Areas Of Expertise
Areas Of Expertise
Jason Firch is a veteran digital marketer and cyber security expert with a decade of experience as well as the co-founder and CEO at PurpleSec and CMO at SecureTrust Cyber.
Throughout his career, Jason has developed, deployed, and evaluated successful digital, inbound, paid, social media, and content marketing initiatives that drive demand.
Jason holds both an MBA and BA with a focus on marketing from the Bloomsburg University of Pennsylvania. He is a recipient of multiple sales awards and has been published in an international business journal. When he’s not hosting the “Security Beyond The Checkbox” podcast, or contributing to the PurpleSec blog, you’ll find Jason helping nonprofits with their online marketing.
Recent Articles:
Discover how to centralize your patch management effectively to enhance cybersecurity in your organization. Our guide explores the benefits, strategies, and tools for successful centralized patch management.
Master cloud patch management with our comprehensive guide. Boost cybersecurity, streamline updates, and fortify your cloud environment today.
Discover how to scan for and fix Log4j vulnerabilities, ensuring the security of your Java applications while continuing to benefit from this widely-used logging library.
Discover shocking vulnerability management trends for 2023! Experts reveal predictions that’ll change the game – Stay ahead or be hacked!
Improve vulnerability visibility in networks & cloud environments with expert tips on strategies, KPIs, prioritization, & automation. Secure your assets now!
Discover best practices for Windows patch management! Learn how to streamline the process, overcome challenges, and reduce cyber attacks.
Struggling to bring your patch management up to speed? Learn the key challenges along with the solutions to tackle them head on.
Learn to effectively prioritize vulnerabilities in your organization’s cyber security efforts. Discover key factors, techniques, and examples for risk-based prioritization.
You can automate your patch management by selecting the right patch management tool that best suits your organization’s needs and configuring its automatic patching settings.
Patch management refers to the process of identifying, acquiring, testing, and installing software updates (also known as patches) to an organization’s systems.
A penetration testing policy is a set of formalized guidelines, requirements, and standard operating procedures that serve to define the overall goals, expectations, limits, and methods.
A Spoofing attack is a means of falsifying any individual’s identity to gain unauthorized access. As a result, attackers will cause internet activity to be rerouted and overburdened or redirected acquiring system access, data theft, and malware injection.
You can implement and enforce patch management policies by monitoring processes, configuring group policies, and using a patching tool such as SCCM, Satellite, or Wsus.
A Backdoor attack is mounted on malware that negates routine authentication procedures to access a system. As a result, remote access is granted to resources within an application, such as databases and file servers.
With a properly implemented cyber security strategy, businesses can be confident that their operations can be sustained indefinitely, critical data is secure, and the risk and financial implications of cyber breach are minimized.
Social engineering relies on human behavior and the way humans think. It takes advantage of our tendencies in an attempt to get the target to make a decision they wouldn’t normally make
Malware, or malicious software, is any piece of software that was written with the intent of doing harm to data, devices or to people.
Red teams attack systems and break into defenses. Blue teams maintain internal network defenses against all cyber attacks and threats.
The different types of penetration testing include network services, web application, client side, wireless, social engineering, and physical.
Malware, social engineered attacks, and more! Is your business prepared to handle the most common types of network security vulnerabilities in 2022?
A phishing campaign is comprised of 8 steps including sending a questionnaire, crafting email templates, defining the vishing and/or smishing scenario, getting stakeholder buy in, performing the test, reporting on findings, and conducting security awareness training.
Our team of IT security experts researched and analyzed the emerging threat landscape in 2020 to bring forward the top 10 cyber security trends in 2021.
Vulnerability scanning identifies vulnerabilities within systems on a network. Penetration testing simulates an attack to exploit vulnerabilities.
Want to prevent financial loss or legal liability from cyber attacks? Follow these 5 steps to protect your network from attacks.
A network security policy is a set of standardized practices and procedures that outlines rules network access, the architecture of the network, and security environments, as well as determines how policies are enforced.
You can mitigate or prevent ransomware attack by implementing user education and training, automating backups, minimizing attack surfaces, having an incident response plan, installing endpoint monitoring and protection across your fleet, and purchasing ransomware insurance.
The main difference between a SIEM and IDS is that SIEM tools allow the user to take preventive action against cyber attacks whereas an IDS only detects and reports events.
CMMC stands for the Cybersecurity Maturity Model Certification. The CMMC will encompass multiple maturity levels that range from Level 1: Basic Cyber Hygiene to Level 5: Advanced / Progressive.
You can prevent a distributed denial of service attack by: Developing a denial of service response plan, Securing your network infrastructure, Filtering routers at the edge of your network to spot and dro DDoS connections, Blackholing the site that is being DDoS’d, thereby directing all traffic to an invalid address.
You can prevent a buffer overflow attack by auditing code, providing training, using compiler tools, using safe functions, patching web and application servers, and scanning applications.
You can prevent ping attacks by configuring your firewall, adding filters to your router, looking at spoofed packets, monitoring traffic patterns, scanning your network.
You can SYN flood attacks by installing an IPS, configuring your firewall, installing up to date networking equipment, and installing commercial monitoring tools.
You can prevent a DNS amplification attack by Implementing Source IP Verification on a network device, Disabling Recursion on Authoritative Name Servers, Limiting Recursion to Authorized Clients, and Implementing Response Rate Limiting (RRL) setting on DNS Server.