Home
Tom Olzak

Tom Olzak

Cybersecurity Researcher, Author & Educator

Independent security researcher and an IT professional since 1983, with experience in programming, network engineering, and security. I have an MBA as well as CISSP certification. I am also an online instructor for the University of Phoenix. I've held positions as an IS director, director of infrastructure engineering, director of information security, and programming manager at a variety of manufacturing, healthcare, and distribution companies. Before joining the private sector, I served 10 years in the United States Army Military Police with four years as a military police investigator. I've written four books, Just Enough Security, Microsoft Virtualization, Enterprise Security: A Practitioner's Guide, and Incident Management and Response Guide. I am also the author of various papers and articles on security management.
Stories by Tom Olzak
Who is to decide if a ransom amount needs to be paid?
Cyber Risk Management
Ransomware Payments: Is Cyber Insurance With Proper Controls the Best Solution?
Tom Olzak
Ransomware payments have become a much-debated topic in the corporate world. Read more about whether working with cyber insurers is...
The importance of adaptive authentication in zero trust networks.
Cyber Risk Management
Why Adaptive Authentication Should Be a Core Component of Zero Trust Networks
Tom Olzak
Read more to understand why adaptive authentication is a critical component of a Zero Trust Network (ZTN) and how it...
Practical Application of System Security Engineering to SDLC Security, Part 3
Security General
Practical Application of System Security Engineering to SDLC Security, Part 3
Tom Olzak
In the first two articles in this three-part series, I described the three system security engineering contexts problem, solution, and...
Practical Application of System Security Engineering to SDLC Security Part 2
Identity & Access Management
Practical Application of System Security Engineering to SDLC Security, Part 2
Tom Olzak
Part 2In the first article in this series, I explained the need for system security engineering and how it works....
Manage the Business Risk of the Web You Don’t See
Vulnerability Management
Manage the Business Risk of the Web You Don’t See
Tom Olzak
Knowing what personal information about employees and customers is available to potential attackers helps organizations determine the risk associated with...
blue glowing isometric padlock surrounded by columns of light with binary data flowing
Data Security
The Security Challenges and Defense of Hidden Data
Tom Olzak
Security professionals continue to improve their organization's defenses, causing malicious actors (MAs) to find ways to circumvent controls. One way...
1 2 3 4 5
Popular Articles