Services PIP America protects the value in your organization by managing operational risk in the cyber era
About Us Our unique partnership of top-tier consultants and U.S. military leaders aims to secure and grow American critical infrastructure, private enterprise and government Find out more about our team
Leadership Team Our people are world-class. Drawn from the highest levels of the U.S military and top-tier industry firms, they have deep industry and implementation experience Meet our Leadership Team
HighlightedPIPers Our people are world-class. Drawn from the highest levels of the U.S military and top-tier industry firms, they have deep industry and implementation experience Meet our Team
Contact Us Thank you for your interest. Get in touch with your questions or feedback Contact us to find out how we can help you
Posted 07 January 2020 The Cyber Skim: Top Monthly Articles for January 2020 6 CISO New Year’s Resolutions for 2020 – Dark Reading We asked chief information security officers how they plan to get their infosec departments in shape next year. Editor’s note: Great recommendations that, as a CISO myself, I will personally be focusing on in 2020 and beyond. READ MORE Hacking School Surveillance Systems – Schneier on Security Lance Vick suggesting that students hack their schools’ surveillance systems. “This is an ethical minefield that I feel students would be well within their rights to challenge, and if needed, undermine,” he said. […] by Dawn Dunkerley Contributing Editor Read more
Posted 17 December 2019 Cyber OT governance….what’s the right answer? Who is accountable? As we help our industrial clients operationalize cyber security and harmonize IT and OT, this question is always front and center. This article from Verve offers a thought-provoking perspective on OT cyber governance and lays out five principles for establishing the right governance model for OT cyber security in your organization. It’s a very worthwhile read and whether you completely agree with Verve’s perspective or not, I believe you will find it thought provoking. The perspective I found most intriguing was “there is no ‘single point of […] by Bret Bergman Contributing Editor Read more
Posted 11 December 2019 Let’s Salute Women in Technology and Grow the Workforce of the Future This past Friday, I had the opportunity to attend and deliver a plenary speech at the Cyber Trainsitions Conference hosted by the University of Central Florida at the Orange County Convention Center in Orlando, Florida. My topic was “Integrating Women and Underrepresented Communities into the Cyber Workforce.” After discussing the contributions women and underrepresented groups have made to computer programming, we transitioned to a robust discussion over various initiatives to improve the number of women and minorities pursuing STEM education and careers. Here are a few highlights: Primary and Secondary STEM […] by Patricia Frost Contributing Editor Read more
Posted 27 November 2019 The Cyber Skim: Top Monthly Articles for November 2019 Security pros explain Black Friday best practices for consumers and businesses – TechRepublic Consumers have to make sure not to fall prey to fraudulent coupons or deceptively spoofed retailer websites. Strong Black Friday and Cyber Monday sales crush fears of retail apocalypse but not cyber security concerns. The holiday shopping season is off to a record breaking start but analysts are reminding consumers to play it safe online. Editor’s note: Practicing good cyber hygiene year-round is a must, but an interesting tidbit to note from this article is that credit […] by Dawn Dunkerley Contributing Editor Read more
Posted 05 November 2019 Keeping up or getting ahead? Improving an organization’s cyber posture – i.e. continuously generating increased security at the lowest possible cost – requires that effective continuous improvement disciplines be ‘wired’ into the operating cadence of the business. Building a cybersecurity program that continuously improves and keeps up with the changing threat landscape shares many of the core features of continuous improvement applied to other aspects of the business. See what is possible – this is more relevant in today’s digital world where new vulnerabilities are being created and new threats are emerging every day. To determine […] by Joseph Socolof Contributing Editor Read more
Posted 29 October 2019 The Cyber Skim: Top Monthly Articles for October 2019, Part 2 Is AWS Liable in Capital One Breach? – Threatpost Senators penned a letter to the FTC urging it to investigate whether Amazon is to blame for the massive Capital One data breach disclosed earlier this year. Amazon is at least partly to blame for the massive 2019 Capital One breach that impacted more than 100 million customers, senators are alleging. Editor’s note: This particular quote should bring pause to anyone who hands over their cyber security responsibility and visibility to a cloud provider – “Amazon knew, or should have known, that AWS was vulnerable to […] by Dawn Dunkerley Contributing Editor Read more
Posted 23 October 2019 “Wire” Cyber in from the Start Manufacturing Engineer: “You want me to patch what? How often? Yeah, right…I can’t take these systems offline for even a minute, those patches are going to have to wait until our next planned shut in the spring…” Cybersecurity Manager: “Was that system that was breached compliant with our internal cyber specification?” Process Engineer: “What specification?” Plant GM: “Did the new remote sensing ecosystem project get approved for my plant?” VP of Ops: “Yes! Install starts tomorrow.” CISO: “Who signed off on it from Cybersecurity?” ALL: Silence…. Just about every one […] by Bret Bergman Contributing Editor Read more
Posted 15 October 2019 Cybersecurity Awareness Month – Top 10 Personal Cyber Hygiene Tips It is cybersecurity awareness month and although we highlight cybersecurity this time of year, the top 10 tips for your individual security should be a daily cyber hygiene must for every one of us. Thought I would take the time to share with you what I tell my clients when asked: 1. Keep Your Software Up to Date & Use your Device Securely One of the most important cybersecurity tips to mitigate ransomware or other cyber intrusions is patching outdated software, both operating system and applications. This helps remove critical […] by Patricia Frost Contributing Editor Read more
Posted 09 October 2019 Did you just digitize yourself into astronomical risk? Recently I was walking through a major US Airport and saw an advertisement for a multi-billion-dollar Management Consulting firm. It simply said: “Get digital or get left behind”. I couldn’t help but chuckle at the fear-selling clearly targeted at division managers and road warriors and think of all the urgency surrounding the need to revolutionize one’s business or be eviscerated in the marketplace. Let me get this out front before I’m accused of a luddite who is only interested in human behavior: digitization is a great thing on balance! Ok, […] by Richard Berkley Contributing Editor Read more
Posted 03 October 2019 The Cyber Skim: Top Monthly Articles for October 2019 ANU cyber attack: How hackers got inside Australia’s top uni – Illawarra Mercury It’s been compared to Ocean’s Eleven – a cyber attack on Australia’s top university, methodically planned and then adapted on the fly by an “A team” of hackers who cracked into the personal records of 200,000 students and staff and walked away leaving virtually no trace. Editors note: Cyber attacks are a global issue. This story indicates that universities – no matter where they reside – are at risk, and that an ounce of prevention is worth […] by Dawn Dunkerley Contributing Editor Read more
Posted 25 September 2019 What does good even look like? Building a cyber program starts with knowing what good looks like. It is not some vague description, but rather the hard targets to which we will manage day-to-day and aspire in the longer term. Yes, it is hard to measure risk. No, that does not mean you shouldn’t try. Defining cyber security metrics and targets is no different than defining operational metrics and targets. Everybody knows the ‘what’: Define what matters – often this is defined as ‘knowing your critical assets’. In our view, this is inadequate. What matters is […] by Joseph Socolof Contributing Editor Read more
Posted 17 September 2019 The Cyber Skim: Monthly Top Cyber Articles for September 2019 No Quick Fix for Security-Worker Shortfall – Dark Reading Security professionals see acquiring skills as the way forward, but only half of companies are training their workers, with more continuing to search for highly-skilled employees. Editor’s note: Recruiting is only part of the battle; it’s still critical that you train and look for incentives to retain your cyber security professionals. Often the incentive can be quality training itself, conferences, even just simple appreciation for the work they’re doing. Invest in your high-performing personnel, and your program will flourish. READ MORE […] by Dawn Dunkerley Contributing Editor Read more
Posted 10 September 2019 The Sky is Falling… “The sky is falling! The sky is falling!” goes the famous line by Chicken Little (or Henny Penny for you Europeans reading this). People in the cyber community have been accused of being “Chicken Littles” for predicting that cyber adversaries are going to bring down economies, if not our very way of life itself. As a member of that community, I will readily admit the message can be overblown at times and even used as a classic FUD (Fear Uncertainty Doubt) sales technique in others. This does a great disservice to the real risk […] by Bret Bergman Contributing Editor Read more
Posted 03 September 2019 Blind Spots: The Consequences of Ignoring Industrial Assets When Developing a Cyber Strategy We all have blind spots… I recently had the opportunity to spend an evening talking to a reporter about the cybersecurity vulnerabilities in operational technologies found in heavy industries. We started our discussion with the general questions about “how safe are we” which quickly moved into the quality discussion that everyone should be having on “how prepared are we”. We had a lively talk about “when” not “if” a breach happens and how quickly a heavy industrial company can respond and continue to function. Operational impacts for a specific period of […] by Patricia Frost Contributing Editor Read more
Posted 27 August 2019 The Cyber Skim: Monthly Top Cyber Articles for August 2019 We Asked Def Con Attendees Why People Are Still Getting HackedThis year’s Def Con—the world’s biggest hacking conference—was more sprawling than ever. Held annually in Las Vegas, the conference has grown over the last 27 years from a small gathering of hackers huddled into the Alexis Park hotel to a nearly 30,000-person swarm spread across multiple hotels on the Strip. Editor’s note: Interesting insight from leading security experts; overwhelmingly they point to human failures as the root cause of vulnerability. READ MORE Breached Passwords Still in Use By Hundreds of […] by Dawn Dunkerley Contributing Editor Read more
Posted 20 August 2019 How connected am I? I have a daughter who is four years old and super into anatomy. We often sing that old tune; “the knee bone’s connected to the femur, the femur’s connected to the hip bone…” sorry for planting that tune in your head for the rest of the day but it serves a point, I swear… For those who have read even the shortest snippets of cyber news blurbs, you have come across the term: “moving laterally”. For those American Football fans out there, it doesn’t mean what you think it means. […] by Richard Berkley Contributing Editor Read more
Posted 13 August 2019 Examining the Human: What’s in Your Organization? The recent Capital One breach has highlighted a painful fact that many within the cybersecurity community continue to ignore: the human factor must not only be considered, but also actively accounted for in order to attempt to get ahead of human threats, both inadvertent and malevolent. As we understand it currently, a trusted insider within Capital One’s hosting service leaked millions of pieces of customer data to the larger public. Technical misconfigurations are currently believed to be in play, but the larger motives for why the insider would have released […] by Dawn Dunkerley Contributing Editor Read more
Posted 30 July 2019 Crossing the Great Divide Cybersecurity highlights one of the biggest corporate communication challenges of our time – bridging the gap between business and technical leaders. I call this the great divide. As OT/IIoT becomes pervasive, cybersecurity (“cyber”) is increasingly being recognized as the business risk it truly represents, especially for industrial companies who are just now fully arriving at the cyber party. With the proliferation of IIoT, predictive analytics and autonomous vehicles, the divide is becoming more acute and can materially impact the bottom line. As someone who has spent more than 30 years in business and […] by Bret Bergman Contributing Editor Read more
Posted 23 July 2019 Old Habits Die Hard – Time to Clean up Your Cyber Hygiene I am writing this blog from where I find myself spending the majority of my daily quiet reflection time which, unfortunately is not sipping a margarita (for those who know me well) and watching the sunset, but rather is from a cramped airline seat of the friendly skies. For every trip through the airport and flight I have taken, I am amazed and horrified at the lack of privacy protection and cybersecurity that is exhibited by the majority of travelers. The lack of cyber hygiene grows exponentially during the summer months […] by Patricia Frost Contributing Editor Read more
Posted 16 July 2019 The Cyber Skim: Monthly Top Cyber Articles for July 2019 We’re only halfway through July, and it’s already been an expensive month! UK privacy watchdog threatens British Airways with 747-sized fine for massive personal data blurt by John Oates The fine is roughly the cost of a 747 in the BA fleet, according to The Register, which also noted that BA was in the process of considering outsourcing their cybersecurity function at the time of the breach (https://www.theregister.co.uk/2018/09/07/ba_security_outsurcing_consultation_memo/), with this thought-provoking quote from “an infosec expert with experience in the aviation industry who told El Reg, ‘You don’t outsource something that is working […] by Dawn Dunkerley Contributing Editor Read more
