Monday, December 19, 2016
@christoperj:
Back from team meetings in Seattle -- returning to regularly scheduled programming, already in progress. . .
Sunday, November 20, 2016
Yes, I Have In Fact Resigned from SHI. . .
Just a quick post to address some rumors, now that I'm back from closing out my final services project.
I am leaving SHI at the end of November to pursue a Security Services role with Avanade. This decision was made several weeks ago. Kept quiet only as so it would not be distracting to a handful of open customer facing engagements. But it is official.
When I started all those days, months, and years ago, I was very excited for the opportunity to contribute to the SHI Security Practice and what the team was trying to do. My role was intended to be that of DLP pre- and post-sales delivery architect. A position, admittedly, I was never able to actually do given various marketspace realities mixed with the inherent internal challenges typical of any Organization.
But those hurdles made the position, in fact, better. A well diverse team of Security Peers along with frequent pivots in direction allowed me to evolve my skillsets. Kept me interested. Kept me busy. Kept me growing. Made me a far more seasoned security and privacy nerd leaving the building than thought I would ever be when I came in. For that I am deeply thankful.
This moment, this day, however, it's time to move on to something different. My new Avanade role is that. With my new team, I'll be focused on aiding sales and pre-sales efforts regarding all things security. I'll be collaborating with customers and internal sales teams to help craft security services messaging, proposal responses, and deal solutioning of enterprise engagements. And all in all, just being a 'trusted advisor' to whoever has a security and privacy challenge, question, or concern.
I've never ever wanted to be the smartest guy in any building. Just be a member of a smart team doing smart security. And I will continue to enjoy that benefit in my new role.
It's also important to note I neither went looking for this opening nor made my decision in response to any particular circumstance or frustration. Avanade approached me directly, and I responded in courtesy. We talked in depth about their goals and vision. And as we did, it became very apparent very quickly this was something I needed to give serious consideration.
The rest is what it is. And I feel as I am leaving SHI in the positive way I always intended.
As always, if you want to keep in touch – I would welcome it.
The best way to do it (other than email) is via Facebook or LinkedIn depending on your pleasure. I still like to keep things simple, so the below links will forward to the full profile pages.
For Facebook – www.facebook.com/christoperj
For LinkedIn – www.linkedin.com/in/securityguy23
I’m elsewhere, too if you want to find me on other sites – but primarily in these. (Everyplace else simply syncs the info down in one way or another).
My cel phone number will also remain the same if you care to call or text.
For those waiting for LinkedIn Recommendations -- I know I’m behind in pending requests. Sorry. Time continues to be getting away from me the last few weeks as I work towards the smooth turnover of everything. I’ll be catching up on those queued in the next few days through the holiday week and next month once I get settled into my new role. If you want to be added to the list, just send me a request through the site. And if you want to submit one for me, I certainly won’t complain.
If you have any questions, please do not hesitate to contact me directly. All updates will also be posted out here @ www.christoperj.com
Goodbye and take care
I am leaving SHI at the end of November to pursue a Security Services role with Avanade. This decision was made several weeks ago. Kept quiet only as so it would not be distracting to a handful of open customer facing engagements. But it is official.
When I started all those days, months, and years ago, I was very excited for the opportunity to contribute to the SHI Security Practice and what the team was trying to do. My role was intended to be that of DLP pre- and post-sales delivery architect. A position, admittedly, I was never able to actually do given various marketspace realities mixed with the inherent internal challenges typical of any Organization.
But those hurdles made the position, in fact, better. A well diverse team of Security Peers along with frequent pivots in direction allowed me to evolve my skillsets. Kept me interested. Kept me busy. Kept me growing. Made me a far more seasoned security and privacy nerd leaving the building than thought I would ever be when I came in. For that I am deeply thankful.
This moment, this day, however, it's time to move on to something different. My new Avanade role is that. With my new team, I'll be focused on aiding sales and pre-sales efforts regarding all things security. I'll be collaborating with customers and internal sales teams to help craft security services messaging, proposal responses, and deal solutioning of enterprise engagements. And all in all, just being a 'trusted advisor' to whoever has a security and privacy challenge, question, or concern.
I've never ever wanted to be the smartest guy in any building. Just be a member of a smart team doing smart security. And I will continue to enjoy that benefit in my new role.
It's also important to note I neither went looking for this opening nor made my decision in response to any particular circumstance or frustration. Avanade approached me directly, and I responded in courtesy. We talked in depth about their goals and vision. And as we did, it became very apparent very quickly this was something I needed to give serious consideration.
The rest is what it is. And I feel as I am leaving SHI in the positive way I always intended.
As always, if you want to keep in touch – I would welcome it.
The best way to do it (other than email) is via Facebook or LinkedIn depending on your pleasure. I still like to keep things simple, so the below links will forward to the full profile pages.
For Facebook – www.facebook.com/christoperj
For LinkedIn – www.linkedin.com/in/securityguy23
I’m elsewhere, too if you want to find me on other sites – but primarily in these. (Everyplace else simply syncs the info down in one way or another).
My cel phone number will also remain the same if you care to call or text.
For those waiting for LinkedIn Recommendations -- I know I’m behind in pending requests. Sorry. Time continues to be getting away from me the last few weeks as I work towards the smooth turnover of everything. I’ll be catching up on those queued in the next few days through the holiday week and next month once I get settled into my new role. If you want to be added to the list, just send me a request through the site. And if you want to submit one for me, I certainly won’t complain.
If you have any questions, please do not hesitate to contact me directly. All updates will also be posted out here @ www.christoperj.com
Goodbye and take care
@securityguy23:
Back from Arkansas, presenting HIPAA security program and policy remediation recommendations on my final SHI customer engagement -- returning to regularly scheduled programming, already in progress. . .
Wednesday, November 9, 2016
@securityguy23:
(To the random support team I just spoke with)
I appreciate your quick service when I had to call in so you could manually make the needed minor tweak.
But claiming that my call in was necessary 'for security reasons' in one breath -- while not doing anything to remotely validate my identity before executing this account impacting change -- you're very much doing it oh so wrong.
I appreciate your quick service when I had to call in so you could manually make the needed minor tweak.
But claiming that my call in was necessary 'for security reasons' in one breath -- while not doing anything to remotely validate my identity before executing this account impacting change -- you're very much doing it oh so wrong.
Thursday, September 29, 2016
[UPDATED] No, Microsoft Will Not Call You Direct to Offer a Refund for Anything
Update -- September 30th
The scammer called back a few moments ago from a "Private Number"
Picked up the phone without saying anything and heard him speaking (what sounded like, but I'm not sure) Hindi or some other Indian region language to somebody in the background.
He started out without saying hello, but just jumping again claiming that he was the "Microsoft Helpdesk" and that he "sent me an email yesterday about the refund".
I asked him what email he sent it to as I have received nothing. He said marcinko@aol.com -- which might be a legitimate email, but not one of mine. Weirdly, he seemed perplexed about my response, pausing and fumbling through a couple of words I couldn't understand.
I then noted that I tried to call him back at the number he gave me, but the people who answered didn't know anything about what he was talking about. And then he hung up on me without any other comment.
Still expect better customer service from my scammers. . .
Original Post -- September 29th
Got a call from somebody claiming they are Microsoft helpdesk -- typical scam
New derivative though, this guy wasn't claiming the usual "your machine is infected with a virus" or otherwise was "reporting errors and logs" and what not. He was instead claiming that I was due a refund for Microsoft Support for which I had previously paid. And that all I needed to do was 'register' it on some internet website he wanted me to login to.
At that point, I said I wasn't anywhere near my PC and asked if there was a number I could call him back at in 20 minutes. He gave one, then said he would call me back in twenty, and then hung up without saying goodbye.
I expect better customer service from my scammers.
Whatever the case, there's a new/old game in town.
Call Info:
That call back number does work, but when calling it direct it answers with an automated voice:
That inbound message in itself seems very shady to me. Doesn't identify itself in any regard. Message seems designed to be to be overly vague/cheap/fly-by-night. Just enough to answer the call. But also flexible enough to be changed at a moment's notice when needed to avoid a negative reputation or legal inquiry.
I donno.
Spoke to somebody on the other end, and after they asked for my zip code -- they said they were an inbound call center run by a company named Alorica.
When I asked why they needed my zip code, they gave me a vague doubletalk response. Explained that I got this number from somebody who called me, and the person on the other end said that they didn't have any information about that. She hung up on me after I asked her to spell her company's name to make sure I got it.
Called back, got somebody else. Told them that somebody had called me and tried to claim they were working for Microsoft -- and also claiming that they were from this number.
While she was much more polite, she also said that they didn't make outbound phone calls. And within the product/company list she had in her system, Microsoft was not listed. I got the sense she had also not heard of the "Microsoft" scam. And she wasn't able to give any additional info.
So recapping:
Good times
The scammer called back a few moments ago from a "Private Number"
Picked up the phone without saying anything and heard him speaking (what sounded like, but I'm not sure) Hindi or some other Indian region language to somebody in the background.
He started out without saying hello, but just jumping again claiming that he was the "Microsoft Helpdesk" and that he "sent me an email yesterday about the refund".
I asked him what email he sent it to as I have received nothing. He said marcinko@aol.com -- which might be a legitimate email, but not one of mine. Weirdly, he seemed perplexed about my response, pausing and fumbling through a couple of words I couldn't understand.
I then noted that I tried to call him back at the number he gave me, but the people who answered didn't know anything about what he was talking about. And then he hung up on me without any other comment.
Still expect better customer service from my scammers. . .
Original Post -- September 29th
Got a call from somebody claiming they are Microsoft helpdesk -- typical scam
New derivative though, this guy wasn't claiming the usual "your machine is infected with a virus" or otherwise was "reporting errors and logs" and what not. He was instead claiming that I was due a refund for Microsoft Support for which I had previously paid. And that all I needed to do was 'register' it on some internet website he wanted me to login to.
At that point, I said I wasn't anywhere near my PC and asked if there was a number I could call him back at in 20 minutes. He gave one, then said he would call me back in twenty, and then hung up without saying goodbye.
I expect better customer service from my scammers.
Whatever the case, there's a new/old game in town.
Call Info:
- Caller ID -- Unavailable Name / Out of Area Number
- Guy on the Other End -- Heavy Middle Eastern accent, using a common western name
- Background Noise -- Didn't sound like a crowded area, coffee shop, or room with other scammers
- Number Given for Callback -- 800-492-3939
That call back number does work, but when calling it direct it answers with an automated voice:
"You have reached a national telemarketing company. They number you dialed is (changes to choppy phonetic voice) 1-8-0-0-4-9-2-3-9-3-9
(Changes back to normal automated voice) Again the number you have reached is (changes back to choppy phonetic voice) 1-8-0-0-4-9-2-3-9-3-9
(Changes back to normal automated voice) If you believe you have dialed the correct number, please press 1 and I will transfer to an agent
Ok, I'll transfer you now. Please stand on the line to continue. To ensure proper handling, call may be recorded" (and so on)
That inbound message in itself seems very shady to me. Doesn't identify itself in any regard. Message seems designed to be to be overly vague/cheap/fly-by-night. Just enough to answer the call. But also flexible enough to be changed at a moment's notice when needed to avoid a negative reputation or legal inquiry.
I donno.
Spoke to somebody on the other end, and after they asked for my zip code -- they said they were an inbound call center run by a company named Alorica.
When I asked why they needed my zip code, they gave me a vague doubletalk response. Explained that I got this number from somebody who called me, and the person on the other end said that they didn't have any information about that. She hung up on me after I asked her to spell her company's name to make sure I got it.
Called back, got somebody else. Told them that somebody had called me and tried to claim they were working for Microsoft -- and also claiming that they were from this number.
While she was much more polite, she also said that they didn't make outbound phone calls. And within the product/company list she had in her system, Microsoft was not listed. I got the sense she had also not heard of the "Microsoft" scam. And she wasn't able to give any additional info.
So recapping:
- Got a scam call from somebody claiming to work for Microsoft
(Microsoft would never EVER do this) - Scammer claimed I was due a refund for support services I had previously paid
(And support services I never paid for) - All I had to do was register my PC
(By connecting with it to their website) - Scammer gave me a callback number of 800-492-3939 for what appears to be a different company
(Wasn't expecting that) - Different company in itself seemed very very VERY shady in their own right
(WTF?!?) - And by the time I write this, it's been 25 minutes -- so I gather the Scammer isn't calling back
(Chicken)
Good times
Saturday, September 24, 2016
@securityguy23:
Back from executing a HIPAA Risk Assessment in Tampa -- Returning to regularly scheduled programming, already in progress. . .
Wednesday, September 14, 2016
Now Octahexaconta-Certified with FIP Goodness. . .
From the International Association of Privacy Professionals (IAPP) on September 14th, 2016:
"The Chair and Directors of the International Association of Privacy Professionals decree that in recognition of the successful demonstration of the requisite knowledge in privacy law, privacy management and/or technology of privacy, we do confer upon Christopher J. Marcinko the designation of Fellow of Information Privacy (FIP) with all rights, privileges and distinction thereunto appertaining. In witness hereof we have caused this certificate to be signed by the duly authorized officers of the Association."
Date of Certification:
September 14th, 2016
Certificate Number:
2065341
Thursday, September 8, 2016
@securityguy23:
Back from presenting vulnerability scan results and recommendations in Killeen -- returning to regularly scheduled programming already in progress. . .
Thursday, September 1, 2016
@securityguy23:
Back from presenting HIPAA Security Assessment findings in Green Bay -- returning to regularly scheduled programming, already in progress. . .
Wednesday, August 31, 2016
@securityguy23:
Compliance only is a meaningless checkbox. . . Effective risk management requires actual security execution. . .
Tuesday, August 30, 2016
@securityguy23:
If the first thing out of your mouth is "Here's how I'm going to solve all your problems" instead of "What is your problem and how can I help?" -- You're doing it wrong. . .
Monday, August 29, 2016
@securityguy23:
Back from executing onsite HIPAA Remediation Consulting in Arkansas -- returning to regularly scheduled programming already in progress. . .
Monday, August 22, 2016
@securityguy23:
If you're not looking at your logs, you have no logs. And if you have no logs, you have no security. . .
Saturday, July 16, 2016
@securityguy23:
Back from executing a HIPAA Assessment in Green Bay -- Returning to regularly scheduled programming, already in progress. . .
Monday, July 11, 2016
Sunday, June 19, 2016
@securityguy23:
Back from @SANSInstitute SANSFIRE2016 SEC579 -- Returning to regularly scheduled programming, already in progress. . .
Saturday, June 11, 2016
@securityguy23:
Back from executing a HIPAA Gap Assessment -- returning to regularly scheduled programming, already in progress. . .
Friday, June 3, 2016
@securityguy23:
Back from presenting an executive facing summary of HIPAA privacy program risk assessment findings to a customer in Wisconsin -- returning to regularly scheduled programming, already in progress. . .
Wednesday, May 25, 2016
Monday, May 23, 2016
@securityguy23:
Back from kicking off a project to develop an enterprisewide security and data governance program -- returning to regularly scheduled programming, already in progress. . .
Saturday, April 30, 2016
@securityguy23:
Back from Team Meetings in New Jersey -- returning to regularly scheduled programming, already in progress. . .
Wednesday, April 20, 2016
@securityguy23:
If anybody is looking for a Security Guy with 23+ years of experience focused on Customer Relationship Management, Team Leadership, and Perimeter Controls (among many other things) -- please reach out.
Highly recommended friend of mine in the Dallas area is about to come onto the market. . .
Highly recommended friend of mine in the Dallas area is about to come onto the market. . .
Monday, March 14, 2016
Now Heptahexaconta certified with CIPM Goodness. . .
From the International Association of Privacy Professionals (IAPP) on March 14th, 2016:
"The Chairperson and Directors of the International Association of Privacy Professionals decree that in recognition of the successful demonstration of the requisite knowledge of information privacy with advanced concentration in technology practices, we do confer upon Christopher J. Marcinko the designation of Certified Information Privacy Manager (CIPM) with all rights, privileges and distinction thereunto appertaining. In witness hereof we have caused this certificate to be signed by the duly authorized officers of the Association."
Date of Certification:
March 14th, 2016
Expiration Date:
March 31st, 2018
Certificate Number:
2065341
Saturday, March 12, 2016
@securityguy23:
Back from executing a HIPAA Security Risk Assessment in Tampa -- returning to regularly scheduled programming, already in progress. . .
Friday, March 4, 2016
Now Hexahexaconta-Certified with CIPT Goodness. . .
From the International Association of Privacy Professionals (IAPP) on March 4th, 2016:
"The Chairperson and Directors of the International Association of Privacy Professionals decree that in recognition of the successful demonstration of the requisite knowledge of information privacy with advanced concentration in technology practices, we do confer upon Christopher J. Marcinko the designation of Certified Information Privacy Technologist (CIPT) with all rights, privileges and distinction thereunto appertaining. In witness hereof we have caused this certificate to be signed by the duly authorized officers of the Association."
Date of Certification:
March 4th, 2016
Expiration Date:
March 31st, 2018
Certificate Number:
2065341
Thursday, March 3, 2016
@securityguy23:
Back from HIMSS2016 -- returning to regularly scheduled programming, already in progress. . .
Wednesday, February 24, 2016
Now Pentahexaconta-Certified with CIPP/US Goodness. . .
From the International Association of Privacy Professionals (IAPP) on February 24th, 2016:
"The Chairperson and Directors of the International Association of Privacy Professionals decree that in recognition of the successful demonstration of the requisite knowledge of information privacy with advanced concentration in technology practices, we do confer upon Christopher J. Marcinko the designation of Certified Information Privacy Professional / United States (CIPP/US) with all rights, privileges and distinction thereunto appertaining. In witness hereof we have caused this certificate to be signed by the duly authorized officers of the Association."
Date of Certification:
Feburary 24th, 2016
Expiration Date:
Feburary 28th, 2018
Certificate Number:
2065341
Thursday, February 18, 2016
@securityguy23:
Back from presenting HIPAA Assessment findings in Arkansas -- returning to regularly scheduled programming, already in progress. . .
Sunday, January 31, 2016
@securityguy23:
Back from executing a HIPAA privacy assessment in Green Bay -- returning to regularly scheduled programming, already in progress. . .
Tuesday, January 12, 2016
Now Tetrahexaconta-Certified with GMON goodness. . .
From the SANS Global Information Assurance Certification (GIAC) on July 10th, 2015:
"GIAC presents this certification to Christopher J. Marcinko who has met the necessary requirements and demonstrated a mastery of the subject matter and security skills to earn the GIAC Continuous Monitoring Certification - GMON."
Date of Certification:
January 12th, 2016
Expiration Date:
January 31st, 2020
Certificate Number:
95
