Gilberto Crespo-Pérez invites you to be part of his dissertation as a requirement to the degree of Doctor of Business Administration (DBA) in Management Information Systems. Participants must be over 21 years of age who are information systems/security managers and practitioners, among them, Chief Information Security Officers (CISOs), the Chief Technology Officers (CTO), the Chief Risk Officer (CRO), Enterprise Security Architects (ESA) and the Chief Technology Officers (CTO), among other C-Level security managers.

This investigation consists of 52 questions that can be completed in a time no more than 15 minutes. These results will be analyzed for the purpose of completing my doctoral thesis. If you have any question, please contact me at the following email: gcrespo27@email.uagm.edu.

Thank you in advance for your collaboration in this research. I would greatly appreciate if you share this invitation to other colleagues.

​It is well known that humans are the weakest link in the information security chain, but specifically, who are them? Well, you may guess, “they” are everyone. I have been in both sides, as a user and as a system admin; and in both sceneries humans tend to make mistakes. It’s human nature.

A lot have been investigated, written and said about how to better protect companies against the unstoppable proliferation of advanced and sophisticated cyber-threats/attacks. By default, and by common sense, we tend to think that by adopting and implementing cutting-edge security technologies, companies will be on a better position to stop, prevent, and reduce security threats from cyber-criminals. This is not so far from reality. Lots of technologies have emerged and being adopted to reach that goal. Among these technologies are: Intrusion Detection System (IDS), Intrusion Prevention System (IPS), Firewalls, Antivirus, Network Access Control (NAC), Proxies, Gateways, Advance Threat Analytics (ATA), Sandboxes, Multi-factor Authentication (MFA), Artificial Intelligence (AI), and Machine Learning (ML) solutions to mention a few.  However, security and data breaches still happen and are on the news all around the world, every day.

​WannaCry or Wanna Decrytor ransomware is an informatic virus that attacks Windows operating system based computers primarily (including servers) by taking advantage of system vulnerabilities exploited by Eternalblue, a tool believed to be developed by the USA National Security Agency. What is the unique effect once infected by the virus? Well, you will notice it fast. The system will show you a Popup window letting you know that your computer is infected, all your files are encrypted, and for you to recover it all, they require a ransom payment using bitcoins. Unless you make the payment, all your files will stay encrypted. The worst thing about this virus is that, if you do not pay in a certain period, the ransom payment will keep rising.
But, wait! The intention of this article is not to create panic. Even though you should panic if your computer got infected and you didn't backed up your files recently (last day or night before the infection). 

​Today more than ever, we are living in the interconnected and social era. Generation X and the famous Millennials, are so connected to the Internet, and spend so much time sharing almost everything about themselves, that they don’t imagine their life could go any other way.  This is without online presence, in their social communities and networks, 24 hours a day, 7 days a week, 365 days a year.

Some time ago, I had the opportunity to write an article titled “To be a certified professional or not to be”. It was about why some companies place more weight on certification’s credentials, than on years of experience and college degrees. I briefly explained that it was because some certifications are a must-have, since they “prove” that you are “following” the best practices, industry standards, and keep yourself up-to-date with new technologies and methodologies. This is true, but there are some other credentials that are just as nice to have, just to say that you have it (merely decorative). As the saying goes: “The suit does not make the clergyman, but distinguishes him”

​One of the things most professionals and independent consultants hate when they are seeking for new opportunities and businesses is when they are asked for professional certifications on jobs interviews and business meetings. It feels frustrating, especially when you have ten, fifteen or twenty years of experience in different industries, work environments and a BS, MS, or even a PhD in the field where you’re applying or prospecting.