Marcus White

Deployment

Security

Technical

Marcus is a cybersecurity product specialist based in the UK, with 8+ years experience in the tech and cyber sectors. He writes about authentication, identity and access management, and compliance.

Articles written by Marcus White

Nov

03

Active Directory secure by design: Building resilience from the ground up

Active Directory wasn't built with today's threat landscape in mind. When Microsoft released Active Directory with Windows 2000, the primary concerns were directory services functionality and network efficiency – not defending against sophisticated nation-state actors or ransomware groups. Yet here…
Read More
Oct

29

Not all MFA is equal: Why you need phishing and fatigue resistant MFA

Implementing MFA should really be a non-negotiable in 2025. But here's what many organizations don't realize: checking the MFA box doesn't automatically make your organization secure. However, MFA isn’t infallible and the type of authentication factor you choose matters just…
Read More
Oct

28

Meeting NCSC CAF requirements: A healthcare provider’s password and MFA journey

Picture this: you're leading IT security for a mid-sized NHS trust when notice arrives that you need to demonstrate alignment with the NCSC's Cyber Assessment Framework (CAF). You know immediately where some gaps will show up – authentication controls. You've…
Read More
Oct

13

CJIS compliance: How to meet password and MFA requirements

If you're responsible for password security at a law enforcement agency or organization that handles criminal justice data, CJIS compliance isn't optional. It's the baseline for protecting some of the most sensitive information in the country. The FBI's Criminal Justice…
Read More
Oct

08

[New research] FTP ports under attack: Which passwords are hackers using?

The Specops research team has analyzed passwords being used to attack FTP ports over the past 30 days, in live attacks happening against real networks. Our team have found the most common passwords being used in brute force attacks, as…
Read More
Oct

06

Quishing attacks: How QR codes steal credentials

QR codes have been around for a while, but they became far more widespread in daily life after the COVID-19 pandemic. What started as contactless menus became boarding passes, payment systems, and authentication gateways. But this ubiquity created a perfect…
Read More
Sep

11

[New whitepaper] How to secure your service desk against social engineering attacks

At first glance, these companies couldn't be more different. A cleaning products giant, an iconic British retailer, a tech behemoth, and Las Vegas entertainment empire. Different industries, different locations, and different business models entirely. Yet they all share something unfortunate:…
Read More
Aug

27

Specops expands cloud offering to self-service password resets

Good news for cloud-first organizations: we’re pleased to announce Specops uReset is now joining Specops Secure Service Desk as being supported for customers who have fully migrated to the Entra ID cloud. Specops uReset is now available for cloud-only environments,…
Read More
Aug

13

Stale admin account with ‘123456’ password gives McDonald’s a security scare

Interacting with a chatbot as part of a hiring process feels somewhat dystopian from a candidate’s perspective. In this case, there was almost an added twist when candidate data was nearly exposed thanks to weak cybersecurity controls from the chatbot…
Read More
Aug

11

Third-party risk: Behind the Google, Chanel, & Air France-KLM breaches

2025 has been a summer of high-profile breaches. This post will focus on four notable and high-profile victims: Chanel, Google, Air France, and KLM. Although the companies and exact data sets differ, these breaches share a clear pattern: attackers compromised…
Read More

Marcus White

Articles written by Marcus White

Free Active Directory Auditing Tool!