Security Experts:

WRITE FOR US
Jon-Louis Heimerl's picture

Jon-Louis Heimerl

Contact Jon-Louis Heimerl

Jon-Louis Heimerl is Director of Strategic Security for Omaha-based Solutionary, Inc., a provider of managed security solutions, compliance and security measurement, and security consulting services. Mr. Heimerl has over 25 years of experience in security and security programs, and his background includes everything from writing device drivers in assembler to running a world-wide network operation center for the US Government. Mr. Heimerl has also performed commercial consulting for a variety of industries, including many Fortune 500 clients. Mr. Heimerl's consulting experience includes security assessments, security awareness training, policy development, physical intrusion tests and social engineering exercises.

Recent articles by Jon-Louis Heimerl

  • The Value of Security Event Correlation
    To get the most value from your security information you need to be correlating your data. Adding context to data gives you information. Correlation adds even more information by evaluating relationships between pieces of information.
  • Effective Security Requires Context
    Adding context around data makes it information, and with that context, the information is easier to manage. Alerts are more meaningful. Critical issues can be identified more quickly, then managed and resolved more efficiently.
  • (Anti)Social Media - Can The Larger Impact of Social Media Favor a Company?
    We've been told for years that the insider threat is more important to address than the external threat, but we don’t want to believe it. The idea that our millions of dollars worth of security measures could be undone by a file clerk is scary.
  • You Call That Phone Hacking?
    Hacking a phone is one thing, but hacking voicemail is something else, and while your voicemail does have some protection, breaking into it is not very complicated.
  • As The Threat Landscape Evolves, Organizations Should Challenge the Status Quo
    Information security hates change. But to be truly effective, organizations will have to be as effective at developing countermeasures as hackers are at developing exploits.
  • Technology Rewind: CS 240: Systems Principles, in the Old Days
    In the old days we didn't worry much about intrusion testing applications to help ensure that they could not be attacked from the outside world. In that context, our world was easier.
  • It's Not Paranoia If They Really Are Out to Get You
    In IT Security, we can't be perfect. We can only be smart. We build policies, procedures, and work on compliance. We try to follow the rules, and we hope for some luck. It also helps to be a little paranoid as well.
  • Sir Spamalot and Lady Phishing
    I’m a multi-millionaire. Or rather I could be if I helped the honorable Mr. Nagumba get his money out of Nigeria, or helped Barbara get her money out of Brazil, or picked up my unclaimed lottery winnings, or helped another half dozen people in the last month.
  • The Evolution of Information Security
    We have been thinking about information security for literally thousands of years. As world continues to evolve, Information Security must evolve to keep up with it.
  • The Night Before Christmas in the Shoes of an IT Security Professional
    Twas the night before Christmas, when all through the house Not a creature was stirring, not even a mouse. The data was all safe, protected with care, In hopes that year-end bonuses soon would be there....
  • Is the Sky Falling? Ten Security Wishes for the Holidays
    A complete list of everything an organization should do to make itself safe would literally fill books. So, instead, if you want to take the right steps to being secure, and being compliant where appropriate, what are the 10 things that should be at the top of everyone’s wish list for the holidays?
  • Making Time for the Important Things
    In the business world, there simply are things that are more important than others. In the end, it is all about getting things done.
  • Raising Your Personal Defenses Against Credit Card Fraud and Identity Theft
    I normally write about organizational security, but this is as good a time as any to be selfish and talk about us consumers.
  • Managing Risk: Are you Willing to Spend X to Avoid Y?
    In the end, how good your security is all comes down to your risk management strategy. This is how well you identify, then manage risk and potential risk in your environment. The real question about risk is “how something can hurt me?”
  • A Day in the Life of Privacy
    As soon as I woke up this morning my privacy was compromised. My Android phone has GPS enabled so that the phone, and any widget on it, can determine my geolocation. Can you imagine a single valid reason that a screen saver would need your location?
  • Is Regulation Good for Security?
    If you are faced with regulatory compliance, you are faced with a legal issue. And, if you are not compliant, you are essentially breaking the law. There are many standards and regulations in place. But which ones are the most impactful?
  • Managing Security of Evolving Technology
    The first problem is figuring out if, then how you are going to adopt the new technology. As cool as they sound, just migrating to a new technology without a plan is not a good answer.
  • Are We Not to be Speaking a Language With Sameness?
    When you talk about security with colleagues do you ever wonder if you are speaking the same language?
  • Baby Steps into the Cloud
    Chances are that if you are using cloud computing, you are buying a service from someone else. Yes, sometimes organizations build their own private cloud, but let’s view the fundamental purpose of cloud computing as for an organization to outsource some function offered in the cloud.
  • Facebook vs. Privacy - What You Can do to Protect Your Privacy
    You can you use Facebook without completely sacrificing your privacy, but takes some work. Here are a few considerations and steps you can take to protect your privacy while enjoying what facebook has to offer.
  • Breaches: Tales and Lessons Learned
    We all like horror stories right? We learn best by examples. Maybe we like to call them “lessons learned” or “case studies,” either way, some details about breaches help, right?
  • Is Your Security Awareness Program Good Enough?
    It’s always the insider. Well, maybe not always, but it sometimes seems that’s what we are hearing. Users make errors everyday and are vulnerable to a variety of attacks. Besides that, users are simply vulnerable to a variety of attacks. Is Your IT Security awareness program good enough?
  • What My Summer Vacation Reminded Me About Security
    I pondered the meaning of various happenings and observations on a recent vacation. Here’s my attempt to unpack the significance of these events and how they relate to information security.
  • Are you Ready for the Zombie Apocalypse?
    You can prioritize your needs when preparing yourself for zombies. Food and water come first. When thinking in the world of information security we have the same way of prioritizing. To make sure you are ready for the zombie apocalypse, or any other disaster, you have to prioritize. Take the test to see if you are prepared!
  • HIPAA - Is it "Good" for Security?
    While they might give us a sense of security, do HIPAA and HITECH really make us more secure?