Tom Olzak

Tom Olzak is a security researcher for the InfoSec Institute and an IT professional with over 37 years of experience in programming, network engineering, and security. He has an MBA and is a CISSP.  He is currently an online instructor for the University of Phoenix.

He has held positions as an IS director, director of infrastructure engineering, director of information security, and programming manager at a variety of manufacturing, health care, and distribution companies. Before joining the private sector, he served 10 years in the United States Army Military Police with four years as a military police investigator.

He has written four books, "Just Enough Security", "Microsoft Virtualization", "Introduction to Enterprise Security", and "Incident Management and Response."  He is also the author of various papers on security management and a blogger for, TechRepublic,, and Tom Olzak on Security.

Tom Olzak

VLAN network segmentation and security- chapter five [updated 2021]

A deep dive into VLAN security practices.

Files document of hanging file folders in a drawer in a whole pile of full papers, at work office, Business Concept Office document storage

How to use Protected Folders in Windows 10

Introduction Ransomware is one of the biggest threats faced by organizations today. After encrypting all files on servers and desktops, ransomware perpetrat

broken security lock on computer keyboard - vulnerability issue in computing

Least Privilege Vulnerabilities

Introduction The principle of least privilege is an essential component of information assurance and security activities. According to the National Institute

A word cloud of access control related items

Access Control Models for ICS/SCADA environments

Introduction Access control for critical infrastructure requires moving the perimeter to workloads and managing access based on context. This zero-trust appr

Chapter 6 – End-user device security [updated 2019]

This is Chapter 6 in Tom Olzak's book, "Enterprise Security: A practitioner’s guide." Chapter 5 is available here: VLAN Network Segmentation and Security- C

Digital cybersecurity and network protection concept. Virtual locking mechanism to access shared resources. Interactive virtual control screen with padlock. Businessman working at laptop on background

ICS/SCADA Access Controls

Industrial controls systems (ICS) and supervisory control and data acquisition (SCADA) systems (a subset of ICS) manage our critical national infrastructure.

Physical security: Managing the intruder

No information security guide is complete without a chapter about securing physical access to information resources. After all, physical access gives even th

identification system interface scanning a human fingerprint

Chapter 12 – Applications of Biometrics

Passwords are not secure and are useless as an access control… at least that is what many vendors and security consultants try to tell managers today. Instea

identification system interface scanning a human fingerprint

Chapter 11 – Identity management and access controls

Access controls help us restrict whom and what accesses our information resources, and they possess four general functions: identity verification, authentica

Chapter 10 - Virtualization Security

Virtualization brings significant value to business managers and engineers attempting to keep pace with business pressure for additional servers. It enables

Chapter 9: Securing remote access

Remote access is no longer just about a laptop or home desktop user connecting to catch up on some work or update customer and order information. The explosi

Chapter 8 - UEFI and the TPM: Building a foundation for platform trust

Traditional boot processes cannot stop sophisticated attacks instantiated before operating system load. Consequently, we need a method to ensure that when th