Profile

CommunityPlatform_1350x900.jpg

Dan Bartkowiak

Edit My Profile

My Content

1 to 11 of 11 total

RE: Blocking Countries

Posted By Dan Bartkowiak 05-02-2024 06:59:51 AM
Found In Egroup: Cybersecurity \ view thread
Hi Petrus, We block China, Russia and a couple other geotagged countries (Albania and others I can't remember). We are a community college though, so the number of exceptions is less than many other colleges. I should mention, we keep the Geo Tag blocks on both the firewall and in Azure in our conditional ...

RE: Fake Applicants

Posted By Dan Bartkowiak 03-28-2024 11:22:35 AM
Found In Egroup: Cybersecurity \ view thread
We dealt with this problem for several years as well. The vendor only provided a way to blacklist applicant email domains. We added disposable email domains to it but we can't block gmail.com and microsoft.com. We have made it difficult and cumbersome for attackers to get anywhere with MFA, and several ...

RE: Phishing Simulation Training Cadence

Posted By Dan Bartkowiak 03-20-2024 06:51:00 AM
Found In Egroup: Cybersecurity and Privacy Awareness and Education \ view thread
Hi Jasleen, Like everything else I try to do, I make a point to automate things. For the first ever phishing campaign, I wanted to gather raw results of phishing data, so we did not announce any campaigns. We did try to keep the phishing email templates basic without HR or IT spoofing in the ...

RE: Do you share results of simulated phishing with individual departments?

Posted By Dan Bartkowiak 01-12-2024 06:54:00 AM
Found In Egroup: Cybersecurity and Privacy Awareness and Education \ view thread
Hi Charles, ECC and the majority of the SUNY college system uses KnowBe4. I have been happy with the product. ------------------------------ Dan Bartkowiak Information Security Officer Erie Community College ------------------------------

RE: Do you share results of simulated phishing with individual departments?

Posted By Dan Bartkowiak 01-11-2024 07:45:00 AM
Found In Egroup: Cybersecurity and Privacy Awareness and Education \ view thread
Hi Tara, At our campus we like to approach the phishing tests as a learning tool and to improve our overall security posture. While, we do not share campaign results with other departments, the built-in dashboard is used to advise us about our general user awareness and how it has improved since ...

RE: External Dynamic Lists?

Posted By Dan Bartkowiak 12-08-2023 07:34:21 AM
Found In Egroup: Cybersecurity \ view thread
Hi Andrew, Back when I looked at adding the MS-ISAC STIX/TAXI feeds to our Palo Altos (several years ago), a flaky Linux server was required to set that up. I have just been adding the IPs and Domains manually once a week with the light at the end of the tunnel that I won't need to anymore when we ...

RE: Breached Accounts - Domain Searches

Posted By Dan Bartkowiak 11-08-2023 08:44:00 AM
Found In Egroup: Cybersecurity \ view thread
I never used the HaveIBeenPwned service, so I can't speak to its capabilities. But, we have "breach watch" incorporated in our password manager named Keeper, Similar to what Clyde mentioned in 1Password. Also, the Cyber Security Awareness Training KnowBe4 has a breach list that is emailed out to admins ...

RE: Student MFA Exemption

Posted By Dan Bartkowiak 11-06-2023 09:40:39 AM
Found In Egroup: Cybersecurity \ view thread
Good idea Rusty, that should resolve the prison use case I just mentioned. I could see a compromised account taking advantage of that option (I believe i have seen it once), but overall a good idea. ------------------------------ Dan Bartkowiak Information Security Officer Erie Community College ...

RE: Student MFA Exemption

Posted By Dan Bartkowiak 11-06-2023 08:19:32 AM
Found In Egroup: Cybersecurity \ view thread
Just wanted to chime in and say we have a student MFA exception list, but disabilities are not among the list of valid arguments. (nor have we gotten a request like that). Permanent exclusions are not allowed and I audit the list monthly. The longest lasting exemptions I have seen is for a couple students ...

RE: Workday customers - any using step up authentication?

Posted By Dan Bartkowiak 11-06-2023 08:00:23 AM
Found In Egroup: Cybersecurity \ view thread
Hi Eric, We have been looking at Workday native MFA for privileged accounts and were about to implement that. I have not seen the "step up authentication" feature you mentioned in your post. I agree that the majority of Workday attacks center on direct deposit changes and it makes sense to implement. ...

RE: Never changing passwords

Posted By Dan Bartkowiak 09-14-2023 07:13:57 AM
Found In Egroup: Cybersecurity \ view thread
"We would love to do this but my security team swears that this puts convenience before security." Your security team does not consist of an average user. Your security team may use a password manager. Even if they do not, they are obviously conscientious about their own security practices. NIST's ...