Profile

CommunityPlatform_1350x900.jpg

Randy Marchany

Edit My Profile


My Content

1 to 20 of 27 total
Posted By Randy Marchany 06-29-2023 12:28:09 PM
Found In Egroup: Cybersecurity
\ view thread
Anyone using the Whistic vendor risk assessment tool? whistic.com is their URL. Just curious to hear what your impressions of the tool/service are. Thanks. Randy Marchany VA Tech IT Security Office and Lab ------------------------------ Randy Marchany University IT Security Officer Virginia ...
Posted By Randy Marchany 06-27-2023 01:46:03 PM
Found In Egroup: Cybersecurity
\ view thread
Hello everyone. Looking forward to some good discussions from this group. Randy MarchanyCISOVA Tech IT Security Office and Lab
Posted By Randy Marchany 02-13-2023 02:39:16 PM
Found In Egroup: Cybersecurity
\ view thread
Just a reminder that notifying the US Dept of Education of FERPA breaches (actual or suspected) has to be done "on the day" you discover it. See the "when do I report a breach" section at https://askregs.nasfaa.org/uploads/resources/ED_Cybersecurity_FAQ.pdf#:~:text=The%20Department%20has%20reminded% ...
Posted By Randy Marchany 01-17-2023 11:36:01 AM
Found In Egroup: Cybersecurity
\ view thread
Hi there. Save the date! We just got confirmation for SEC 504 "Hacker Tools, Techniques and Incident Handling" (https://www.sans.org/cyber-security-courses/hacker-techniques-incident-handling/) scheduled 5/15-20/2023. The format is TBD. Most likely it'll be via Zoom although SANS will do a hybrid (onsite ...
Posted By Randy Marchany 11-30-2022 12:07:22 PM
Found In Egroup: Cybersecurity
\ view thread
It's been a requirement for all Faculty, staff and students for VPN and university apps since 2016. I think you can access our KB article - https://4help.vt.edu/sp?id=kb_article&sys_id=61a30d741be59d10a6396571604bcb2eon Duo. -Randy MarchanyVA Tech IT Security Office and Lab
Posted By Randy Marchany 11-29-2022 12:51:00 PM
Found In Egroup: Cybersecurity
\ view thread
We're having a discussion here about network infrastructure device maintenance. Here are a couple of questions. 1. how often are your enterprise network infrastructure devices (core/edge routers, switches, access points, etc.) patched? 2. If not, why not? 3. Does patching depend on critical CVEs being ...
Posted By Randy Marchany 11-29-2022 12:46:43 PM
Found In Egroup: Cybersecurity
\ view thread
https://www.defense.gov/News/Releases/Release/Article/3225919/department-of-defense-releases-zero-trust-strategy-and-roadmap/ ------------------------------ Randy Marchany University IT Security Officer Virginia Tech ------------------------------
Posted By Randy Marchany 11-17-2022 11:12:12 AM
Found In Egroup: Cybersecurity
\ view thread
We have Splunk on-prem and are using OmniSOC. -Randy MarchanyVA Tech IT Security Office and Lab
Posted By Randy Marchany 11-15-2022 11:42:54 AM
Found In Egroup: Cybersecurity
\ view thread
Blackhillsinfosec.com (John Strand) is one of the best pentest groups around.SecureIdeas (kevin Johnson) is another good one.-r.
Posted By Randy Marchany 09-21-2022 11:46:06 AM
Found In Egroup: Cybersecurity
\ view thread
A buddy of mine sent me the story from the Dallas Morning News: http://interactives.dallasnews.com/2022/social-sentinel/ White Paper at https://s3.documentcloud.org/documents/22274805/ssi_hed_protest_whitepaper.pdf Anyone know about this? -Randy Marchany VA Tech IT Security Office and Lab ------ ...
Posted By Randy Marchany 09-12-2022 02:03:16 PM
Found In Egroup: Cybersecurity
\ view thread
"Unauthorized" is in the eyes of the beholder, I guess.For us, authorized users of our network are VT faculty, staff, students, contractors, guests who have permission to use our IT infrastructure for approved purposes. -r.
Posted By Randy Marchany 09-12-2022 11:55:21 AM
Found In Egroup: Cybersecurity
\ view thread
The biggest challenges for most orgs are the 1st 3 controls - HW, SW and Data inventory. For control 1, most of the info you need will probably come from your network group. Tools like ClearPath, CleanAccess or whatever work off a pool of addresses provided by your networking group. Things like DHCP ...
Posted By Randy Marchany 08-25-2022 12:14:48 PM
Found In Egroup: Cybersecurity
\ view thread
Our CIO has asked his peers the following: -------------------- "At Virginia Tech, we are seeing a small number of requests for data deletion coming from an app called PrivacyHawk (https://www.privacyhawk.com/). See a redacted sample below. To date, we have not found any data for the requesting individuals. ...
Posted By Randy Marchany 08-05-2022 01:06:00 PM
Found In Egroup: Cybersecurity
\ view thread
We're using Salty Cloud's ISORA product to do the assessment piece of this project. We've created a set of CIS v8 questions to be used in the assessment process. -Randy
Posted By Randy Marchany 08-03-2022 11:43:00 PM
Found In Egroup: Cybersecurity
\ view thread
We're doing the CIS v8 assessment and implementation. First, this is a long term project (3 years min). It will take a while to do the assessments and the implementation. We're fairly distributed so there are some challenges. I was part of the team that created v8 of the Controls. Examples of cloud ...
Posted By Randy Marchany 05-23-2022 03:11:00 PM
Found In Egroup: Cybersecurity
\ view thread
In https://www.perkinscoie.com/en/news-insights/glba-safeguards-rule-updated-to-impose-new-data-security-requirements.html#:~:text=The%20new%20rule%20allows%20financial,a%20written%20incident%20response%20plan it states "The existing Safeguards Rule allows a covered financial institution to have one ...
Posted By Randy Marchany 05-10-2022 09:15:00 AM
Found In Egroup: Cybersecurity
\ view thread
Anyone have experience using ReliaQuest as an open XDR solution? If so, what's your opinion of the tool/service? Thanks. ------------------------------ Randy Marchany University IT Security Officer Virginia Tech ------------------------------
Posted By Randy Marchany 05-09-2022 01:06:00 PM
Found In Egroup: Cybersecurity
\ view thread
Anyone taking advantage of this program? ------------------------------ Randy Marchany University IT Security Officer Virginia Tech ------------------------------
Posted By Randy Marchany 03-01-2022 01:54:25 PM
Found In Egroup: Cloud Computing
\ view thread
Hey there. VT will be hosting another SANS class on 5/16-19/2022. This will be 100% online over Zoom. All EDU (K-12, 2-4 yr higher ed), state/local agency eligible for the discount. Details: Event Registration Link: https://www.sans.org/cyber-security-events/virginia-tech-partnership-for509---l ...
Posted By Randy Marchany 03-01-2022 01:52:00 PM
Found In Egroup: Cybersecurity
\ view thread
Hey there. VT will be virtually hosting another SANS class on 5/16-19/2022. This will be 100% online over Zoom. All EDU (K-12, 2-4 yr higher ed), state/local agency eligible for the discount. Details: Event Registration Link: https://www.sans.org/cyber-security-events/virginia-tech-partne ...