Security For Workgroups (3.11) in Seattle. BOFH til I sipped from the Cup of Mgmt, now GRC-aaS. I use Twitter ironically. Not a CISSP. He/him. πΊπΈπ¬π§
May 9, 2021 β’ 10 tweets β’ 4 min read
@brianwhelton If itβs anything like the hospitals I do HIPAA assessments for, theyβre flat internal networks with hopefully segmented guest WiFi. Servers are a combo of hospital-owned & systems managed & potentially owned by third parties who canβt or wonβt update them w/out FDA re-approval.
@brianwhelton IoT devices, like IV pumps and telemetry systems, will be on their own SSID with PSKβs but on the same internal vlan as servers, nursing stations and terminals, and corporate workstations. IoT is rarely updated, and usually only as devices cycle out for repair. Pt care wkstns..
May 29, 2019 β’ 35 tweets β’ 11 min read
This incredibly useful thread was posted earlier today. All of the posts struck me as Really Good Advice, except this one which set off alarms and sirens in my head. This is more info about why, for the small/indy contractor trying to land gigs. 1/n
So, boys and girls and non-binary peeps - grab your smores and gather round the Compliance Campfire cuz weβre gonna talk about one of my FAVORITE subjects β VENDOR PROCUREMENT PROCESSES!