Security Experts:

Jon-Louis Heimerl's picture

Jon-Louis Heimerl

Jon-Louis Heimerl is Director of Strategic Security for Omaha-based Solutionary, Inc., a provider of managed security solutions, compliance and security measurement, and security consulting services. Mr. Heimerl has over 25 years of experience in security and security programs, and his background includes everything from writing device drivers in assembler to running a world-wide network operation center for the US Government. Mr. Heimerl has also performed commercial consulting for a variety of industries, including many Fortune 500 clients. Mr. Heimerl's consulting experience includes security assessments, security awareness training, policy development, physical intrusion tests and social engineering exercises.

Recent articles by Jon-Louis Heimerl

  • Based on high level review of the types of breaches we have seen over the past year, we should be able to see opportunities to make our environments more resilient to attack.
  • Credit card security really is easier than it sounds. Some of this stuff is easy once you are set up.
  • We all know passwords are not a great solution for securing our accounts and information. But, it is what we have right now, so we might as well make the best of them, eh? Take this quick quiz to see how secure your password is.
  • Cybercrime “case studies” are always impersonal, right? Would you get more out of specific stories of individuals caught in the cross hairs instead of corporate entities?
  • Do people really understand what the U.S. Intelligence Community (IC) does and what classified information is? As someone who worked in the IC for about 10 years, here is an inside look.
  • When it comes to the security responsibilities of vendors, answers are still often behind where they need to be. What are some things to think about in the way you manage your security with your vendors?
  • For a month, I kept all of my spam, then looked at the subject matter, where it was from and tried to analyze some additional characteristics of the spam.
  • The concepts of defense in depth have been with us for years -- hundreds of years, if not thousands. Maybe we can learn something from those architects of warfare from the Middle Ages?
  • Social engineering attacks can happen at any time. Here are some strategies you can use to help reduce the chances of a successful social engineering/phishing attack you or your organization.
  • Security is a creature of habit. Security likes things to stay the same. Change brings chaos. Chaos is bad for security. But, we can help control the security of our environment by following good security habits.
  • If your organization was breached by malicious attackers and you had just enough time to completely protect exactly one data asset (drive, server, application, database, etc.), what data do you save?
  • The power of metadata does not come in that data itself but in the ability of that data to be processed and correlated in an automated fashion. What many believe is meaningless data can reveal more than one would think.
  • The Omnibus Rule that updated the Health Insurance Portability and Accountability Act (HIPAA) has the potential to be a game changer because of the things it says in writing, as well as some of the things that it doesn’t say.
  • Was the Mayan Apocalypse was a myth? Since I am a security geek, I just happen to talk about security a lot. What are some security myths I have heard in my conversations with some very bright people?
  • If regulatory protected information gets onto your device, you are obligated to protect it. Are you fully prepared to guarantee that everything you are doing on your personally managed device meets the obligations of you and your organization to protect sensitive information?
  • What do you do when your organization has been victimized by a phishing attack? If you wait until you are actually under an attack it is too late.
  • Organizationally, there are things you can do to help avoid becoming a victim, and to minimize damage if you are victimized.
  • In a perfect world, we would not stress this awareness for one month only. Awareness should be a constant, ongoing effort.
  • External attacks are not our only worry. Most security nuts have been saying for years that our biggest threat is not external, but rather the "Internal Threat." I will take that a step further and say that one of the biggest threats that we face is the "oops".
  • The evolution in information security programs comes from the demand to provide security in an environment in which the perimeter is no longer the most important security delineation. What is perimeter security today?
  • A little summer weekend fun from Solutionary's Jon-Louis Heimerl. Enjoy this comical InfoSec poem!
  • How many times have you seen a vendor site or proposal say that someone supports “best of breed” security, or that a company honors “best practice”? Can you really define “best” security?
  • One of the first steps you have in a formal security program is the Risk Analysis, closely followed by the Business Impact Assessment. But is there another step in here that helps improve how well you know yourself? Take this test and see your score!
  • Big Data means exposing more data to internal misuse or accidental exposure, and exposing more data to an attacker who succeeds in penetrating your perimeter.
  • While it’s commonplace to share information online and via social media, we all want our information safe, and we want control over what we share. Unfortunately, control is becoming harder to establish and maintain.