Author Archive for: LStrauss

What defense contractors need to know about CMMC going live – As of November 10, the Department of Defense (DoD) activated the Cybersecurity Maturity Model Certification (CMMC) program. The US government’s contracting officers can now require CMMC certification as a condition for awarding new contracts.

Without CMMC certification, businesses will no longer be awarded contracts or be able to work with the DoD when CMMC is specified in a solicitation (there is a window of grace and some exceptions). Understanding when this applies and how to prepare is essential to establishing or maintaining a position in the defense market … [8 min. read]

On Sunday, October 19, 2025 at 9:30 AM four criminals approached Paris’ Louvre Museum and left seven minutes later with eight pieces of French royal jewelry containing 8,000 stones set in gold.

When these thieves targeted Napoleon-era crown jewels, they were exploiting specific vulnerabilities.

What in your organization is equivalent to France’s crown jewels? Meaning, what is most important? Is it your literal money in the bank? Is it advancements you’ve made in research and development? Is it your client data? What are you aware of that would make these vulnerable to theft? [10 min. read; audio available]

A large part of Bryley’s mission is to make computer systems function so that the organizations that hire us can just go about their work with as few tech-related interruptions as possible. (The other large part is strategic consulting to optimize computer systems to help an organization achieve its goals.)

When you flip on a light, you expect it to work. Who considers the wiring in the walls, the breakers, the transformer outside the building, the larger transformer down the street, the overall grid? Electricity was meant to just work and around here it does. It’s invisible and reliable. And that’s how an organization’s IT systems should be, too … [6 min. read]

It’s hard to argue with the simple strategy of ‘fix it when it breaks.’ And when it comes to pencils and pens – absolutely. There is no risk in using these till you can’t anymore. Throwing a pencil away and picking up a new one is meaningless.

But the stakes are entirely different when it comes to how much organizations’ operations are now built on tech tools. If a server fails or becomes inaccessible or a database gets corrupted, the impact to many people in and outside of your organization can be great. And so the strategy for maintaining the operation of these tools should match the stakes … [6 min. read]

Traditionally security was added at the perimeter – things like firewalls, passwords, MFA, etc. – creating a cordoned-off area in which we could get on with our work. What Bryley’s seeing lately are attempted attacks disguised as legitimate software. As an example, recently Endpoint Detection and Response (EDR) helped Bryley stop a data-exfiltration attempt that used two pieces of legitimate software (rclone [a file-copying program]) and Chrome Remote Desktop. Traditional perimeter defenses, dependable as they’ve been for years, would not be aware of good software being misused like this.

EDR at its core takes a behavioral approach to attacks. It watches systems for suspicious activities – like when a program suddenly attempts to encrypt dozens of files or when an unusual network connection appears during non-work hours … [4 min. read]