Learn more about Nth's most important asset – its people. What’s your job title? vCISO and Sr. Security Consultant How many years have you been with Nth? 9 years What does a typical day for you at Nth look like? Meet with various clients, perform pen tests & forensics, help with team items, and assist Account Managers with client needs. Which fellow Nth’er(s) inspire you and why? Dan Molina (Co-President & CTO) inspires me. I wish I had his method in building relationships. J

In recent months due to ongoing ransomware threats, our customers are finding it harder and harder to qualify for cybersecurity insurance. In this vlog episode, Jerry Craft, Nth vCISO and Sr. Security Consultant, and Jeromie Jackson, Director of Security & Analytics at Nth, discuss some of the actions taken by insurance companies to reduce their risk, and a few new services Nth is creating to help customers assess their cybersecurity insurance risk. Watch the full episode her

In this episode, Jerry Craft, vCISO and Sr. Security Consultant at Nth, and Derek Johnson, Sr. Cyber Security Engineer, GPEN at Nth, discuss ransomware takeaways from Nth Generation's Ransomware Readiness Assessment (RRA) SM. Derek goes over the top 3 problems we're finding as we do these assessments, and the top 3 solutions to these issues. Watch here. Join Nth Huddle, our exclusive forum connecting you to our Security experts. Request membership here. Learn more about Nth S

In this episode, Jerry Craft, vCISO and Sr. Security Consultant at Nth, and Rich Lindberg, contributing CISO, discuss how to build Security Operations (SOC), and use that security data in Executive/Board Communications. They also review avenues you can take to help educate your staff, and where you can go to find information on this subject. Watch the full episode here. Join Nth Huddle, our Discord server, to plug into Nth’s Security Subject Matter Expert brain trust. Request

In this episode, Jerry Craft, vCISO and Sr. Security Consultant at Nth, covers the latest concerns about ransomware in 2022, and reveals what you should investigate as you fight this threat. The ransomware playbook constantly changes as bad actors scurry to find ways to continue extorting companies. Watch to discover how Jerry evaluates one of these new concerns here. Join Nth Huddle, our Discord server, to plug into Nth’s Security Subject Matter Expert brain trust. Join our

By: Jerry Craft, Nth vCISO + Sr. Security Consultant As a tenured Sr. Security Consultant and vCISO at Nth Generation, I meet daily...

By: Jerry Craft, vCISO, Sr. Security Consultant | Nth Generation As a virtual CISO, I have the pleasure of meeting with many different executives across a variety of business verticals every day. In an average day, I meet with executives and discuss business risk. One risk that keeps coming up but getting pushed aside is data retention. Time and time again, I find that some executives are unsure how, or if, they should be concerned about data retention or data classification

By: Jerry Craft, Nth vCISO and Senior Security Consultant Looking for a place to chat with experts? In the late ’80s and early ’90s, I was Matthew Broderick from the movie “War Games.” At that stage of my life, I had already burned through a Commodore VIC-20 and ventured into the new world of a Tandy 8088 computing system. This computing screaming demon was pure Intel 86 processor that had a 20MB hard drive and floppy drives. Yes, younger generations, I could write programs

IT organizations are used to running older servers, storage, and networking gear. The typical mantra is to run them as long as possible; then even longer in an attempt to save money, reduce IT project churn, and stabilize the IT infrastructure. We’ll discuss a few of the problems that are created by this policy mindset, and the risks that are perpetuated either knowingly or unknowingly. In this article, there are two core viewpoints of the typical company thought processes th

I recently worked on a penetration test and discovered that a depreciated encryption method was being used. I often find this in MOST of my penetration tests that are usually haphazardly put in place such as: Manufacturer certificates are being used displaying the "Not Secure" logo Old encryption algorithms are being used Management consoles with bad/old certificates Sending files with deprecated encryption ciphers Should you use 128/256-bit or 1024/2048-bit encryption? …and