Profile

CommunityPlatform_1350x900.jpg

Randy Marchany

Edit My Profile

My Content

1 to 20 of 27 total

Anyone using Whistic Vendor R/A tool?

Posted By Randy Marchany 06-29-2023 12:28:09 PM
Found In Egroup: Cybersecurity \ view thread
Anyone using the Whistic vendor risk assessment tool? whistic.com is their URL. Just curious to hear what your impressions of the tool/service are. Thanks. Randy Marchany VA Tech IT Security Office and Lab ------------------------------ Randy Marchany University IT Security Officer Virginia ...

RE: New CISO Community Group

Posted By Randy Marchany 06-27-2023 01:46:03 PM
Found In Egroup: Cybersecurity \ view thread
Hello everyone. Looking forward to some good discussions from this group. Randy MarchanyCISOVA Tech IT Security Office and Lab

RE: New FSA Notice on Safeguards Rule Compliance

Posted By Randy Marchany 02-13-2023 02:39:16 PM
Found In Egroup: Cybersecurity \ view thread
Just a reminder that notifying the US Dept of Education of FERPA breaches (actual or suspected) has to be done "on the day" you discover it. See the "when do I report a breach" section at https://askregs.nasfaa.org/uploads/resources/ED_Cybersecurity_FAQ.pdf#:~:text=The%20Department%20has%20reminded% ...

VA Tech hosting SANS SEC 504 Hacker Tools, Techniques & Incident Handling discounted for EDUs, 5/15-20/2023

Posted By Randy Marchany 01-17-2023 11:36:01 AM
Found In Egroup: Cybersecurity \ view thread
Hi there. Save the date! We just got confirmation for SEC 504 "Hacker Tools, Techniques and Incident Handling" (https://www.sans.org/cyber-security-courses/hacker-techniques-incident-handling/) scheduled 5/15-20/2023. The format is TBD. Most likely it'll be via Zoom although SANS will do a hybrid (onsite ...

RE: Required MFA for Students

Posted By Randy Marchany 11-30-2022 12:07:22 PM
Found In Egroup: Cybersecurity \ view thread
It's been a requirement for all Faculty, staff and students for VPN and university apps since 2016. I think you can access our KB article - https://4help.vt.edu/sp?id=kb_article&sys_id=61a30d741be59d10a6396571604bcb2eon Duo. -Randy MarchanyVA Tech IT Security Office and Lab

How often do you patch your network devices?

Posted By Randy Marchany 11-29-2022 12:51:00 PM
Found In Egroup: Cybersecurity \ view thread
We're having a discussion here about network infrastructure device maintenance. Here are a couple of questions. 1. how often are your enterprise network infrastructure devices (core/edge routers, switches, access points, etc.) patched? 2. If not, why not? 3. Does patching depend on critical CVEs being ...

DOD moves to Zero Trust by 2027

Posted By Randy Marchany 11-29-2022 12:46:43 PM
Found In Egroup: Cybersecurity \ view thread
https://www.defense.gov/News/Releases/Release/Article/3225919/department-of-defense-releases-zero-trust-strategy-and-roadmap/ ------------------------------ Randy Marchany University IT Security Officer Virginia Tech ------------------------------

RE: University/college SIEM Deployments

Posted By Randy Marchany 11-17-2022 11:12:12 AM
Found In Egroup: Cybersecurity \ view thread
We have Splunk on-prem and are using OmniSOC. -Randy MarchanyVA Tech IT Security Office and Lab

RE: PenTest - Red Team Recommendations

Posted By Randy Marchany 11-15-2022 11:42:54 AM
Found In Egroup: Cybersecurity \ view thread
Blackhillsinfosec.com (John Strand) is one of the best pentest groups around.SecureIdeas (kevin Johnson) is another good one.-r.

Campuses and social media surveillance using Social Sentinel

Posted By Randy Marchany 09-21-2022 11:46:06 AM
Found In Egroup: Cybersecurity \ view thread
A buddy of mine sent me the story from the Dallas Morning News: http://interactives.dallasnews.com/2022/social-sentinel/ White Paper at https://s3.documentcloud.org/documents/22274805/ssi_hed_protest_whitepaper.pdf Anyone know about this? -Randy Marchany VA Tech IT Security Office and Lab ------ ...

RE: CIS controls - Has anyone implemented them?

Posted By Randy Marchany 09-12-2022 02:03:16 PM
Found In Egroup: Cybersecurity \ view thread
"Unauthorized" is in the eyes of the beholder, I guess.For us, authorized users of our network are VT faculty, staff, students, contractors, guests who have permission to use our IT infrastructure for approved purposes. -r.

RE: CIS controls - Has anyone implemented them?

Posted By Randy Marchany 09-12-2022 11:55:21 AM
Found In Egroup: Cybersecurity \ view thread
The biggest challenges for most orgs are the 1st 3 controls - HW, SW and Data inventory. For control 1, most of the info you need will probably come from your network group. Tools like ClearPath, CleanAccess or whatever work off a pool of addresses provided by your networking group. Things like DHCP ...

PrivacyHawk App - data deletion request

Posted By Randy Marchany 08-25-2022 12:14:48 PM
Found In Egroup: Cybersecurity \ view thread
Our CIO has asked his peers the following: -------------------- "At Virginia Tech, we are seeing a small number of requests for data deletion coming from an app called PrivacyHawk (https://www.privacyhawk.com/). See a redacted sample below. To date, we have not found any data for the requesting individuals. ...

RE: CIS controls - Has anyone implemented them?

Posted By Randy Marchany 08-05-2022 01:06:00 PM
Found In Egroup: Cybersecurity \ view thread
We're using Salty Cloud's ISORA product to do the assessment piece of this project. We've created a set of CIS v8 questions to be used in the assessment process. -Randy

RE: CIS controls - Has anyone implemented them?

Posted By Randy Marchany 08-03-2022 11:43:00 PM
Found In Egroup: Cybersecurity \ view thread
We're doing the CIS v8 assessment and implementation. First, this is a long term project (3 years min). It will take a while to do the assessments and the implementation. We're fairly distributed so there are some challenges. I was part of the team that created v8 of the Controls. Examples of cloud ...

GLBA Compliance - New Security Rule updates - Single person responsible for Infosec Program

Posted By Randy Marchany 05-23-2022 03:11:00 PM
Found In Egroup: Cybersecurity \ view thread
In https://www.perkinscoie.com/en/news-insights/glba-safeguards-rule-updated-to-impose-new-data-security-requirements.html#:~:text=The%20new%20rule%20allows%20financial,a%20written%20incident%20response%20plan it states "The existing Safeguards Rule allows a covered financial institution to have one ...

Anyone using ReliaQuest ?

Posted By Randy Marchany 05-10-2022 09:15:00 AM
Found In Egroup: Cybersecurity \ view thread
Anyone have experience using ReliaQuest as an open XDR solution? If so, what's your opinion of the tool/service? Thanks. ------------------------------ Randy Marchany University IT Security Officer Virginia Tech ------------------------------

RE: SANS HBCU Cyber Academy

Posted By Randy Marchany 05-09-2022 01:06:00 PM
Found In Egroup: Cybersecurity \ view thread
Anyone taking advantage of this program? ------------------------------ Randy Marchany University IT Security Officer Virginia Tech ------------------------------

VA Tech hosting SANS FOR 509 Enterprise Cloud Forensics & Incident Response, discounted for EDUs

Posted By Randy Marchany 03-01-2022 01:54:25 PM
Found In Egroup: Cloud Computing \ view thread
Hey there. VT will be hosting another SANS class on 5/16-19/2022. This will be 100% online over Zoom. All EDU (K-12, 2-4 yr higher ed), state/local agency eligible for the discount. Details: Event Registration Link: https://www.sans.org/cyber-security-events/virginia-tech-partnership-for509---l ...

VA Tech hosting SANS FOR 509 Cloud Forensics & Incident Response, discounted for EDUs

Posted By Randy Marchany 03-01-2022 01:52:00 PM
Found In Egroup: Cybersecurity \ view thread
Hey there. VT will be virtually hosting another SANS class on 5/16-19/2022. This will be 100% online over Zoom. All EDU (K-12, 2-4 yr higher ed), state/local agency eligible for the discount. Details: Event Registration Link: https://www.sans.org/cyber-security-events/virginia-tech-partne ...