Andrew Magnusson

Andrew Magnusson

Director, Global Customer Engineering, has worked in the information security industry for 20 years on tasks ranging from firewall administration to network security monitoring. His obsession with getting people access to answers led him to publish 'Practical Vulnerability Management' with No Starch Press in 2020. He holds a B.A. in Philosophy from Clark University, an M.A. in Philosophy from the University of Connecticut, and an M.S. in Information Management from the University of Washington. To contact Andy, visit him on LinkedIn.

strongDM has been featured in Forbes, The New Stack, VentureBeat, DevOps.com, TechCrunch, and Fortune.

Expertise

, , , , , , , , ,

Education

University of Washington, University of Connecticut, Clark University

Degrees & Credentials

M.S. in Information Management, B.A. in Philosophy, M.A. in Philosophy
SANS/GIAC GCIA, ISC2 CISSP and CCSA


Latest blog posts from Andrew

The HIPAA Minimum Necessary Standard Explained
The HIPAA Minimum Necessary Standard Explained
This article gives you a broad look at the Health Insurance Portability and Accountability Act (HIPAA) minimum necessary standard. You’ll learn about its requirements, exceptions, and how to implement it.
What Is a HIPAA Violation? 12 Most Common Examples
What Is a HIPAA Violation? 12 Most Common Examples
This article digs into Health Care Accountability and Portability Act (HIPAA) violations. Discover what they are and get examples of typical HIPAA violations in healthcare. Plus, learn how breaches are detected and reported and what you can do to protect your organization.
What Are the Penalties for Violating HIPAA? (Civil & Criminal)
What Are the Penalties for Violating HIPAA? (Civil & Criminal)
This article breaks down the different HIPAA penalties—including civil and criminal penalties—and the maximum penalties for HIPAA violations. Find out who is liable under HIPAA, what the most common HIPAA violations are, and how to ensure compliance and prevent HIPAA violations in your own organization.
Just-In-Time Access (JIT): Meaning, Benefits, Types & More
Just-In-Time Access (JIT): Meaning, Benefits, Types & More
Today, we’ll take a look at what just-in-time access (JIT) means and what types there are. You’ll also learn about what a JIT access solution can do for your organization. By the end of this article, you’ll understand how just-in-time access works, the best practices to ensure secured implementation, and how strongDM comes to the rescue.
ISO 27001 Audit: Everything You Need to Know
ISO 27001 Audit: Everything You Need to Know
In this article, we’ll cover everything you need to know about conducting ISO/IEC 27001 audits to receive and maintain your ISO 27001 certification. You’ll learn about ISO 27001 audit requirements, why an ISO 27001 audit is important, how long it takes to conduct audits, and who can conduct audits that prove your company follows up-to-date information security management best practices.
11 Common Authentication Vulnerabilities You Need to Know
11 Common Authentication Vulnerabilities You Need to Know
In this article, we’ll take a look at what authentication vulnerabilities are, how they emerge, and how these issues can affect your organization. Also, you’ll learn about the most common authentication-based vulnerabilities and their implications. By the end of this article, you’ll know the best practices to prevent these authentication issues and keep sensitive data safe.
ISO 27001 Certification Process: A Definitive Guide
ISO 27001 Certification Process: A Definitive Guide
In this article, you’ll learn about what the ISO 27001 certification process is and how it can be used to lay the foundation for a secure organization. By the end of this article, you’ll have a good understanding of why an ISO 27001 certification is a signal of an organization’s commitment to data protection and risk mitigation.
ISO 27001 vs. 27002 vs. 27003: What’s the Difference?
ISO 27001 vs. 27002 vs. 27003: What’s the Difference?
Organizations around the world rely on the standards set in the ISO 27000 series for information security management best practices. In this article, we’ll compare the first three standards in the ISO/IEC 27000 family: ISO 27001 vs. 27002 vs. 27003. By the end, you’ll have a better understanding of what each standard covers, how they differ from one another, and when to use them.
ISO 27001 Checklist: Easy to Follow Implementation Guide
ISO 27001 Checklist: Easy to Follow Implementation Guide
In this article, we’ll walk you through the ISO 27001 checklist you’ll use en route to your cybersecurity certification. From assigning roles to implementing controls, assessing risks, and documenting your processes for future audits, you can use the ISO 27001 compliance checklist to ensure you’re on the right track for your official audit.
How Much Does ISO 27001 Certification Cost in 2022?
How Much Does ISO 27001 Certification Cost in 2022?
In this article, we’ll look at the overall price tag for one International Standards Organization certification (ISO 27001), along with some of the factors that impact costs and why they vary across organizations. You’ll learn about different ISO 27001 certification costs, from the audit, with its ISO 27001 exam cost, to implementation and maintenance. By the end of this article, you’ll get a sense of the factors involved in ISO 27001 certification and be able to compare quotes to decide your
ISO 27001 vs. SOC 2: Understanding the Difference
ISO 27001 vs. SOC 2: Understanding the Difference
SOC 2 and ISO 27001 both provide companies with strategic frameworks and standards to measure their security controls and systems against. But what’s the difference between SOC 2 vs. ISO 27001? In this article, we’ll provide an ISO 27001 and SOC 2 comparison, including what they are, what they have in common, which one is right for you, and how you can use these certifications to improve your overall cybersecurity posture.
What is WebAuthn? Web Authentication Explained
What is WebAuthn? Web Authentication Explained
In this article, we will take a deep dive into WebAuthn and some of its associated authentication concepts. We’ll go over the history of WebAuthn and help you better understand the benefits and challenges of using this standard of secure authentication. By the end of this WebAuthn guide, you’ll be able to fully define the concept and grasp how to incorporate it into your organization's security program and web applications.
The Definitive Guide to FIDO2 Web Authentication
The Definitive Guide to FIDO2 Web Authentication
In this article, we will take a big-picture look at FIDO2 and how it applies to passwordless authentication. You’ll learn about the origins of FIDO2, its advantages and disadvantages, the differences between FIDO2, FIDO, and WebAuthn, and how UAF and U2F differ. By the end of this article, you’ll have a clear understanding of how FIDO2 works, what problems it solves, whether you need FIDO2 certification, and what that certification entails.
Passwordless Authentication: Everything You Need to Know
Passwordless Authentication: Everything You Need to Know
In this article, we dive into passwordless authentication and some of the implications of using this verification method. You’ll learn about examples of passwordless authentication solutions, whether they're secure, and how it's different from multi-factor authentication (MFA). After reading this article, you’ll have a full understanding on how passwordless authentication works and how it can address today’s cybersecurity and access management challenges.
Infrastructure access app UI
Connect your first server or database in 5 minutes. No kidding.