2024 Reading List

Currently reading as of 12 January 2024:

The Mysterious Case of Rudolf Diesel
Genius, Power, and Deception on the Eve of World War I
by Douglas Brunt

Colonialism
A Moral Reckoning
by Nigel Biggar

On hiatus.

 As of October 1st, 2023, this blog is on hiatus. You can visit my homepage at joegaeta.com.

Thank you.

How comfortable are you with your current level of protection from hackers and internal fraud?

Good day! As you may know from my profile, I have begun my new professional challenge as an Account Executive with the Sikich Cybersecurity Services sales team. I would like to take some time now to explain who we are and what we do.  This is a bit of a long post, so grab a cup of coffee (“A Cup o’ Joe”) and have a read.  I encourage you to contact me any time to discuss your company’s cybersecurity posture or to pass this along to those in your organization who would find this of interest.

Today, it’s not a matter of if your network will be attacked, but when.  In fact, many companies have already been breached and do not know it yet. It takes the average mid-market organization nearly seven months to even learn of a breach in their network.  Furthermore, it is usually discovered by third parties and not internally identified. This time between the initial breach and its discovery is known as the MTTD or “Mean Time to Detect”.  The lower an organization’s MTTD, the more likely they are to limit any damage done by a cyberattack. The higher the MTTD, the harder it becomes.  To repeat:  How comfortable are you with your company’s current level of protection from hackers and internal fraud?

We at Sikich Cybersecurity Services are dedicated to assisting our clients in strengthening their cybersecurity posture through security consulting, fraud management, risk mitigation, and vulnerability detection and prevention.  Allow me to take you through the highlights of what we do…

IT Security and Risk Assessments

This is usually the first service that is recommended and provides a baseline of intelligence about your environment.  The assessment reviews your network architecture, security controls, policies, and procedures to help identify key areas of risk and how these areas could potentially be targeted.  It is often thought of as a security roadmap for future security initiatives.  Our assessment incorporates risk areas beyond the scope of security testing related to procedure and policies within the organization.  It helps to identify gaps between your practices and industry standard best practices and compliance requirements.  A risk assessment can be an effective budgeting tool to achieve the most effective use of approved spending.

Compliance Assessment

Speaking of compliance, there is a veritable “alphabet soup” of industry standards and government regulations that many companies must be in line with. (e.g., PCI DSS, HIPAA, GDPR, GLBA, FFIEC, DFARS, NIST, etc. etc. etc.)  Our security and compliance team can help with any of these.  These assessments are like financial audits, complete with on-site visits, work paper collection, and reporting. We take our clients through the process from start to finish.  These are not pass/fail audits – we include remediation services.

Vulnerability Scanning

External vulnerability scanning is an automated scan of the public-facing components of a network known for vulnerabilities.  Think of this as like the anti-virus you run on laptop, except that it scans your IP addresses and web hosts.  (An analogy:  If your network was a house, a vulnerability scan is like going to every door and window around the house to make sure they are all locked.)  Scans are typically performed monthly or quarterly and are typically done in a single day.  Our scanning service includes a review of the findings to confirm the information and eliminate false positives. (For those of you who need to be PCI compliant, Sikich is an Approved Scanning Vendor (ASV), certified by the Payment Card Industry Security Standards Council.)  Vulnerability scanning does not include exploit attempts or attack simulations on your network - it is not Penetration Testing and should never be portrayed that way.  

Penetration Testing

OK, then what is Penetration Testing (“Pen Test”)? A Pen Test is a manual engagement that simulates a hacker or other threat attacking your network. Think “ethical hacking”.  The human element is key: it tests the exploitability of potential vulnerabilities in your system.  It identifies the risk areas that automated scans cannot identify. Typically, Pen Tests are performed semi-annually or annually and take an average of several weeks to complete.  They can include a variety of attack simulations, including:

• External network testing
• Internal network testing
• Web application testing
• Wireless network testing
• Social engineering

Once the testing is complete, Sikich provides a thorough report on our findings and remediation suggestions.  We also include a free re-test with 30 days to ensure that those vulnerabilities were addressed.  

Back to that house analogy:  If Vulnerability Scanning is like going up to each door and window of the house to make sure they are all locked, then Penetration Testing is like trying to break into the house and seeing how much of the inside you get move around in and potentially steal things.

Forensics and Incident Response

So far, I’ve discussed analysis, preparedness, and prevention.  Sikich Cybersecurity also provides valuable services after an incident occurs.  Response time is critical.  We provide a dedicated incident response team and can offer additional support resources when needed. Sikich is also one of only a dozen companies in the U.S. that is a PCI Forensic Investigator (PFI).  We provide incident response retainers that provide access to robust and affordable Service Level Agreements that include industry best practices.

Outsourced CISO

This service is perfect for SMBs and mid-market organizations if you have not focused on security in the past. Sikich will become a true security partner and can lead you and your team in improving your overall cybersecurity posture by

• helping choose security tools
• leading your team in implementing best practices
• providing security awareness training to your staff
• providing updates on your security posture to your company’s executive and board members
• including time-and-materials consulting in order to work on other security-related items.

With Sikich, you can choose from a menu of services that can fit budgets as low as $10K / year.

I trust you made it through this before your coffee got cold!  Don’t hesitate to call me at (423) 241-6295 or email me at joe.gaeta@sikich.com.  Additionally, you can schedule a meeting with me here.  I’d love to learn about your organization and to recommend ways that the Sikich team can help.

Thank you.

Sikich, LLP - My new home.

Independent, unbiased, technically-qualified security assessments.

Sikich's Cybersecurity practice is dedicated to assisting our clients with cybersecurity consulting, fraud management, risk mitigation and vulnerability detection and prevention. We have the privilege of working with leading payment card, financial, restaurant, hospitality, health care, and educational organizations from around the world.

Our team has the extensive knowledge and experience to help you improve your unique security posture, specializing in compliance audits, penetration tests, computer security assessments and computer forensic investigations. We handle anything having to do with security or protecting data, including credit card data (PCI DSS), patient data (HIPAA), bank account numbers (GLBA), service provider reviews (SOC 1/2/3), or intellectual property.

We make compliance as painless as possible.

Achieving compliance with industry standards doesn’t have to be as difficult as it seems. Regardless of the standard, Sikich guides you through compliance validation processes quickly and smoothly to help get your organization in compliance and back to your core competency—running your business.

Our validation process is easy, and scalable for any size environment. If you need to comply with multiple industry requirements, you can leverage our experience and efficiencies by combining your requirements into a single assessment.

If you’ve never undergone a compliance assessment before, we can help you prepare for your first one. If you’re a veteran to your industry requirements, you’ll benefit from our unique approach. Compliance isn’t a once-a-year process; we’re your partner and here for you when you need us.

Let's talk!  Schedule a meeting with me here.

Proud Dad

OfficeRnD Hybrid Integrates With Microsoft Teams And Outlook

OfficeRnD Hybrid - the powerful, secure and easy-to-use hybrid work solution provides seamless Microsoft Teams and Microsoft Outlook integration.

By working directly in your Microsoft tools, OfficeRnD Hybrid eliminates the laborious process of using yet another app. That’s why employees, HR managers and IT admins just love us!

Schedule meetings, book desks and plan your office visits directly from Microsoft Teams and Outlook.

The application is installed to all users with a single click and all can access it in their personal Teams and Outlook accounts. 

Give OfficeRnD Hybrid a try at: https://www.officernd.com/hybrid-work/

The Key to a Successful Hybrid Work Transition: Intentional Collaboration [Upcoming Webinar]

Managing a successful hybrid work model is a balancing act. You need to satisfy both company and employee needs.

As a good leader, you must deeply care about employee engagement and productivity. For that, you have to find the right balance between face-to-face collaboration and having focused time alone at home. But, how does one achieve all that?

You need to develop workplace policies that encourage in-person collaboration and ensure a healthy split between working from home and working from the office.

The first step in making hybrid work a success requires tools that enable employees not only to adhere to those policies, but also see the value in them.

Nov 17th | 11am Eastern

Join OfficeRnD in this webinar to learn:

• Why collaboration is the key to a successful hybrid work model.
• The role of hybrid work policies and how implementing them can make hybrid work more effective.
• How OfficeRnD Hybrid manages workplace policies and how we enable companies and employees to make the most of them.
• How OfficeRnD Hybrid can help in improving employee collaboration thanks to our integration with Slack (coming soon).
• Q&A with our experts.

Meet the Speakers:

Momchil Blaskov

• Senior Product Manager
• Momchil is a Senior Product Manager part of the OfficeRnD Hybrid team since day one. He’s a strong believer that we should constantly deliver value to customers and “upgrade” them to complete their JTBDs with ease.

Ethan Laub

• Principal Product Manager
• Ethan is a Principal Product Manager at OfficeRnD focused on its Hybrid Work solution. He has 20 years experience in product and marketing roles across 3 continents and has founded 2 startups.

Announcing the "Hybrid Work for Dummies"​ e-Book

An Easy-Peasy Guide For The Complete Beginner

Hybrid Work For Dummies, the OfficeRnD Special Edition e-Book is now here!

OfficeRnD is very excited to launch the first all-in-one hybrid work guide that includes everything you need to know about the concept!  (...and to be branded with the “for Dummies” series is even better!)

In this FREE book, you’ll find actionable steps to make hybrid work...work.  Here’s a glimpse:

• Evolving work models and the benefits of hybrid work
• Examining ways to "hybridize" policies to fit hybrid work models
• Leveraging hybrid work in the employee recruitment and retention efforts
• Optimizing and utilizing the workplace

It’s available for free here.

Proud Dad!

I am proud to say that our boy will be continuing his education next year at Oglethorpe University here in Atlanta.  He has verbally committed to pitch for the Stormy Petrels baseball team beginning in the '23-'24 school year.

Let's get Stormy!

Become a Hybrid Hero with OfficeRnD

See how you can go from a Workplace "Zero" to a "Hybrid Hero"
in under four minutes with OfficeRnD Hybrid...

Q2 2022 FlexIndex Report Update

June 2022 marked the end of Q2 and OfficeRnD has prepared a detailed summary of their observations throughout the past quarter.  Check them out HERE.

FlexWorld: The Workplace Revolution (Podcast)

OfficeRnD is happy to announce the launch of our new podcast, FlexWorld.

It is a podcast for business leaders, flex space operators, and CEOs looking for guidance on how to start and effectively run a hybrid or flexible workforce. Each episode will feature a conversation with an industry expert on the future of work, the return to office, the realities of hybrid work. 

You can access it directly from here:  https://flexworld-the-workplace-revolution.sounder.fm/ or on popular podcasting apps such as Spotify, Apple Podcasts, and Google Podcasts.

Georgia artist Tina Christina exhibiting at the 26th Annual Arts in the Park festival in beautiful Blue Ridge, Georgia! May 28th/29th.

Georgia artist Tina Christina will be at the 26th Annual Arts in the Park festival

in beautiful Blue Ridge, Georgia on May 28th and 29th!

> Booth 112 <

About Tina Christina

TC brings a simple, non-cluttered interpretation of the world to her work with oils and acrylics. Her realistic works are extreme and ominous - depicting a view of the world that reflects her mischievous spirit.  She loves to paint things that inspire her. She also enjoys commissioned work and often works with clients and their favorite images.

About Arts in the Park

For 46 years, the Blue Ridge Mountains Arts Association, a non-profit arts council, has provided a unique art experience through their Arts in the Park festival series in the Downtown City Park of Blue Ridge, These art festivals are fun for the whole family.  Located at the foothills of the Appalachian Mountains, the Arts in the Park festival series draws in excess of 20,000 attendees annually and a wide array of artists and food vendors.  With over 170+ artists, exhibitors, and vendors booths, visitors enjoy a variety of fine arts and fine crafts, demonstrations, food, and much more during the Arts in the Park festivals.  

Listed as one of the Top Five Art Towns in Georgia by the Georgia Council for the Arts and recognized in the last five consecutive years as one of the Top Ten Fine Craft Towns in America by American Craft Week, Blue Ridge is a top art destination and features a unique artistic experience for visitors and residents alike.  Enjoy the Blue Ridge Community Theater, the Blue Ridge Scenic Railway, the Swan Drive-In Theater, shop from local small businesses and art galleries, stop in to one of the many fine restaurants and craft breweries... and add an environment that includes pristine National Forests to hike, bike, tube, swim, hunt, fish, or just celebrate art and nature. 

Make your plans now to spend Memorial Day weekend enjoying art and nature in our North Georgia Mountain Art Town of Blue Ridge, Georgia. 

The Arts in the Park festival series supports the Blue Ridge Mountains Arts Association, a 501(c)3 non-profit arts council providing opportunities in the realm of the arts for the individual and serving as a catalyst for arts and economic development in our community.   

How to Simplify Hybrid Work

The great transition to hybrid work is in full swing. 

Tech giants like Amazon, Meta, and Microsoft as well as many other big and small businesses are now embracing hybrid as their primary mode of work.

However, the transition hasn’t been easy.

Companies are struggling to answer many hybrid work questions, including:

• How do you transition smoothly from remote or office work to hybrid?
• What will hybrid work’s impact be on company culture?
• Do you implement a schedule for the entire company or do you let everyone decide when to come to the office?

The bad news is that there’s no one-size-fits all solution to hybrid work.

The good news is that we just released a new eBook that can help you set the foundation and optimize your hybrid workplace.

Here are a few of the things you can find in it:

• Real-world examples of hybrid work models & schedules.
• Guidelines and ideas for managing your hybrid workplace & workforce.
• Where to start when creating specific hybrid workplace policies.

You can download the full eBook here.

New FlexIndex Report for Q1 2022!

OfficeRnD recently released a new FlexIndex report, with a detailed analysis of Q1!

This is the biggest update OfficeRnD has done since releasing the FlexIndex back in November 2021.

It’s also pretty exciting, as we’re seeing the flex space industry inching closer to the 2019 benchmark.

Here are 2 of our most important findings:

• The expected post-holiday recovery didn’t materialize in January. However, the next two months saw the FlexIndex go up significantly, finishing March just 4% below the 2019 benchmark.
• For the first time since the pandemic, two of the KPIs reached and even surpassed their 2019 levels! Static Desk Occupancy and Average Booking Duration per Meeting Space both finished March above their 2019 benchmarks.

The full report contains a lot more insights, so be sure to check it out here.