Marcus White

Deployment

Security

Technical

Marcus is a cybersecurity product specialist based in the UK, with 8+ years experience in the tech and cyber sectors. He writes about authentication, identity and access management, and compliance.

Articles written by Marcus White

Nov

17

Preparing for the UK’s New Cyber Security and Resilience Bill

The UK government introduced the Cyber Security and Resilience (Network and Information Systems) Bill on 12th November 2025. The Bill updates the UK’s NIS Regulations 2018 to broaden scope, strengthen reporting duties, and increase regulators’ enforcement powers. If you work…
Read More
Nov

13

800M credentials analyzed: Which breached holiday passwords made the naughty list?

With the holiday season rapidly approaching, we wanted to find out how many people previously used this time of year as inspiration for passwords that ended up breached. We analyzed 800 million compromised passwords and found the numbers tell a…
Read More
Nov

03

Active Directory secure by design: Building resilience from the ground up

Active Directory wasn't built with today's threat landscape in mind. When Microsoft released Active Directory with Windows 2000, the primary concerns were directory services functionality and network efficiency – not defending against sophisticated nation-state actors or ransomware groups. Yet here…
Read More
Oct

29

Not all MFA is equal: Why you need phishing and fatigue resistant MFA

Implementing MFA should really be a non-negotiable in 2025. But here's what many organizations don't realize: checking the MFA box doesn't automatically make your organization secure. However, MFA isn’t infallible and the type of authentication factor you choose matters just…
Read More
Oct

28

Meeting NCSC CAF requirements: A healthcare provider’s password and MFA journey

Picture this: you're leading IT security for a mid-sized NHS trust when notice arrives that you need to demonstrate alignment with the NCSC's Cyber Assessment Framework (CAF). You know immediately where some gaps will show up – authentication controls. You've…
Read More
Oct

13

CJIS compliance: How to meet password and MFA requirements

If you're responsible for password security at a law enforcement agency or organization that handles criminal justice data, CJIS compliance isn't optional. It's the baseline for protecting some of the most sensitive information in the country. The FBI's Criminal Justice…
Read More
Oct

08

[New research] FTP ports under attack: Which passwords are hackers using?

The Specops research team has analyzed passwords being used to attack FTP ports over the past 30 days, in live attacks happening against real networks. Our team have found the most common passwords being used in brute force attacks, as…
Read More
Oct

06

Quishing attacks: How QR codes steal credentials

QR codes have been around for a while, but they became far more widespread in daily life after the COVID-19 pandemic. What started as contactless menus became boarding passes, payment systems, and authentication gateways. But this ubiquity created a perfect…
Read More
Sep

11

[New whitepaper] How to secure your service desk against social engineering attacks

At first glance, these companies couldn't be more different. A cleaning products giant, an iconic British retailer, a tech behemoth, and Las Vegas entertainment empire. Different industries, different locations, and different business models entirely. Yet they all share something unfortunate:…
Read More
Aug

27

Specops expands cloud offering to self-service password resets

Good news for cloud-first organizations: we’re pleased to announce Specops uReset is now joining Specops Secure Service Desk as being supported for customers who have fully migrated to the Entra ID cloud. Specops uReset is now available for cloud-only environments,…
Read More

Marcus White

Articles written by Marcus White

Free Active Directory Auditing Tool!