Integrating the Kill Chain and Diamond Models: Lessons from the APT29 SolarWinds Campaign
A technical synthesis of the Kill Chain and Diamond Model frameworks applied to the APT29 SolarWinds breach to help Iowa SLTTs move from reactive alerts to proactive campaign intelligence.
Is Your Work Email in a Data Breach? Here’s How to Check
When a big website gets hacked, your work email might be part of the list. Here is how to find out and what to do next.
Measure Your Phishing Risk for Free — and Know Exactly Where to Start
Your staff is your biggest security ally — and phishing is how attackers exploit them. KnowBe4's free phishing test tells you exactly who's at risk.
The Diamond Model: Moving from Static Alerts to Campaign Intelligence
The Cyber Kill Chain tells you 'when.' The Diamond Model tells you 'who, how, and where' to help Iowa defenders stop chasing alerts and start tracking campaigns.
Free Safeguards Built for Organizations Like Yours
CIS Controls Implementation Group 1 is a checklist of security safeguards designed specifically for organizations with limited IT staff and no dedicated security team. It's free, practical, and built for organizations exactly like yours.
The Cyber Kill Chain Explained: Following APT29 From Start to Finish
The Cyber Kill Chain is a framework that shows how attackers move through a network. We'll walk through all seven stages using APT29, a Russian state-sponsored threat actor, as a real-world example.
CISA CSET: The Free Tool That Tells You Exactly Where You Stand
Most organizations don't know where their security gaps are. CSET tells you for free, in plain language, with a prioritized action plan attached.
Small Iowa Organizations Are Targets
Iowa often goes under the radar. Threat actors haven't forgotten, and Iowa organizations are paying the price.
Breaking Down the March 2026 National Cyber Strategy
The Trump administration just dropped a new National Cyber Strategy. Here's my honest opinion on what it says, what it doesn't, and what that gap means.
Why Representation Matters and What Needs to Change
Only 4% of cybersecurity professionals are Hispanic. I made a promise to do something about that. Here's why it matters and where we go from here.
Degree, Certs, or Experience - What Actually Gets You Into Cybersecurity?
I have a degree, certs, military experience, and hands-on work. Here's the honest opinion about what actually matters - and what nobody tells you before you pick a path.
5 Free Resources to Start Learning Cybersecurity
Nobody handed me a roadmap when I started. Here are the free and low-cost resources I wish someone had pointed me to from day one.
Is Cybersecurity a Career for Me?
Nobody told me cybersecurity was a career option. If you're asking this question, you're already ahead of where I was.
Get to Know Me!
I didn't grow up knowing cybersecurity was a career. Nobody told me. That's exactly why I'm here.
Welcome to the NGCC Blog
Plain-language cybersecurity information written for Iowa's small businesses, schools, local governments, and Populus.