John Nye

John Nye

About John Nye

John Nye is Senior Director of Cybersecurity Research and Communication for CynergisTek and has spent the majority of the last decade working in Information Security, half that time working exclusively as a professional penetration tester. Besides testing and improving security, John has a passion for educating and informing the public. He accomplishes this by presenting hacking demos regularly at industry conferences and groups as well as writing blog posts for CynergisTek and industry publications.Nye’s specialties include Wireless, web, and system penetration testing, user education and public speaking, information assurance, security auditing, policy compliance and writing, and security research and analysis. Some of his industry certifications include CISSP, Licensed Penetration Tester (LPT) and Certified Ethical Hacker (CEH).

Attacking Your Own Network: A Lesson on Penetration Testing for Healthcare

On the Ides of March, or very close to it on March 7th, I will take the HIMSS 2018 stage with Chuck Kesler, CISO of Duke Health, talking to our fellow healthcare IT professionals about penetration testing and hacking. This is a particularly pertinent topic since the healthcare industry has become a major target for attackers in recent years. It has become a veritable race between the attackers and the protectors. Who will find the vulnerabilities first? Unfortunately, finding

February 27th, 2018|

The Top Four Healthcare Cybersecurity Trends for 2018

In order to explore the likely cybersecurity trends coming our way in 2018, we must first take a quick look back at 2017. Last year was a banner year in about as many ways as one can think of. Unfortunately, most of those “banners” are for disasters of every sort. Today we are looking at the world of healthcare and how cybersecurity fared last year. Unfortunately, the story is not much better, particularly when we focus on healthcare cybersecurity.

January 24th, 2018|

What is the NH-ISAC 90-Day DMARC Challenge?

Healthcare organizations are more vulnerable to phishing attacks as the average maturity of security controls and training is less than that of other industries, such as banking. Successful phishing attacks rely heavily on emails with either spoofed or similar-looking domain names. Emails originating outside of an organization’s domain but with similar domains can be flagged as an external email to alert the end-user. Unfortunately, emails with spoofed domains require technical controls to identify and divert to a spam folder.

December 4th, 2017|

Wi-Fi Has Vulnerability News, But Wireless Risks are Hardly New

It’s likely that you’ve already heard about KRACK in the last few days. KRACK is a new and somewhat alarming vulnerability recently disclosed in the Wi-Fi Protected Access 2 (WPA2) wireless networking standard. As has been the case for many recently discovered vulnerabilities, the party that discovered this branded it, and the media then latched on and made a bigger deal out of it than they probably should.

October 24th, 2017|

How Has Information Security Changed in Healthcare & How Can We Keep improving?

It has been almost two years since I started this incredible journey at CynergisTek and in healthcare. In that time, what I have found to be the most impressive is the amount of ongoing and constant change. Particularly, I have seen how security has changed in healthcare IT over the past few years and how as an industry we are responding to it to improve our ability to protect patient information.

October 9th, 2017|

Groundhog Day: The Cyclical Nature of InfoSec & How We Can Break the Cycle

In the classic movie Groundhog Day, the main character played by Bill Murray finds himself trapped reliving the exact same day over and over again. In the film, he eventually decides to make the day better, to right as many wrongs as possible eventually leading him to escape the loop. In a similar fashion, information security in general has been stuck in a Groundhog Day type of loop for at least a couple of decades, and unless we can make some changes we can expect more futility as we fight the uphill battle of information security.

September 13th, 2017|

The Evolution of Disruption: How Ransomware Has Changed the Face of Disruption

A History Lesson on Ransomware The first known instance of what we now know as ransomware was seen in 1989. This first attempt was a poorly executed endeavor to extort $189 from the victims, but it was quickly discovered that recovering the files did not require the "tool" offered. The world and concept of ransomware remained relatively quiet for many years until two researchers Adam L. Young and Moti Yung wrote an academic treatise on the subject in 1996.

August 15th, 2017|

Being a Person Does Not Mean You Understand People

IT and InfoSec professionals have been playing catch up with users since the beginning of time (as long as you consider the first computer the beginning of time like I do). This is at least partially caused by an all-encompassing misunderstanding that has been rarely noticed at best and certainly never been remediated.

July 17th, 2017|

Security Misunderstanding: We Are NOT Good With People

There is no shortage of professionals and experts talking about security, but if you want to understand security, or even just IT in general, you have to understand human beings. The users and those that administer the systems are all people. If one strives to understand and impact security overall, they must fully understand the human condition.

July 7th, 2017|

WannaCry Highlights Deeper Issues That Should Make Us All Want to Cry

In the United States, we got lucky, very lucky, that a malware researcher known only as @MalwareTechBlog on Twitter found the “kill switch” domain in the code of the WannaCry ransomware. Had he not found and purchased this domain, effectively neutering the ransomware, I believe that the incident could have been much worse. It was already quite bad around the world with estimates of over 200,000 systems infected including many healthcare providers in the United Kingdom.

June 22nd, 2017|