Friday, May 22, 2020

Joe’s Shelter-in-Place Book Club

March 13th - ???

My 2020 New Year’s Resolution was simply to “Read more. Eat less.”  By the end of February, I could report that my reality was exactly the opposite. :-(

Enter “social distancing” and its harsher cousin, “self-isolation”.  While arguably making it harder to “eat less”, it has given me the kick-start I needed to “read more”.

In this space, I will update the list of books as I finish them...

1.  Thanks a Lot, Mr. Kibblewhite: My Story - by Roger Daltrey
2.  The Gulag Archipelago, 1918-1956 : Volume 1- by Aleksandr Isaevich Solzhenitsyn
3.  Political Tribes: Group Instinct and the Fate of Nations - by Amy Chua
4.  To Save a City: The Berlin Airlift, 1948-1949 - by Roger G. Miller
4.  The Who: 50 Years - The Official History - by Ben Marshall with Pete Townshend and Roger Daltrey
6.  One Day in the Life of Ivan Denisovich: A Novel - by Aleksandr Isaevich Solzhenitsyn
7.  The Ox: The Authorized Biography of The Who's John Entwistle - by Paul Rees
8.  Great Society: A New History - by Amity Shlaes
9.  Talking to Strangers: What We Should Know About the People We Don't - by Malcolm Gladwell

Updated 5.22.20

Monday, May 18, 2020

Cybersecurity vigilance during this pandemic should not be ignored.

Well before the current COVID-19 crisis, cyberattacks have been on the rise significantly - especially phishing attacks and ransomware.  The current state of affairs has only exacerbated the problem.

In the midst of this pandemic and historic economic downturn, businesses are in a very difficult position - particularly small and medium businesses.  Revenue is taking a massive hit - forcing furloughs, layoffs, and the gutting of resources.  At the same time, ever-more cunning and sophisticated cyberattacks leave companies exposed to a potential death-blow.

Even in good economic times, data breaches cause 10% of small businesses to shutter and 25% to file for bankruptcy.  These numbers become even more dire when combined with a national/global shutdown.

As businesses tighten their belts, work to sustain revenue streams, and re-prioritize projects, it is wise to look at cybersecurity as a priority rather than just another IT expense that can be delayed. It is not the same thing as merely postponing that server upgrade or refreshing those company laptops.

Many organizations do not have the internal bandwidth to keep a vigilant 24 x7 watch over the security events in their IT environment.  ControlScan performs Managed Detection and Response precisely for such organizations.

ControlSan's security analysts identify intrusions and suspicious activities as they are happening so they can be extracted from the network environment before any damage is done. Our analysts provide true, hands-on response in real time to ensure our customers' environments remains protected.

The ControlScan SOC captures and compiles data from both physical and digital sources to develop a level of decision support not possible in a standard monitoring environment. This process combines our people, processes, and technology to analyze and act on robust data sets, allowing us to see the whole picture of an enterprise. We keep businesses optimized and running no matter what challenges arise.

Cybersecurity should be a priority to any business, especially in uncertain times.  If you have any questions about how to protect your business from a cyberattack, or if you simply want to talk about security best practices, please reach out.

Take care of yourself, your family, your employees, your customers, and your business. Stay safe.

Joe Gaeta
April 8th, 2020

Friday, April 17, 2020 "The Biggest Cybersecurity Mistakes CISOs Might be Making Today"

This article was published today at and is very informative. I encourage you to read it. It highlights five things for cybersecurity leaders to consider when developing the right cybersecurity posture for their organization.

Below are those five items - along with how ControlScan can help.
MDR by ControlScan
Article:  How much time can I give? "...Perhaps someone else (who can be fully dedicated) should be chosen instead. Of all areas of responsibility, cybersecurity is one that has zero tolerance for error. Anything less than perfect performance, 24/7/365, can eventually be catastrophic..."
Joe Gaeta:  ControlScan's performs Managed Detection and Response for organizations that don’t have the bandwidth to keep a 24/7/365 watch over the security events in their IT environment. We efficiently and effectively supplement your organization’s security threat management efforts. 
Article:  Can my team manage our security solutions effectively? "...Administering security solutions can be tedious, time-consuming, and error-prone.... [offloading this] increases the size of your team. You get additional team members, who are experts in cybersecurity, fighting off malicious elements on the web...."
Joe Gaeta:  ControlScan's team of senior security analysts working in our Security Operations Center identify intrusions as they are happening, so you can extract them from your environment before any damage is done:
  • Defining, implementing and updating security rules 
  • Running targeted threat hunting sequences to trace anomalies 
  • Examining alerts to separate true concerns from false positives 
  • Addressing and appropriately escalating threats in real-time 
Article:  Am I incurring unnecessary costs?  
Joe Gaeta:  In order to perform 24/7/365 cybersecurity monitoring in-house, a company would need to utilize AT MINIMUM three shifts of analysts and all the costs that implies - both financial as well as in the form of misallocated resources.  Working on forward-looking projects like securing that new revenue-generating app is a better use of your skilled cybersecurity professionals than monitoring your systems 24/7.
Article:  Am I up to date on the current landscape?  "...Unfortunately, many [CISOs] try to do the bare minimum, and think they’ll stay safe..."
Joe Gaeta:  ControlScan's Managed Detection and Response service is led by senior security analysts whose very job is to stay on top of the latest threats. Along with A.I., they put their knowledge and wisdom to work while monitoring our clients' environments.
Article:  Am I using the best approach? "...If your organization is still using on-premise web security, perhaps it’s time to consider an alternative..."
Joe Gaeta:  Indeed.

Thursday, April 9, 2020

A real-life example. Stay vigilant!

I received this email to my personal account today. Ostensibly from a friend of mine.  Not so.  

Here are the telltale signs:
A reminder:  

Tuesday, March 31, 2020


"Honest work is respectable, in good times and in bad times.  Our national tendency to sneer at any job that does not require an advanced degree or a mass-marketable talent in sports or entertainment is one of the worst aspects of contemporary American life." - Kevin Williamson, National Review

Wednesday, March 18, 2020

ControlScan Becomes One of the First PCI Software Security Framework Assessor Companies

Expanded application security assessment services give ControlScan customers more flexibility and increased software security.
ATLANTA, March 18, 2020 (GLOBE NEWSWIRE) -- ControlScan, a leader in managed security and compliance solutions that help secure IT networks and protect payment card data, has become one of the first Software Security Framework Assessor companies to be listed by the PCI Security Standards Council.

Software vendors for point-of-sale, middleware, payment switches, kiosks, shopping carts, call centers, fuel dispensers, and other transaction-related applications who validate according to the new SSF program can benefit from its streamlined process that supports efficient and agile code releases and defends against constantly evolving security attacks.

“The Software Security Framework really has changed the game for application security,” said Sam Pfanstiel, Director of Security Consulting Services, ControlScan. “The new set of standards is much more streamlined to accommodate today’s accelerated software lifecycle, because it supports the latest software integrity testing technologies while also giving significant consideration to the maturity of the vendor’s application design, development and management practices.”

ControlScan assessors are qualified to test for both secure software lifecycle (Secure SLC) and Secure Software. A combined assessment methodology enables quick and confident evidence collection and testing for listing as a Secure SLC Qualified Vendor and/or Validated Payment Software. In addition, these certifications work together to assure merchant and acquiring customers that such software will support their own PCI DSS compliance.

“We recommend the combined audit approach, since companies listed as Secure SLC Vendors can now self-attest to low-impact application changes without undergoing a third-party audit,” Pfanstiel said. “This can significantly reduce their time-to-market for software enhancements.”

The company’s SSF advisory services also support gap analyses against either or both assessment types, providing a clear path to compliance and listing under the new SSF program. In addition, ControlScan can produce white papers that detail the impact of a company’s SSF compliance to support its customers' PCI compliance.

The new SSF program will fully replace the Council’s Payment Application Data Security Assessor (PA-DSS) program by 2022, but ControlScan encourages eligible entities to utilize it now. For more information about ControlScan’s Software Security Framework validation services, please click here.

About ControlScan
ControlScan managed security and compliance solutions help secure IT networks and protect payment card data. Thousands of businesses throughout the U.S. and Canada partner with us for easy, cost-effective access to the expertise, technologies and services that keep cyber criminals and data thieves at bay. With highly credentialed cybersecurity and compliance experts; 24x7 managed detection and response; managed UTM firewall services; ASV vulnerability scanning; security penetration testing; PCI compliance programs and validation services; QSA and HIPAA assessments; and more, we’ve got your back. For more information visit
Press Contact
Stacey Holleran
Director, Corporate Communications

Sunday, March 15, 2020

Report: ISOs, Acquirers Finding Innovative Ways to Address Merchant PCI Compliance

Recent survey by ControlScan and the Merchant Acquirers’ Committee finds new strategies surrounding non-compliance fees, scope-reducing technologies.

LAS VEGAS, March 03, 2020 (GLOBE NEWSWIRE) -- MAC Level Up Conference - ControlScan, a leader in managed security and compliance solutions that help secure networks and protect payment card data, has released a new payments industry research report in collaboration with the Merchant Acquirers’ Committee (MAC). Among its findings, the ControlScan/MAC 2020 Acquiring Trends Report identifies new strategies ISOs, acquirers and other merchant service providers are employing in the face of increasing merchant PCI compliance challenges.
ControlScan and MAC have tracked various aspects of acquirers’ PCI programs—including who has them, their goals and achievements, and how they’re administered—since 2011. Gathering this data over time has provided the ability to follow trends and share unique insights into the state of merchant PCI compliance programs.

Acquiring Trends survey respondents consistently say that regular, ongoing communications and education are key to their merchant PCI compliance efforts. However, this year’s survey saw a rise (from 35% to 44%) in those who are realizing the benefit in combining communications with technology services such as managed firewall. Validated point-to-point encryption (P2PE) solutions, as well as end-to-end encryption (E2EE) also rated high for their ability to reduce PCI scope.
Chris Bucolo
"When combined with regular communications and educational content, scope-reducing technologies and related services are a powerful way to make life easier for the merchant,” said Chris Bucolo, Vice President of Market Strategy, ControlScan. “It’s all about giving the merchant the tools and support they need to properly secure their business, without overburdening them.”

Other key findings from the ControlScan/MAC 2020 Acquiring Trends Report include:
  • Keeping merchants compliant is a continuing challenge – From 2014 through 2018, portfolio compliance rates were on a healthy upward trend. In 2018, however, there began to be signs of slowing rate growth based upon 38% of survey respondents reporting that their rates had either stayed the same or declined. The 2020 numbers show a definitive downward trend, with only 26% reporting compliance rates above 60% (as opposed to 42% in 2018) and 23% under 25% (as opposed to 15% in 2018).
  • Non-compliance fees are increasing in their significance – The percentage of those not charging non-compliance fees has historically been stable at around 17-18%. This year, however, the percentage rose to 23%. When asked about the drivers behind waiving non-compliance fees, an astounding 77% said they did so for strategic and/or competitive purposes. This year’s survey also found a widening divide between those who charge no non-compliance fees and those who are charging a non-compliance fee of more than $50 per month.
  • High Compliance Rates and merchant risk reduction go hand in hand – Keeping merchant risk in check is a priority for virtually all respondents, with 86% saying it’s a high or top business priority. Further data analysis revealed that one-third of those who have made merchant risk reduction a top priority are achieving higher merchant portfolio compliance rates than the group as a whole.

"Running a successful PCI compliance program requires regular reviews of metrics and trends so that corresponding adjustments can be made,” said Bucolo. “Like security technologies, there is no ‘set and forget’.”

“The information we glean from our ongoing survey partnership with ControlScan is extremely valuable,” said Vadeene Sisk, Education Committee Chair, MAC. “High merchant compliance rates translate to reduced business risk, which is mission critical for the MAC membership base as well as the payments community at large.”

About the Survey 
The ControlScan/MAC 2020 Acquiring Trends Survey was conducted over a six-week period between November 12 and December 23, 2019. The survey was administered online, and a link was distributed via email to randomly selected processors, acquirers, ISOs and other merchant service providers listed in the databases of ControlScan and MAC. A total of 68 payments industry professionals, representing organizations that serve Level 3 and 4 merchants, completed the survey.

The ControlScan/MAC 2020 Acquiring trends report is being released in conjunction with the MAC Level Up Conference taking place March 2-5 at the Park MGM in Las Vegas. Download a complimentary copy of the new report here.

About ControlScan 
ControlScan managed security and compliance solutions help secure IT networks and protect payment card data. Thousands of businesses throughout the U.S. and Canada partner with us for easy, cost-effective access to the expertise, technologies and services that keep cyber criminals and data thieves at bay. With highly credentialed cybersecurity and compliance experts; 24x7 managed detection and response; managed UTM firewall services; ASV vulnerability scanning; security penetration testing; PCI compliance programs and validation services; QSA and HIPAA assessments; and more, we’ve got your back. For more information visit

About Merchant Acquirers’ Committee (MAC)
The Merchant Acquirers’ Committee (MAC) is an organization of payments professionals dedicated to protecting the integrity of the payments ecosystem. Our members include acquiring banks, ISOs, the card brands, NACHA, law enforcement agencies, payment processors, and payment facilitators. MAC’s mission is to strengthen the payment ecosystem through ongoing education, communication, and cooperation among its members. For more information, visit

Press Contact
Stacey Holleran
Director, Corporate Communications

Thursday, March 12, 2020

The company with the plan wins.

Dark Reading is one of the most popular cybersecurity news sites on the Web today.

ControlScan's Vice President of Security Consulting Services, Marc Punzirudu, recently sat down and talked with Dark Reading and discussed how to change the conversation about security in your company.

Wednesday, March 4, 2020

Don’t Wait Until Ransomware Has Your Business Locked Down

Ransomware victims are paying hundreds of thousands of dollars to cybercriminals. It doesn’t have to be this way!
The ControlScan Blog is always a great source for useful information about cybersecurity and compliance.

However, this recent post by ControlScan's Director of MDR Operations is PARTICULARITY important as ransomware attacks continue to rise.

I highly recommend that you read it today understand the importance of planning ahead in order to save time an money...and possibly our business.

For more information on how ControlScan can help you in this area, don't hesitate to contact me directly.

Friday, February 28, 2020

ControlScan Security Operations Center Analysts Win Gold in Cybersecurity Excellence Awards

MSSP ControlScan takes home three awards for its dedication to “excellence, innovation and leadership in information security”. [PRESS RELEASE] ATLANTA, Feb. 27, 2020 (GLOBE NEWSWIRE) -- ControlScan, a leader in managed security services specializing in compliance, detection and response, has received a gold Cybersecurity Excellence Award recognizing its security operations center (SOC) analysts as “Cybersecurity Team of the Year.” In addition, the company was awarded silver as “Best Cybersecurity Company” and “Cybersecurity Service Provider of the Year.” All three awards are for organizations with 100-499 employees operating within North America.

According to recent ControlScan research, 41 percent of businesses that manage their security operations entirely in-house cite “speed of incident response” as a key business challenge. ControlScan SOC analysts provide 24x7, eyes-on-glass support and are specially trained to assess, investigate and rapidly respond to security alerts and anomalies. In 2019, ControlScan’s team of SOC analysts addressed more than 78,000 “medium,” “high” and “critical” events involving malware, defense evasion, exploits, code executions, etc., on behalf of their customers.

“ControlScan SOC analysts are a primary component of our security threat detection and response program, which ensures each business is protected and they don't have to worry about being victimized by a data breach, malware, ransomware, or any other form of cyberattack,” said Tom Callahan, director of MDR Operations, ControlScan. “We are proud of our team and thrilled to be recognized with a gold Cybersecurity Excellence Award.”

The Cybersecurity Excellence Awards honor companies, products and professionals that demonstrate excellence, innovation and leadership in information security. ControlScan is consistently developing new services to bolster its technology stack and ensure that customers’ security and compliance needs are holistically met. Recent enhancements include expanding Managed Detection and Response (MDR) services to businesses using Microsoft Office 365, Google G Suite, and other cloud-based SaaS and PaaS applications/services; introducing PaySafe PumpConnect, to increase security and payment transaction speeds at fuel pumps; and advancing the company’s Endpoint Security Service, to provide even greater threat detection and response capabilities.

The complete list of Cybersecurity Excellence Award winners is located HERE. To learn more about the ControlScan SOC and its team of security analysts, see the video here.

About ControlScan
ControlScan managed security and compliance solutions help secure IT networks and protect payment card data. Thousands of businesses throughout the U.S. and Canada partner with us for easy, cost-effective access to the expertise, technologies and services that keep cyber criminals and data thieves at bay. With highly credentialed cybersecurity and compliance experts; 24x7 managed detection and response; managed UTM firewall services; ASV vulnerability scanning; security penetration testing; PCI compliance programs and validation services; QSA and HIPAA assessments; and more, we’ve got your back. For more information visit

Press Contact
Stacey Holleran
Director, Corporate Communications

Tuesday, February 25, 2020

Restaurants need cybersecurity protection, too.

According to the National Restaurant Association’s latest State of the Industry Report, restaurants are rapidly adopting new technologies such as online/app-based ordering and reservations as well as mobile payments. These tools are great for creating a better customer experience, but they can also put your restaurant at a greater risk of being breached.

Confidently run your business 
without worrying about cybersecurity threats.

Restaurant technology is going to continue advancing.  Savvy operators understand the need to upgrade according to customer demand and preferences. As restaurants grow and scale their technology usage, they can rely on ControlScan to defend their business from cyber criminals.

Good cybersecurity is more thorough
and less costly than you think.

The ControlScan Managed Detection and Response (MDR) service gives restaurants a cost-effective way to ensure that security threats are quickly discovered and eliminated. ControlScan keeps our eyes on restaurants' IT networks on a 24x7x365 basis - allowing restaurateurs to run their business knowing that we’ve got their back.

Watch the video to learn more and contact me today for a deeper dive and to schedule demo.

Thursday, February 20, 2020

Managed Security by Control Scan - We've Got Your Back

Layered cybersecurity cannot be ignored. Defensive measures, like standalone firewalls, will not completely keep attackers out of a network environment. Advanced threat detection and response capabilities must also be employed to fully protect an environment and immediately identify and stop an attack when it happens.

After falling victim to a ransomware attack, it became clear to one of the nation’s leading independent insurance brokerage firms that managing their own network security was no longer an option. The firm’s IT team just didn’t have the bandwidth to efficiently secure company data and rapidly detect the ever-increasing number of cyber threats. To stay competitive and to protect their client data, they needed a robust defense system and a partner they could trust—one that had the technical expertise to provide a multi-tiered approach to security.

Since partnering with ControlScan, this customer has been able to ward off additional security breaches through layered security and 24/7 threat detection monitoring. Their CIO says the critical benefits of the ControlScan partnership are incalculable.

Contact me today to discuss to your current cybersecurity posture and review some of ControlScan's managed services that can help protect your business from devastating cyber threats.

ControlScan - We've Got Your Back

North American CyberSecurity Team of the Year!

CyberSecurity Insiders has begun publishing their
2020 CyberSecurity Excellence Awards winners.
ControlScan is very proud to announce that
our SOC Analysts have won the award for