Tom Olzak
Tom Olzak is a security researcher for the InfoSec Institute and an IT professional with over 37 years of experience in programming, network engineering, and security. He has an MBA and is a CISSP. He is currently an online instructor for the University of Phoenix.
He has held positions as an IS director, director of infrastructure engineering, director of information security, and programming manager at a variety of manufacturing, health care, and distribution companies. Before joining the private sector, he served 10 years in the United States Army Military Police with four years as a military police investigator.
He has written four books, "Just Enough Security", "Microsoft Virtualization", "Introduction to Enterprise Security", and "Incident Management and Response." He is also the author of various papers on security management and a blogger for CSOonline.com, TechRepublic, Toolbox.com, and Tom Olzak on Security.
Management, compliance & auditing
VLAN network segmentation and security- chapter five [updated 2021]
A deep dive into VLAN security practices.
Operating system security
How to use Protected Folders in Windows 10
Introduction Ransomware is one of the biggest threats faced by organizations today. After encrypting all files on servers and desktops, ransomware perpetrat
Secure coding
Least Privilege Vulnerabilities
Introduction The principle of least privilege is an essential component of information assurance and security activities. According to the National Institute
Critical infrastructure
Access Control Models for ICS/SCADA environments
Introduction Access control for critical infrastructure requires moving the perimeter to workloads and managing access based on context. This zero-trust appr
Management, compliance & auditing
Chapter 6 – End-user device security [updated 2019]
This is Chapter 6 in Tom Olzak's book, "Enterprise Security: A practitioner’s guide." Chapter 5 is available here: VLAN Network Segmentation and Security- C
Critical infrastructure
Industrial controls systems (ICS) and supervisory control and data acquisition (SCADA) systems (a subset of ICS) manage our critical national infrastructure.
General security
Physical security: Managing the intruder
No information security guide is complete without a chapter about securing physical access to information resources. After all, physical access gives even th
General security
Chapter 12 – Applications of Biometrics
Passwords are not secure and are useless as an access control… at least that is what many vendors and security consultants try to tell managers today. Instea
General security
Chapter 11 – Identity management and access controls
Access controls help us restrict whom and what accesses our information resources, and they possess four general functions: identity verification, authentica
Cloud security
Chapter 10 - Virtualization Security
Virtualization brings significant value to business managers and engineers attempting to keep pace with business pressure for additional servers. It enables
General security
Chapter 9: Securing remote access
Remote access is no longer just about a laptop or home desktop user connecting to catch up on some work or update customer and order information. The explosi
General security
Chapter 8 - UEFI and the TPM: Building a foundation for platform trust
Traditional boot processes cannot stop sophisticated attacks instantiated before operating system load. Consequently, we need a method to ensure that when th