Information Security via Network Discovery
Your IT Discovery Host
Welcome to my website. I built this site mostly because I needed a place to publish some of my subject matter expertise....something I somewhat expected LinkedIn to provide. I hope the information contained within is useful. I have provided a guest log for questions and feedback for each topic. I'll revisit topics periodically based on the feedback. 

To Do:

  • Tag Cloud
  • Logo
  • Finish Discovery Scanning Page
  • Load/Update Vulnerability Scanning Page
  • Resume Page

Peter Nichols, Information Security Architect

I am an Information Security Architect with 20 years experience in industry and government IT Security who focuses on:

  • Providing reliable IT Infrastructure Services within any corporate culture via gathering and managing IT Infrastructure data and customer requirements to ensure consistent and transparent service delivery to IT customers.
  • Developing and implementing a proportional information management strategy.
  • Presenting and preparing Business Continuity awareness to information technologists and business segment leaders.

Document Library

DocumentDiscovery ScanningA discovery of resources on the corporate network is performed via a port scanner. Network resources are categorized so that further vulnerability scanning can be focused on systems that deliver enterprise services.
DocumentVulnerability ScanningThe process of verifying the current operating system configurations are secure. Vulnerability scans run periodically will be used to improve and keep up to date the corporate Operating System Security Standards.
DocumentSecurity ManagementDetermining the framework for your information security program.
DocumentWireless ScanningWireless data communications present risks of a loss of physical containment of data, therefor additional measures must be taken to protect the organization's data. Wireless-enabled organizations need a security solution that discovers WiFi access points and assesses their basic implementation of available 802.11b/g security features and provide clarity on whether they are authorized, ad-hoc or rogue.
DocumentRisk MitigationWhen a known vulnerability is discovered or reported, the risk that the vulnerability poses to the agency must be evaluated before any action be considered or taken. Management and employees can then make an informed decision as to what resources should be utilized and what actions taken to proportionally mitigate the risk or close the security hole.
DocumentUnderstanding Viruses and WormsUsing manipulation, influence and deception to get a person (often a trusted insider to an organization) to comply with a request. The end goal of the request is to get the target to release information or to perform an action that benefits the attacker.
DocumentASP .NET to Active DirectoryA dated, but still useful methodology for connecting web applications to Windows Active Directory.
DocumentSecurity Awareness at HomeThis document describes some of the challenges internet (and MMORG users) specifically face in securing their systems.
DocumentStateful FirewallsA presentation on how stateful firewalls work directed at application developers and systems integrators.
DocumentCloud Applet Security ReviewAn introduction to reviewing applications hosted on PaaS/SaaS for application programmers and business line managers.
DocumentAssessing SaaS/PaaS for your organization.An introduction to assessing Software and Platform as a Service (SaaS/PaaS) systems using the NIST 800-37 risk management framework.
DocumentSAMLv2 Implementation via ADSFCloud based applications that require authentication and authorization such as Salesforce, Mimecast, and WebEx must use a secure mechanism. The Security Assertion Markup Language is the current industry standard to get this done.
DocumentVulnerability Management Program (Draft)This document provides a sample process document that describes a vulnerability management system, its implementation and procedures.
DocumentEnterprise ArchitectureThis presentation provides an overview of the duties of an Enterprise Architect. A version of this presentation was given to the regional Phantom User Group in 2018.
Current Hardware Project:

Weather station display: I am in the process of reverse engineering and adding documentation to the PyQT code and expanding it's functionality to show AWEKAS data.  
Last Trip: Gornergrat Railway
Completed "RPi0 Tall" hacker case
Neat place: Coggeshall, UK