What inspired you to pursue a career in cybersecurity?

My inspiration for cybersecurity came from hands-on experience identifying and exploiting security vulnerabilities in enterprise environments. Early in my career, I was tasked with assessing and securing critical IT infrastructures, where I quickly realized how misconfigurations, weak controls, and unpatched systems created serious security gaps.

The defining moment came when I conducted my first real-world penetration test, successfully gaining unauthorized access to a system that was presumed secure. That experience reinforced my commitment to offensive security, strategic defense, and proactive risk mitigation.

This drive led me to specialize in:

1. Strategic cybersecurity development, seamlessly integrating offensive and defensive security measures through penetration testing, leveraging the Penetration Testing Execution Standard (PTES) to uncover and mitigate security gaps.
2. Vulnerability management, ensuring continuous risk assessment and remediation
3. Security advisory, helping organizations align security strategies with business objectives, mitigate risks, and strengthen their cybersecurity posture

Cybersecurity is a field that never stands still, and staying ahead requires continuous learning and adaptation. Whether leveraging autonomous agents for penetration testing, conducting advanced vulnerability assessments, or advising organizations on risk-based security strategies, my passion lies in securing systems before attackers can exploit them.

What certifications or qualifications do you have that help you in your role?

My expertise is backed by years of hands-on experience and industry-recognized certifications, validating both my technical proficiency and strategic approach to securing enterprise environments. These certifications include:

1. Certified Information Systems Security Professional (CISSP)
2. Certified Information Security Manager (CISM)
3. Certified Cloud Security Professional (CCSP)
4. CMMC Registered Practitioner (CMMC-RP)
5. Microsoft Certified Professional (MCP)
6. Microsoft Technology Associate (MTA)
7. Microsoft Identity and Compliance (SC-900)
8. Cisco Certified Network Associate (CCNA)
9. gateProtect Security Professional
10. gateProtect Security Consultant
11. Certified in Cybersecurity (CC)
12. CompTIA A+
13. ISO 27001 Lead Auditor

I am a firm believer in continuous learning. Currently, I am in the dissertation phase of my Ph.D. in IT Leadership, focusing on IT managers’ strategies for securing organizational networks from cyberattacks. This academic pursuit complements my hands-on experience in security testing, vulnerability management, and security advisory services, allowing me to bridge the gap between research and practical implementation of cybersecurity strategies.

How long have you been in the cybersecurity field, and what changes have you seen over time?

With over 10 years in cybersecurity and 20+ years in IT, I’ve witnessed a significant evolution in the field:

1. Vulnerability management has progressed from simple CVE patching to risk-based approaches that prioritize threats based on exploitability and business impact.
2. Penetration testing has advanced from traditional network assessments to red teaming exercises involving adversary emulation and AI-driven attack simulations.
3. Organizations now embrace Continuous Threat Exposure Management (CTEM) instead of periodic pen tests.
4. Cloud security, API security, and identity-based attacks have become critical concerns as digital attack surfaces expand.
5. A major shift I’ve observed is the move from reactive to proactive security strategies — investing in threat intelligence, attack surface management, and zero-trust architectures to mitigate risks before exploitation.

Cybersecurity has grown more complex, but the focus remains clear: anticipate, adapt, and protect.

What is one piece of advice you would give to someone starting in cybersecurity?

My advice is simple yet crucial: be intentional about your cybersecurity journey.

1. Understand the foundations — While IT and cybersecurity are closely related, they serve different functions. Start as a generalist, gaining hands-on experience in both IT and cybersecurity.
2. Don’t chase money or trends — Build a solid foundation before specializing in a niche. Choose a field that aligns with your interests and strengths.
3. Find a mentor — Learning from experienced professionals can accelerate your growth and provide guidance.
4. Stay updated — Cyber threats constantly evolve. Follow industry blogs, join security communities, and pursue ongoing education.

Cybersecurity is not a destination — it’s a continuous journey. Adaptability, critical thinking, and a passion for learning will define your long-term success.

The post Employee Spotlight: Damilola Jibowu, CISSP, CCSP, CISM appeared first on Avasek.

What inspired you to pursue a career in cybersecurity?

My career in cybersecurity was a natural progression. Starting in technology prior to Y2K, my journey began with a telecommunications company. At that time, having a T-1 (1.544Mbps) internet connection and a Cisco 1720 router with an IOS firewall was considered the best “security” a small business could get. As technology evolved, I embraced new innovations as they entered the tech stack.

I’ve always advised my clients that being “cutting edge” is much different than being “bleeding edge.” Some essential characteristics that have guided my path in cybersecurity include:

1. Passion for Technology
2. Desire to Protect Others
3. Problem-Solving Skills
4. Intellectual Challenge
5. Personal Experience & Security Concerns
6. Embracing the Opportunity for Innovation
7. Understanding the Global Impact
8. Enjoyment of Career Flexibility

What certifications or qualifications do you have that help you in your role?

My qualifications span both educational and practical experience, helping me navigate the ever-evolving cybersecurity landscape. These include:

1. Educational Background — B.S. from Rowan University with a focus on Information Technology.
2. Technical Skills — Networking knowledge, operating systems, cryptography, and penetration testing.
3. Soft Skills — Problem-solving, critical thinking, attention to detail, communication, and collaboration.
4. Legal and Ethical Standards — Knowledge of GDPR, HIPAA, and CCPA to prevent legal and compliance issues.
5. Certifications — Currently pursuing my CompTIA Security+ certification and GIAC.

How long have you been in the cybersecurity field, and what changes have you seen over time?

I entered the technology space during the Y2K transition — it was a wild ride. The fear, uncertainty, and doubt about what would happen when the calendar moved from 1999 to 2000 were intense. My uncle, a retired IBM programmer, became a highly sought-after expert, essentially handed a blank check to ensure companies would survive the “date change.”

That experience taught me a valuable lesson: having in-demand skills is critical for long-term success.

Starting with a telecom company, I learned about voice, data, and network connectivity, along with the importance of security. It was a time of convincing early adopters to protect their data and overcoming the skepticism of others. Fast forward to today, cybersecurity has grown far more complex, and adopting a layered approach to security is now essential.

What is one piece of advice you would give to someone starting in cybersecurity?

Prepare for change — all the time.

I liken it to my love for boating: one minute the seas are calm, and the next, you’re facing 10+ foot swells with your vessel taking on water. The difference between success and failure lies in your experience and preparation. The same holds true in cybersecurity — constant learning and adaptability are key to staying ahead of emerging threats.

The post Employee Spotlight: Matt Dursi, Senior Account Representative appeared first on Avasek.

Let’s face it. Cyber security threats aren’t going away anytime soon. Social engineering and phishing continue to be a top-threat to organizations across the globe, as well as weak or compromised employee credentials, and we can’t forget about the ever-evolving vulnerabilities in every company’s infrastructure. So how can you increase security at your organization? Here’s our security checklist for 2024.

1. Get Serious About Passwords

We all know that reusing the same username and password for everything is a big no-no, but sadly still widely practiced. And so is using passwords like ‘Password’ or ‘12345’. Adding a credential manager to your organization helps cut down on those bad habits and decreases the chances of an employee’s credentials being compromised.

2. Always Authenticate!

What happens if an employee’s credentials are compromised? Without an added layer of security, a threat actor could easily ‘walk-in’ to your organization. By adding multifactor authentication to your security arsenal, you can cut down on your company’s chances of getting hacked by 99%, according to Microsoft. Fairly easy to deploy and set-up multi-factor authentication (MFA) is a no-brainer when it comes to securing your company.

3. Create a Human Firewall

Phishing attacks and social engineering increase, on-average, 85% year-after-year. Human error is hands-down one of the leading causes of breaches today. It’s one of the top ways our Incident Response (IR) team sees companies get compromised. With simulated phishing attacks and continuous education, you’re not only creating a human-firewall at your organization but decreasing a threat actor’s chances of getting in substantially. 

4. Patch Critical Vulnerabilities

Do you know the top five CVEs (common vulnerabilities and exposures) of 2023? If you do, good for you! But let’s be honest, most don’t. Knowing and patching system and application vulnerabilities is a top priority in keeping your company safe. And again, one of the top reasons our IR team gets called out. Staying on top of and patching the critical or most exploitable vulnerabilities is a must in keeping your organization safe. And becoming a requirement by many compliance frameworks and insurance companies. Want to know the top five? Here they are (link).

5. Test for Weaknesses

Knowing your company’s vulnerabilities and patching them is one thing. Knowing how threat actors use them to exploit your systems is another. Penetration testing isn’t the newest and greatest thing in cyber security, it’s just becoming more mainstream. And again, a critical part of any organization’s security plan. Also worth noting, becoming a requirement for many security frameworks and insurance plans. Whether you test annually, semi-annually, quarterly, or regularly…pen testing is an important part of any company’s security checklist so you can proactively help shut down a bad guy’s access to your infrastructure.

6. Back It Up

Having good backup is a critical piece in keeping your company secure. If there’s a breach at your organization, having the ability to quickly and easily restore is a must. Being able to manage that back-up from anywhere is a game-changer! By drastically decreasing down-time and getting your company back-up and going as quickly as possible is an integral part of any company’s security strategy. 

7. Out with the Old

We get it. There are a lot of reasons companies hang on to systems that are EOL. ‘EOL’ or end-of-life refers to hardware and/or software that has reached the end of its operational life, becoming outdated and no longer able to meet the needs and requirements of modern systems. But an honest conversation has to take place within your organization. What security risk does that create? Is that an acceptable risk? Does the cost of mitigating out-weigh the threat? Does this go on the roadmap for future mitigation? Are there any alternatives? But discussing doesn’t change the one thing that’s an absolute certainty…EOL is a threat to your company’s security. So, it’s time to access, discuss, decide, and plan. 

Need help with anything on this list? Reach out and let us know. With Avasek’s managed services and other solutions we can help you reach your security goals in 2024.

The post 7 Steps to Help Prioritize Your Employees’ Security appeared first on Avasek.

Cyber Liability Insurance Is in Demand

The average cost of a U.S. company data breach is $9.5 million. That potential exposure is daunting, so in order to attract insurance providers, companies must have their own security plans in place. Without comprehensive cyber protection, they won’t be able to afford – or even qualify for – insurance. By understanding the threats and educating their clients about how to strengthen their security, insurers can protect themselves and grow their businesses.

Cyberattack Insurance Is Evolving

In this young, rapidly changing industry, there is very little standardization among policies. Being able to protect against and prepare for a cyberattack is complex because there are many ways to breach data. Without understanding the breadth of risks, Insureds may not even know what steps they should be taking to make themselves insurable. They may seek guidance from their insurance companies. Accordingly, insurance companies must develop plans to accurately assess and monitor their customers. 

Insurance against a Cyberattack Must Be Proactive

The insured may have a security plan in place, but in the fluid world of ransomware and hackers, that plan will need constant refreshing to ensure it can respond to the latest threats. Insurance companies need to analyze the damage both before and after a cyberattack to understand how to evolve more effective underwriting controls. These policies are not a set-it-and-forget-it product. Insuring against a cyberattack demands constant vigilance, partnerships with data and analytics providers, cybersecurity professionals, and trusted threat detectors.

Preparation for Cyberattacks Must Be Multi-faceted

In providing guidance and oversight to their clients, two of the most important security measures to be considered are a backup and resolution plan and training for employees. According to a piece in The Wall Street Journal, hackers are successful because the human brain is wired to ignore certain warnings, so the human error factor should not be underestimated. 

Insurers will want to verify that there are layers of security controls in place, including endpoint monitoring and response, cloud security and response, multi-factor authentication, and file encryption. Engaging a cybersecurity firm to offer a risk assessment and recommendations before the policy is issued can ameliorate risk.

Find a Trusted Partner

The best way to avoid a cyberattack is to prepare for a cyberattack. By investing in planning and early assessment, insurers can protect themselves and their customers. Staying informed of the latest trends and risks in ransomware is essential. As trusted cybersecurity specialists, Avasek provides their clients with security consulting, vulnerability assessment, and managed detection and response,  all of which will make any organization more attractive to insurers. 

Find out more about how Avasek can assist your operation to protect your data and your bottom line.

The post How to Better Prepare Cyber Insurance Policyholders for Impending Attacks appeared first on Avasek.

Visit here: https://netdiligence.com/conferences/cyber-risk-summit-fort-lauderdale-2023

The post NetDiligence Cyber Risk Summit – Ft. Lauderdale 2023 appeared first on Avasek.

Visit here to learn more: https://netdiligence.com/conferences/cyber-risk-summit-toronto-2023

The post Net Diligence CyberRisk Summit – Toronto 2023 appeared first on Avasek.

Avasek’s Incident Response involves a rapid deployment of its detection resources, secure post-breach restoration, and ongoing, proactive security. They work with insurers, breach coaches, forensic professionals, and direct clients to give their customers the swiftest restoration possible. 

“The NetDiligence® Cyber Risk Summit in Toronto is the perfect place to kick off our expansion,” said Chris Martinez, Director of Operations. “Canada is a big opportunity for us to extend our services to organizations in need of full-service cyber resiliency support.”

The NetDiligence® Cyber Risk Summit provides insights into new trends in the Canadian cyber insurance market. Avasek understands the importance of risk assessment and ongoing multi-level security for companies who are seeking cyber insurance.

“Insurance companies are looking for some measure of confidence when they underwrite,” said David Humphreys, President of Avasek. “The guidance Avasek can provide helps insurers to evaluate potential clients and request changes or upgrades to their cybersecurity.” 

Hosting services are another trusted component of Avasek’s business. Their private cloud hosting means that Avasek can move client systems to its own servers as they rebuild the clients’ environments without risk to forensic evidence.  Their comprehensive approach to Incident Response will make Avasek a valuable resource for Canadian organizations. 

For more information, contact Chris Martinez, Director of Operations, at chris.martinez@avasek.com.

To access the Canadian website, head to https://avasek.ca/.

About Avasek

Our passion for helping clients quickly recover from cyberattacks – and our supportive security capabilities – make Avasek a valued partner for our clients during systems restoration and into the future.  We care beyond the restoration and rebuild of compromised systems by providing secured services to improve cyber resiliency and prevent further attacks going forward. We are committed to ensuring our clients’ platforms remain safe and secure.

The post Avasek Expands, Bringing Their Incident Response Expertise to Canada appeared first on Avasek.

2022 was another busy year for our Incident Response team. Whether it was responding to a breach onsite, or remote restoration, there were some consistencies we found as to how threat actors were able to get in. Here are our findings for what we saw most in 2022. 

Matt Pippin, Director of Incident Response, says the top two causes for compromise in 2022 were not patching or updating systems as well as a lack of user education. Let’s break it down.

Patch Management 

Patch Management is an important part of systems management and involves monitoring systems for updates and installing patches that may change features, correct bugs, and most importantly, fix critical security vulnerabilities. 

Pippin says, “We see servers running Server 2008-2016 that are online and not patched.” Some IT teams may hold off on installing patches and test them to ensure they don’t disrupt critical systems within their environment, but as Pippin emphasizes, not patching systems is usually “due to a lack of IT resources.” In our review of 2022, there were three distinct areas of compromise for unpatched systems. 

Areas of Compromise for Unpatched Systems 

Apache Log4j vulnerability, also known as Log4Shell, is a vulnerability on the Apache Log4j 2 Java Library. It is a Remote Code Execution (RCE) vulnerability that’s been given a threat rating of CVSS-10, which is considered the most critical and rarely assigned to a vulnerability. It is also the top compromise Avasek’s Incident Response Team saw in 2022. Does that mean all Log4j compromises were on unpatched systems? Not necessarily. Four patches have been released since the discovery of the Log4j vulnerability, two of which had vulnerabilities of their own. So, what can businesses and IT teams do to protect themselves from this ongoing, critical security vulnerability? 

“For any system that has the Log4j vulnerability, remove its exposure to the internet,” says Pippin. “If that’s not possible then limit traffic to it from only known and verified good sources. Outside of those things, putting MFA for logins on the system as well as isolation from the main production network will help as well. There are other things that can be done depending on what the system is used for but getting an Avasek Security Assessment would help determine other avenues of protection.” 

George Zilahi, Director of Managed Services, adds, “Make sure Remote Desktop Protocol (RDP) is not publicly accessible. It should only be behind a VPN or inside the network. Vulnerability assessments should also be done regularly.” This leads us to the other top two areas of compromise we saw in 2022 for unpatched and updated systems: Exchange servers and firewalls. Even if IT resources are minimal, keeping an eye out for critical system patches and updates, and most importantly installing them, can help reduce your company’s chance of compromise. 

User Error Can Leave Your Organization Vulnerable 

Now let’s turn to the other top cause of compromise we saw in 2022, which is lack of user education. More specifically, lack of security awareness education. Phishing, as defined by NIST, is “A technique for attempting to acquire sensitive data, such as bank account numbers, through a fraudulent solicitation in email or on a web site, in which the perpetrator masquerades as a legitimate business or reputable person.” But not all phishing attacks are the same, and from what Avasek’s Incident Response team saw in 2022, spear phishing attacks took the top spot.

You might be asking, “What’s the difference between phishing and spear phishing?” Phishing broadly describes an attack that’s designed to get someone to take action, like clicking a link in a mass spam email. Spear phishing is simply a targeted phishing attack. The cybercriminal, for example, may be looking for specific information that only one or two individuals at an organization have. They then use techniques like social engineering to gain that individual’s trust to get the desired information, which in turn, is used to execute the cyberattack. 

It should come as no surprise to anyone that phishing attacks are not going away anytime soon. In fact, they’re increasing day-by-day. Messaging security company, SlashNext, conducted a study analyzing “billions of link-based URLs, attachments, and natural language messages in email, mobile and browser channels over six months in 2022 and found more than 255 million attacks – a 61% increase in the rate of phishing attacks compared to 2021.” Additionally, global technology company, Acronis, says that the average cost per data breach could reach more than $5 million in 2023. 

Educating your employees on security awareness and what to watch out for is a vital step in protecting your company from these types of attacks. Training company, KnowB4, notes that, “Old-school awareness training does not work anymore, and email filters have an average 7-10% failure rate.” Regular monthly simulated phishing attacks, in addition to continued education, can help dramatically reduce a company’s phishing risk. 

Final Thoughts

While this is not an all-inclusive list of every top compromise in 2022, we thought it best to share what our team saw most over the past year, along with some insights to help you, your company, and employees stay secure.

Contact us for more information on a security assessment or to learn how Avasek can help protect your organization.

The post The Top Causes of Cyberattacks in 2022— according to Incident Response Professionals appeared first on Avasek.

With this in mind, here’s what you need to know about protecting your organization when it comes to SaaS platforms.

Understanding the Shared Responsibility Model

Perhaps the most important thing to remember when using SaaS tools is that many providers operate on the Shared Responsibility Model (SRM). As the name suggests, SRM puts an onus on both the software provider and the end-user to maintain good security and robust data handling practices.

An example of SRM in action would be Google scanning a file for known vulnerabilities as it is uploaded to a company’s Google Drive folder by a Workplace user. When that file is later downloaded by another user, Google may check it again for malicious code, but it is also the responsibility of a company to run its own security examination, making sure the file is safe to run on its network.

Likewise, a company is responsible for how Microsoft 365 interfaces with other tools it uses. Incompatibility issues that could threaten the integrity of key files or programs should therefore be reported back to the SaaS provider so that those issues may be addressed.

While SRM is a good practice in the world of SaaS tools, errors will inevitably occur. According to a survey by the Cloud Security Alliance, 43% of organizations have experienced at least one security incident or malfunction linked to SaaS misconfiguration. 

Ransomware attacks are on the rise

Even in the most rigorously maintained SaaS environments, security lapses happen. It only takes one employee to mistakenly click a link from a spoofed email address, and before they realize it, ransomware is spreading like wildfire throughout the company, locking up vital data.

Profit-driven malicious attacks are a big business for the bad guys. As reported by InfoSecurity, ransomware attacks are on track to cost global businesses more than $30 billion in 2022, with some expecting that figure to climb as high as $265 billion by 2031. With more and more SaaS platforms making their way into organizations, the surface area for ransomware attacks is growing exponentially.

Accidental file deletion is a frequent problem

Theft is not the only threat to information hosted on SaaS platforms; user error is also a major risk. Both Google Workspace and Microsoft 365 have data retention settings, allowing administrators a level of control over the time that files are held on cloud-based servers. But should those rules be misaligned, then important data can be scrubbed.

A 2016 questionnaire of over 1,000 IT professionals in the U.S. and the U.K. found inadvertent deletion was the principal cause of data loss on SaaS networks. The study – carried out by EMC’s Spanning –  also found many companies mistakenly believed SaaS providers are primarily responsible for recovering data lost by users. Once again, SRM plays a significant role in data management.

Avasek SaaS Protection provides a 1-click backup solution

The most important aspect of any data recovery planning is to make sure you have adequately backed up your information before anything bad can happen. This is why Avasek has partnered with widely-trusted data backup operator Datto to provide institutions with a backup and recovery solution that works inside of Google Workspace and Microsoft 365.

For a low cost per license, Avasek’s SaaS Protection automatically backs up files three times a day, ensuring you always have a fresh copy of your important data. Avasek’s flexible data retention rules allow you to decide what is kept and for how long. And should the worst happen, our 1-click recovery solution ensures you can get information back, all in a non-destructive manner.

So whether it’s emails to your customers, or spreadsheets from your clients, Avasek’s SaaS Protection is always backing up your information, making sure it’s only a click away should the worst happen. 

The post SaaS Protection with 1-Click Backup: How to Safeguard your Business from Data Loss appeared first on Avasek.

This year’s theme is “It’s easy to stay safe online,” which reminds users that there are plenty of simple ways to protect your personal information and secure private data when using the internet. 

What is cybersecurity, and why is it important?

Cybersecurity is the practice of safeguarding and restoring data from devices, programs, or networks. Cybercriminals can steal all sorts of data, including, but not limited to: health records, personal data, or intellectual property. 

In a digital age, we have significantly increased our use of tech and cloud-based services, which means our data is now at greater risk of being hacked now more than ever. Now more than ever, be aware of what information you share with others and how that information is distributed.

What are the most common cybersecurity threats?

Potential risks to cybersecurity come in a wide variety of forms. If you don’t employ the greatest cybersecurity measures, each of these dangers has the potential to result in a data breach.

Lack of attention to cybersecurity can harm your organization in a variety of ways, such as:

• Ransomware: Is a kind of malware that restricts users’ access to their computer systems or personal files and demands ransom money to allow users to access again.

• Malware: Malware is software created explicitly to interfere with, harm, or gain unauthorized access to a computer system.

• Denial of service: A Denial-of-Service (DoS) attack aims to bring down a computer system or network so its intended users cannot access it. DoS attacks do this by providing information that causes crashes or flooding the target with traffic.

• Phishing:  Hackers employ this method to send phony emails or messages that seem to be from a reliable source. Cybercriminals can create these messages or emails by impersonating individuals you know, such as friends, coworkers, or other reputable businesses. 

How can you defend your business against cybercrime?

You can boost security and lower the danger of cybercrime by implementing the following practices within your organization:

• Educate your staff – Inform your staff members of good cybersecurity practices when creating platforms for work resources, including company emails, computer logins, or data transfers within your organization. 

• Secure your devices – Your company’s information and valuable data might be at risk for possible data breaches if your company devices are left unattended, misplaced, or stolen. 

• Update your devices regularly – Always check to ensure that your devices have the latest software when prompted to make the updates when the updates indicate bugs or security-specific updates. This will significantly lower the chances of your devices being hacked.

• Build up your resource library – To give your team additional resources, we recommend you check out some of our blogs, including: What is Ransomware? What can you do to protect yourself?, 5 Basic Network Security Tips for Small Businesses, and The Life of a Phish.

• Act swiftly in case of a breach – Suppose you sense that your organization may have been hacked, contact Avasek’s Incident Response team for help with mitigating the damage to your organization, your customers, and your reputation.

• Become cyber resilient – Your data’s security is essential, which means that you need to have the right security systems in place to defend your organization against future attacks before they happen. Contact us today to learn more about how Avasek can help make your organization cyber resilient.

The post Is your organization’s data protected from potential cybersecurity threats? appeared first on Avasek.