Appalachia Technologies Blog

If you had told me a few years ago that my calendar would be split between virtual CISO responsibilities, mentoring team members, and crafting cybersecurity campaign content with a marketing team, I might have raised an eyebrow. But today, that’s just a regular Tuesday. As the Practice Lead for NIST, SOC2, and CIS GRC Services at a cybersecurity consulting firm, no two days look exactly alike, and that’s exactly what makes the role both challenging and rewarding. However, my day has looked like this before and this includes most of my responsibilities.

As an Appalachia Technologies employee for more than half the company's existence, Mike Williams has been influential in establishing the blueprint for company culture.  Now, as the President of Appalachia, Mike is reflecting back on how our culture is a differentiator and how we got here.

Reflecting on 20 Years of Innovation and Growth

At 20 years young, there’s so much good that could be written. With hindsight being 20/20,  I want to take you back 10 years ago to which, in my opinion, was “the Appalachia transformation.” This was when we challenged ourselves to dream about creating a culture within Appalachia that we all wished we had found previously in our careers...but didn’t. I say “dream” because we had a rather lofty vision of what we wanted “us” to look and feel like. We knew it wouldn’t be easy, and we also knew it would never be finished.

The Heart of Growth: Building a Strong Company Culture

Growing a business includes adding staff to handle the increased client base and services.  Fundamental to successfully adding staff is the development of a company culture.  For Appalachia Technologies, company culture is discussed regularly and lived daily.  From staff development, team building, core values, and the complimentary core actions, relationships are cultivated with regular care and nurturing, both on the staff and client sides.

A Milestone in Cybersecurity: Celebrating Two Decades

In the fall of 2024, we celebrated the 20^th anniversary of Appalachia Technologies.  Venturing out to start a business is a bold undertaking.  The reality is 20% of new businesses fail within the first two years and by the 10 year mark, 65% do not succeed.  So how did two individuals come together with a vision for a business that has beaten the odds?  Brian Stone and Mike Romano, founders and partners, sat down to be interviewed and shared some previously unheard stories from those early days.  Join us as we share the journey to the Appalachia Technologies we know today.

Achieving PCI DSS compliance can seem daunting, especially for teams with limited resources. Here are three critical PCI DSS questions and practical, low-cost solutions to help you stay secure without breaking the bank.

Warning: The following blog is a commentary of the Netflix limited series, "Zero Day" and may contain spoilers.  

The Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) Level 2 is based on the 110 security practices from NIST SP 800-171 rev 2. These practices are designed to protect controlled unclassified information (CUI) within the defense supply chain. For most DoD contractors, achieving CMMC Level 2 compliance is now mandatory, but the process is challenging. Organizations must navigate evolving requirements, implement technical controls, manage costs, train their workforce, and prepare for stringent audits. Here’s an overview of the top challenges contractors face along with the best practices for overcoming them.

APPALACHIA IN THE NEWS: Appalachia Technologies Cited in Case Study to Improve Efficiencies and Service Delivery

Improve and Evolve - this is one of the five Core Values of Appalachia Technologies and one we believe helps us to stay at the forefront of our industry.  Our Technical Assistance Center (TAC), while performing well and delivering quality service, was being challenged by processes for documentation that were manual and outdated.  Not satisfied with the current way of doing this, Chris Swecker, Manager of TAC, began to explore IT Glue.  IT Glue centralizes information, allowing for efficiencies in response time, accuracy, and client satisfaction.  As he explains, "IT Glue became our source of truth."  Chris and his team built on the success by incorporating additional tools to assist with password rotation and a client-side tool for password management and shared documentation.  

PCI Data Security Standard (PCI DSS) compliance isn’t new, but it does constantly change. Maybe you’ve sorted it out, maybe not. Regardless, making it easier should be a goal for every security or compliance leader. A strong compliance management program will maintain compliance for you. It can also be a great tool to help bolster security and justify budget allocation. So how do you do it?

In today’s increasingly interconnected world, safeguarding sensitive government data is a top priority for federal agencies—and for the contractors they partner with. While classified information has long been protected through well-established regulations, a new category of “Controlled Unclassified Information” (CUI) has emerged in recent years, prompting additional guidance and compliance requirements. Enter the Federal Acquisition Regulation (FAR) rule for CUI.

In this blog post, we’ll explore what CUI is, why it matters to government contractors, and how the FAR rule on CUI will shape compliance requirements going forward.

Sourdough.  Yes, I am starting a blog for a cybersecurity company with the 2020 hot trend of sourdough.  Over Christmas break, my resistance to joining the sourdough club broke and I started down the path.  I spent time consuming all the information I could – I scoured Instagram and started following creators, I watched YouTube videos on how to properly do a ‘stretch and fold,’ and I perused website after website to figure out what the heck I was doing.  As a visual learner, I was thrilled when a blogger had included video for further explanation.  And in many cases, the videos were embedded from TikTok. 

Reflection is a part of growth – applauding successes, acknowledging missteps, and mapping out a plan forward.  For Appalachia Technologies, 2024 was filled with some significant achievements, lessons learned, and continued work in alignment with our core values.  Join us as we walk through 2024 and how it plays into our plans for 2025.

Imagine being the owner of the most popular coffee joint on the corner. Your loyal customers line up outside each morning, eager to grab their caffeine fix. But, one day, as your staff hustles to keep up with the orders, a sudden storm knocks out the power, leaving the cafe in the dark. Or worse, a cyberattack targets your billing system, leaving a long line of frustrated customers.

Unexpected chaos can strike any business at any time. One moment, you’re basking in the glory of running a successful establishment; the next, you’re thrown against a wall, staring at a crisis that could disrupt your entire business. Don’t let this be your story.

Whether you’re a small business or a multinational corporation, your success hinges on the integrity and availability of critical data. Every transaction, customer interaction, and strategic decision relies on this precious asset.

As your dependence on data grows, so do the risks. Cyber threats and data breaches aren’t just potential disruptions when you possess valuable and sensitive data; they’re existential threats that can undermine your business continuity.

In today's rapidly evolving business landscape, unexpected disruptions can strike at any time. Are you prepared to weather the storm and emerge stronger? Business continuity planning (BCP) is your essential toolkit for resilience. Let's delve into the importance of BCP, common threats, and how to create a robust plan to safeguard your organization.

In my 25+ year cyber security career, I have watched the demand for compliance auditing grow.  In a world where the need to carry cash is diminishing, the need for securing digital data, such as credit cards, is vital.  How do businesses go about protecting their clients’ credit data?  More importantly, how do we as customers know that our credit card data is being protected?  The answer is PCI.

We live in a world where possibilities are endless. From automated cars ferrying passengers to AI systems carrying out surgeries, tech innovations are quickly taking over our lives. The world of business is no different. Machine learning, AI, robotics and automation tools promise an unparalleled level of business efficiency.

Many businesses are rushing to embrace these innovations because they fear being left behind. However, the critical question is: Do you fully understand the technology, including its potential negative consequences?

Are you feeling like you’re falling behind in today’s digital race? You’re not alone.

The cutthroat business world no longer tolerates “good enough” or subpar technology.

Therefore, it’s high time to turn technology into your growth engine, but hasty tech adoption won’t cut it. This is where smart tech acceleration comes in.

PRESS RELEASE

Mechanicsburg, PA, July 11, 2024 - Appalachia Technologies is excited to announce that Terri Black-Bendl, Vice President, Sales & Marketing, has been nominated for the Women in Technology Awards, presented by Technology Council of Central PA.  Terri’s nomination category, Impact Award – Private Sector/Entrepreneur to Small Business, spotlights women who have made contributions in technology in the Entrepreneurial/Small Business (under 50 employees) category.

AI has become a buzzword that often evokes a mix of awe, doubt and even fear, especially when it comes to cybersecurity. However, the fact is that if used effectively AI can revolutionize the way businesses like yours operate.

That’s why you must cut through the noise and separate fact from fiction if you want to leverage AI effectively. In this blog, we'll debunk some common misconceptions about AI in cybersecurity.