Q&A with J.J. Stapleton, co-author of Security without Obscurity: A Guide to PKI Operations

TPG: What practical advice do you have for an organization considering deploying a PKI solution?

JS: There are various PKI architectures to consider. An internal private PKI deployed wholly within the organization, a hosted private PKI deployed at a third-party service provider, or an external public PKI operated by a commercial third party. Each has pros and cons…

Read More

For many years I’ve been tracking the corrections and issues in the last Microsoft Press Windows Server 2008 PKI book. All of these items have previously been incorporated into our standard deployment and consulting engagements as well as baked into our training courses. But I’ve long wanted to post an unofficial errata list for the…

Read More

Unauthorized access, unsigned applications (malware) and unsecured email. What can help prevent these top 3 cyberthreats impacting organizations today? Public key infrastructure (PKI). Mark explains PKI and authentication in an article in ISACA’s The Nexus. I like his analogy describing PKI as “a virtual, encrypted handshake.” Check out the article.

Read More

Book Recommendation A good friend of mine I met while at Microsoft just had one of his books released. Roger is a Security Columnist for InfoWorld and is a pretty dang sharp guy. His new book, Hacking the Hacker has some good information in many different areas confronting modern cybersecurity specialists. Of particular interest to…

Read More

Yes, it’s a popular topic and comes up almost every day! Brian and I are still working on the follow up to the MS Press released Windows Server 2008 PKI book. The plan was initially to target Windows Server 2012 R2 as the new OS release, but as we can all plainly see, that is…

Read More