Category: Advice

You Know The Cyber Threat, Now Do Something About it

We continually capture lessons learned and best practices for reducing digital risk and enhancing cybersecurity and maintain a list you can use to review to ensure you and your team are optimizing defenses.

We provide no-nonsense tips on topics like:

  • How to configure our DNS to reduce the chances that malware will propagate in your systems
  • How to pick the best cybersecurity framework for your organization
  • Tips for dealing with your data

To see the full list visit: OODA Loop Cybersecurity Best Practices

And for external review of your cybersecurity posture see OODA LLC offerings in:

Technology Due Diligence – CTO as a service – CISO as a Service

Put A Team Of Seasoned Professionals On Your Side

OODA LLC is a CTO advisory and Due Diligence firm operating across multiple sectors of the economy. We are known for our ability to help companies mitigate risks and increase compliance while optimizing security spend.

Crucial Point helps clients improve defenses by:

  • CISO as a Service: Strategic leadership for corporate security programs, including evaluation of an exercising of incident response plans.
  • CTO as a Service: Technical architecture review and senior advice, including action plans for modernization and cloud transition.
  • Independent verification and validation of compliance, including GDPR, FFIEC, NIST.

We would love to serve your efforts. Contact OODA LLC  for more information.


Journalists In Danger of Cyber Espionage: Lessons from Jamal Khashoggi murder

BBC news ran a piece titled “Jamal Khashoggi: Saudi murder suspect had spy training” which provides more details on one of the 15-member team sent to kill Jamal Khashoggi. Maher Abdulaziz Mutreb was trained in how to use offensive spyware technology as part of nation-state sponsored efforts for the Saudi state.

A source described how Mr. Mutreb spent time in a course with him in 2011 learning to use tech his company was providing the Saudi government so it could carry out targeted attacks on the phones and computers of its own citizens.

From the BBC report:

“This information might have been basically everything from [their] GPS position, conversation, microphone audio around the device itself, camera pictures, files on disk, emails, contacts, everything that was on the device itself.”

The tools he was trained in, the source said, were similar to other tools which, according to Citizenlab and Amnesty International, were recently used against several of Mr Khashoggi’s friends.

We have a recommendation for all journalists as well as anyone else seeking to make it harder to be spied upon. Take action now to raise your defenses by reviewing the OODA Guide to Cybersecurity Best Practices.

And for external review of your cybersecurity posture see OODA LLC offerings in:

Technology Due Diligence – CTO as a service – CISO as a Service


Track The Technological Dimensions of The Cyber Threat With CTOvision

CTOvision reports on all the megatrends driving the future of IT, including trends in cybersecurity. More importantly, we track how the functionality of Cloud Computing, Artificial Intelligence, Mobility, Big Data, Robotics and the Internet of Things will require new approaches to cybersecurity.

If you enjoy the daily Threat Brief we know you will enjoy CTOvision. Sign up for our newsletters at:

Want to mitigate digital risks? Don’t get another assessment, get an assistance visit

The Daily Threat Brief  is designed to give you awareness of risks, so you can mitigate them!

Our team has a track record of safeguarding some of the nation’s greatest secrets, equipping U.S. leadership with actionable intelligence that helps protect lives and driving technology innovation that has kept key agencies generations ahead of our adversaries.

Reply to any of our products to ask for more information on how we can serve your efforts.

For more on what we do and to engage us in a dialog see: Crucial Point

We are now part of OODA, offering: Technology Due Diligence – CTO as a service – CISO as a Service

Threat Brief Makes People Magazine

When People Magazine decides they need to start reporting on the cyber threat you know we are living in dangerous times. We have always believed more people should be informed of the threat and should work to mitigate risks, and are happy to have been a part of recent reporting in People.


In it, Threat Brief publisher Bob Gourley of OODA provides tips for the average computer user including:

  • Stay aware of the threat
  • Pick passwords that are impossible to guess but easy to remember (tips are given in the article)
  • Don’t use free email from your isp. Use Google mail.
  • Use two factor authentication whenever you can.
  • Look for spoofed emails and links
  • Use a password manager like Dashlane
  • Know what https is and how to spot it in your browser

For more tips including ways to significantly reduce your risk see our services in Technology Due Diligence – CTO as a service – CISO as a Service.

Few organizations have the resources required for optimal cybersecurity and digital risk reduction

OODA’s CISO as a Service offering puts our seasoned team of experts on your side.

Our leadership has spent years working across multiple sectors of the economy and in government agencies helping organizations protect what matters most. We know the threat, know best practices and know the importance of keeping your security program focused on enabling your business objectives. Our CISO as a Service offering is the ideal choice for firms who have grown to the point where a more robust security program is required. We can provide the executive leadership to get your program off the ground and can assist you in your search for a full-time CISO.

For more information see: OODA LLC

Protecting Your (and your employee’s) Personal Information at Home

A trend we have noticed in engagements across multiple sectors of the economy is an absolute thirst for information on best practices for protecting information at home. Every employee of every company, from the most senior executive to most junior intern, is now leveraging advanced interconnected technologies in amazing new ways at home. In doing so they are introducing new risks to their personal privacy, and, at times, introducing new risks to the firm they work for. This means it is almost always in the best interest of employers to help employees understand how to better protect their personal information.

The hard part is that every home IT configuration will be different, and it is very hard for a company to provide useful, actionable guidance to every employee. We have found the most important recommendation is to encourage employees to adopt an attitude of personal responsibility and continuous questioning regarding optimal home security configuration.

Read a full report at in our Collection of Best Practices in Cybersecurity: Protecting Your Personal Information At Home

Crucial Point is now part of OODA LLC, offering services in Technology Due Diligence – CTO as a service – CISO as a Service.

Happy New Year: Here Are Five Suggestions To Reduce Your Digital Risk


This is the time of year when we think about change and make lists of resolutions to keep in the new year. As you think of your resolution list we have five topics for you to consider:

1. Use a managed DNS service at home and office: This can help prevent accidental navigation to websites that have been taken over by malicious actors and contain bad code. It can also help stop communications from malicious code in your systems back to their control sites.

2. Use two factor authentication for every account: There is no such thing as a silver bullet in cyber defense, but this is one of the most important things you can do. If an account does not offer multi-factor authentication, consider closing it.

3. Use a password manager (like Dashlane): We all have too many passwords to remember. A good password manager like Dashlane can help you keep them all up to date and secure and can also make your online life easier.

4. Update operating system and applications: Keeping your operating systems and applications patched reduces many risks.

5. Sign up for the daily at You can review the latest threat information in just a few minutes each morning. The threat is dynamic and the Threat Brief will help inform your decision-making by keeping you up to date.

Complying with new DFARS regulations is easier with external help

If you are a DoD contractor of any size, including sub contractors to other contractors, you no doubt have already heard of the new changes to the Defense Federal Acquisition Regulations (DFARS) requiring enhanced security controls over contract info. The regulations are specific and will be costly. The good news is that the cost of compliance is considered an allowable cost under Federal Acquisition Regulation (FAR)/Cost Accounting Standards (CAS), which means if you do things smartly the government will allow you to role the cost into what is allowable for rates you charge. More good news is that when you engage external help in complying with DFARS you can leverage the talent of people who know the most efficient way to get these things done. This can not only get you into compliance but can make you more secure and save you money.

For more information see: Crucial Point LLC Best Practices in Cybersecurity  and What You Need To Know About The New DFARS Regulations

We are now part of OODA: Technology Due Diligence – CTO as a service – CISO as a Service