Services PIP America protects the value in your organization by managing operational risk in the cyber era
About Us Our unique partnership of top-tier consultants and U.S. military leaders aims to secure and grow American critical infrastructure, private enterprise and government Find out more about our team
Leadership Team Our people are world-class. Drawn from the highest levels of the U.S military and top-tier industry firms, they have deep industry and implementation experience Meet our Leadership Team
HighlightedPIPers Our people are world-class. Drawn from the highest levels of the U.S military and top-tier industry firms, they have deep industry and implementation experience Meet our Team
Contact Us Thank you for your interest. Get in touch with your questions or feedback Contact us to find out how we can help you
Posted 05 August 2020 Cybersecurity and the Board Room (Part III) Our third and final blog in our series on “How to manage cybersecurity risk in the board room?” Where do we start and what do we ask? Our cyber practice is hit with the dreaded “D” word in meetings and requests from senior clients almost daily. A “Dashboard”, however, is just a tool to aid in governance of cybersecurity practices and not one set of metrics that will fit the needs of every organization. This lack of uniform metrics is not driven by different technology stacks or access to resources […] by Dawn Dunkerley Contributing Editor Read more
Posted 21 July 2020 Cybersecurity and the Board Room (Part II) Simple isn’t easy and technical language doesn’t make you smart – an approach to managing cybersecurity risk in the board room (2ndin a three-part series) Whose job is cybersecurity really? When we mention cybersecurity to senior executives at a client or prospect, we are often shown the directions to the IT department and hurried away before anything too technical can be uttered and the chance an executive or board member is put in an uncomfortable position is eliminated. IT definitely plays a role in executing cybersecurity imperatives and should serve as […] by Dawn Dunkerley Contributing Editor Read more
Posted 30 June 2020 Cybersecurity and the Board Room Simple isn’t easy and technical language doesn’t make you smart –an approach to managing cybersecurity risk in the boardroom. If you read no further: Cybersecurity is a boardroom issue becoming increasingly real. Executing cyber risk mitigation involves specialized skills but managing cybersecurity requires the resource allocation and performance management capabilities boards and executives already have. Compliance does not equate with security. If you know your business and what drives results, you will know what to protect and what to risk as you make investment decisions. A blend of input (leading) […] by Dawn Dunkerley Contributing Editor Read more
Posted 16 June 2020 The Cyber Skim: Top Monthly Articles for June 2020 Honda Shuts Down Factories After Cyberattack – Popular Mechanics Based on samples posted online, cybersecurity researchers at MalwareBytes believe the attack fits into a family of file-encrypting ransomware variously referred to as Snake or Ekans. While cybersecurity researchers say a ransomware attack is most likely to blame, it’s unclear whether the attack targeted information technology systems or industrial control systems themselves. READ MORE Honda Ransomware Confirms Findings of Industrial Honeypot Research- SecurityWeek This year the researchers “identified multiple attackers executing ransomware operations involving data theft, the stealing of user credentials, […] by Dawn Dunkerley Contributing Editor Read more
Posted 02 June 2020 Take the Plunge Take the plunge, it’s worth it…the real value in quantifying cyber risk. Most industrial clients understand the need to be risk-based in their approaches to cybersecurity. For many of them, they have already been through this journey with physical security. I’ve seen HIRAs (Hazard Identification & Risk Assessment) evolve to quantify the risk of physical operating and maintenance activities by applying a “RISK = Probability of Impact x Severity of Impact” formula and assigning a score. These scores are then aggregated to provide a clear quantified assessment of the risk inherent […] by Bret Bergman Contributing Editor Read more
Posted 28 April 2020 Cybersecurity in “The New Normal” The term “the new normal” is increasingly popular during these times of global pandemic. I find it comes up in conversations with colleagues, friends, clients, and it is all over the media regardless of the format you choose to consume. Rather than provide yet another philosophical rant to the internet on, “what does normal mean anyway?” (answer: it means different things to different people and cohorts) or “This could actually be a good thing” (answer: maybe from some perspectives but definitely not from others), I thought it best to provide […] by Richard Berkley Contributing Editor Read more
Posted 21 April 2020 Use a VPN to mitigate risk during Covid-19 There are lots of blogs about managing cybersecurity during the Covid-19 crisis. And yes, in times of crisis where people are operating outside their standard routines, there is additional risk. The truth is, however,the actions organizations and people should be taking today are similar to what they were before Covid-19: training and awareness, patching, use of Virtual Private Networks (VPNs), etc… We believe using a VPN represents a high value, easy way to mitigate cyber risks. The use of a VPN is basic hygiene in today’s connected world. By encrypting […] by Joseph Socolof Contributing Editor Read more
Posted 14 April 2020 The Cyber Skim: Top Monthly Articles for April 2020 NASA warns of a significant increase in cyberattacks during Coronavirus outbreak – Security Affairs NASA sent out a memo to its personnel warning of a significant increase in cyberattacks on the agency while its employees are teleworking due to the Coronavirus outbreak. NASA experts believe that the attacks will continue during the pandemic. The good news is that the SOC of the agency doubled the number of blocked attempts to access malicious websites. Editor’s note: As personnel have moved to telework, many have forgotten the best practices they were trained on. […] by Dawn Dunkerley Contributing Editor Read more
Posted 07 April 2020 Beware of Zoom As COVID-19 spreads so does malicious activity…beware of the suspicious Zoom meeting invite! As droves of people are working remotely (many for the first time), IT and cyber teams are stretched thin making it all work. Now is not the time to take our eye off the ball. As Kelly Sheridan recently noted in Dark Reading, “In recent weeks, security researchers have spotted an increasing number of malicious activities linked to COVID-19 as attackers capitalize on the virus.” One specific area of concern is online meeting /collaboration platforms such as WebEx, Microsoft Teams, […] by Bret Bergman Contributing Editor Read more
Posted 24 March 2020 Bad people taking advantage of dark times Unfortunately, we live in a world where bad actors take advantage of any and all opportunities they can find. Even worse, it is often those who are most vulnerable that are taken advantage of. In daily life, we see it with the elderly, and we see it with young children. Today, in the world of the coronavirus, the pool of vulnerable people is growing exponentially. “Phishers know all too well that during uncertain times…people become desperate for information and reassurance.” It is not just those who have coronavirus who are […] by Joseph Socolof Contributing Editor Read more
Posted 18 March 2020 The Cyber Skim: Top Monthly Articles for March 2020 They Come in the Night: Ransomware Deployment Trends – Fire Eye Threat Research We noted several initial infection vectors across multiple ransomware incidents, including RDP, phishing with a malicious link or attachment, and drive by download of malware facilitating follow-on activity. Contain and remediate infections quickly to prevent attackers from conducting follow-on activity or selling access to other threat actors for further exploitation. Editor’s note: As I was looking to pull together this month’s post, I was almost overwhelmed with the uptick in ransomware-related reporting. If that means that we […] by Dawn Dunkerley Contributing Editor Read more
Posted 10 March 2020 Top 10 Security Predictions Through 2020 This 2016 Top 10 Security Prediction List is still as relevant today as the day it was written. Numerous known, yet unmitigated vulnerabilities top the list and are still yet to be addressed in today’s business world. If knowledge is power, how much money and intellectual property will be lost before you or your business take action? by Chris Mitchiner Contributing Editor Read more
Posted 03 March 2020 Cyber Could Take Center Stage in 2020 US Presidential Elections Cyber could take center stage in 2020 US presidential elections…you can help. Since the election appears to be on just about everyone’s mind, I thought I’d take a break from my usual OT cyber domain and spend a minute on election security. Although the Iowa caucus debacle appears not to have been cybersecurity related, it did underscore challenges with online voting apps/systems. The following two articles form Dark Reading are a good primer for understanding the challenges: https://www.darkreading.com/risk/how-can-we-make-election-technology-secure/a/d-id/1336975 https://www.darkreading.com/risk/5-measures-to-harden-election-technology-/a/d-id/1336978 My ask is to all of you politically active “cybernauts” out there. Ask […] by Bret Bergman Contributing Editor Read more
Posted 25 February 2020 Finance vs. Accounting I’m not an accounting major; I am a finance guy… I went to school for finance and management theory. There is probably a whole post to be written on the “theory” of management and why it remains just a lofty notion (spoiler alert: because people be people) but instead, let’s focus on the finance side. “So, you’re an accountant?” I get asked all too frequently… well, I understand tax and double-entry concepts, I can read a balance sheet and write one from a blank sheet of paper but… no, no […] by Richard Berkley Contributing Editor Read more
Posted 18 February 2020 Do you want to build a dashboard? ‘Do you want to build a dashboard?’: Building a risk-based cybersecurity dashboard to improve executive decision-making Most organizations have an executive dashboard for cybersecurity. Unfortunately, most are designed and built by the IT organization, and most focus on compliance and maturity rather than on what truly matters – risk mitigation. Even worse, most provide little ability to drive effective executive decision-making. Let’s start with a very simple premise: cybersecurity is a business enabler. If risk is well understood within an organization, it will have been quantified in dollars. Cybersecurity, then, […] by Joseph Socolof Contributing Editor Read more
Posted 11 February 2020 The Cyber Skim: Top Monthly Articles for January 2020, Part 2 Cybersecurity: A guide for parents to keep kids safe online – ZDNet Security Being a parent can be a rewarding but stressful endeavor, and in today’s networked world, it is not just physical risks to children that have to be considered in modern parenting strategies. Editor’s note: A great reminder that good cyber hygiene begins at home. READ MORE Mandatory IoT Security in the Offing with U.K. Proposal – Threatpost The new U.K. law mandates that manufacturers apply several security controls to their connected devices. The U.K. government has unveiled […] by Dawn Dunkerley Contributing Editor Read more
Posted 04 February 2020 CISO New Year’s Resolutions CISO New Year’s Resolutions…is 2020 the year your organization finally makes security a business driver? And how would you know? It’s usually right about now when my New’s Year resolutions start to waver. So I thought it would be a good time for all of us in cyber to take stock of how we’re doing so far in 2020. This article from Dark Reading offers a good place to start: 1. Resolve to Make Security a Business Driver 2. Resolve to Prioritize Privacy 3. Resolve to Focus on the Human […] by Bret Bergman Contributing Editor Read more
Posted 22 January 2020 Let’s speculate Let’s speculate wildly on the year(s) ahead in cyber… Do you want to hear something freaky? The US Navy has a weapons system with destructive powers so great Dr. Doom and Lex Luthor would both find themselves blushing. Ok, that isn’t news but what may be of interest is the rumor that such a system runs on Windows XP. (note to the US Government; this is just a corroborated rumor I have heard and nothing more) … For those not following the RSS feed from Microsoft Corp, they stopped supporting […] by Richard Berkley Contributing Editor Read more
Posted 14 January 2020 No shortcuts, just good management I have been supporting organizations through transformations for 20 years. If there is one common thread it is that they are all looking for a silver bullet – buy something, install technology, hire or fire someone, re-organize. The fact is, there is not an easy answer. Read the research about the success rates of transformation, including digital transformation, and you will see that they all say the same thing: ‘75% of transformations fail’. The truth is, if people actually bothered to measure their cyber programs, they would realize that 75% […] by Joseph Socolof Contributing Editor Read more
