00 PM
Found In Egroup: Cybersecurity
\ view thread
It's been a requirement for all Faculty, staff and students for VPN and university apps since 2016. I think you can access our KB article - https://4help.vt.edu/sp?id=kb_article&sys_id=61a30d741be59d10a6396571604bcb2eon Duo. -Randy MarchanyVA Tech IT Security Office and Lab
Posted By Randy Marchany 11-29-2022 12:51:00 PM
Found In Egroup: Cybersecurity
\ view thread
We're having a discussion here about network infrastructure device maintenance. Here are a couple of questions. 1. how often are your enterprise network infrastructure devices (core/edge routers, switches, access points, etc.) patched? 2. If not, why not? 3. Does patching depend on critical CVEs ...
Posted By Randy Marchany 11-29-2022 12:47:00 PM
Found In Egroup: Cybersecurity
\ view thread
https://www.defense.gov/News/Releases/Release/Article/3225919/department-of-defense-releases-zero-trust-strategy-and-roadmap/ ------------------------------ Randy Marchany University IT Security Officer Virginia Tech ------------------------------
Posted By Randy Marchany 11-17-2022 11:12:00 AM
Found In Egroup: Cybersecurity
\ view thread
We have Splunk on-prem and are using OmniSOC. -Randy MarchanyVA Tech IT Security Office and Lab
Posted By Randy Marchany 11-15-2022 11:43:00 AM
Found In Egroup: Cybersecurity
\ view thread
Blackhillsinfosec.com (John Strand) is one of the best pentest groups around.SecureIdeas (kevin Johnson) is another good one.-r.
Posted By Randy Marchany 09-21-2022 11:46:00 AM
Found In Egroup: Cybersecurity
\ view thread
A buddy of mine sent me the story from the Dallas Morning News: http://interactives.dallasnews.com/2022/social-sentinel/ White Paper at https://s3.documentcloud.org/documents/22274805/ssi_hed_protest_whitepaper.pdf Anyone know about this? -Randy Marchany VA Tech IT Security Office and Lab ...
Posted By Randy Marchany 09-12-2022 02:03:00 PM
Found In Egroup: Cybersecurity
\ view thread
"Unauthorized" is in the eyes of the beholder, I guess.For us, authorized users of our network are VT faculty, staff, students, contractors, guests who have permission to use our IT infrastructure for approved purposes. -r.
Posted By Randy Marchany 09-12-2022 11:55:00 AM
Found In Egroup: Cybersecurity
\ view thread
The biggest challenges for most orgs are the 1st 3 controls - HW, SW and Data inventory. For control 1, most of the info you need will probably come from your network group. Tools like ClearPath, CleanAccess or whatever work off a pool of addresses provided by your networking group. Things like DHCP ...
Posted By Randy Marchany 08-25-2022 12:15:00 PM
Found In Egroup: Cybersecurity
\ view thread
Our CIO has asked his peers the following: -------------------- "At Virginia Tech, we are seeing a small number of requests for data deletion coming from an app called PrivacyHawk (https://www.privacyhawk.com/). See a redacted sample below. To date, we have not found any data for the requesting individuals. ...
Posted By Randy Marchany 08-05-2022 01:06:00 PM
Found In Egroup: Cybersecurity
\ view thread
We're using Salty Cloud's ISORA product to do the assessment piece of this project. We've created a set of CIS v8 questions to be used in the assessment process. -Randy
Posted By Randy Marchany 08-03-2022 11:43:00 PM
Found In Egroup: Cybersecurity
\ view thread
We're doing the CIS v8 assessment and implementation. First, this is a long term project (3 years min). It will take a while to do the assessments and the implementation. We're fairly distributed so there are some challenges. I was part of the team that created v8 of the Controls. Examples of cloud ...
Posted By Randy Marchany 05-23-2022 03:11:00 PM
Found In Egroup: Cybersecurity
\ view thread
In https://www.perkinscoie.com/en/news-insights/glba-safeguards-rule-updated-to-impose-new-data-security-requirements.html#:~:text=The%20new%20rule%20allows%20financial,a%20written%20incident%20response%20plan it states "The existing Safeguards Rule allows a covered financial institution to have one ...
Posted By Randy Marchany 05-10-2022 09:15:00 AM
Found In Egroup: Cybersecurity
\ view thread
Anyone have experience using ReliaQuest as an open XDR solution? If so, what's your opinion of the tool/service? Thanks. ------------------------------ Randy Marchany University IT Security Officer Virginia Tech ------------------------------
Posted By Randy Marchany 05-09-2022 01:06:00 PM
Found In Egroup: Cybersecurity
\ view thread
Anyone taking advantage of this program? ------------------------------ Randy Marchany University IT Security Officer Virginia Tech ------------------------------