3 urgent or critical findings require immediate action — unencrypted HBDS web traffic (no SSL), VPN users holding local admin on production servers, and ePHI not encrypted at rest.
Progress by HIPAA safeguard
Administrative
8%
Physical
100%
Technical
3%
Forward-looking
0%
Finding severity breakdown
Urgent (Level 5)1
Critical (Level 4)2
High (Level 3)6
Medium (Level 2)5
Low / advisory2
Top open findings
Ref.
Finding
Severity
Control
Action
AA-5a
Unencrypted HBDS web traffic — no SSL on any IIS site
Urgent
§164.312(e)(1)
AA-5b
VPN users hold local admin on HBDS production servers
Critical
§164.312(a)(1)
HIPAA-6
ePHI at rest not encrypted — HBDS and SQL Server 2017
Critical
§164.312(a)(2)(iv)
AA-2
Policy library — document control gaps, 7 missing policies
All five IIS sites on both HBDS web servers (CSCOSCWEB1 and CSCEOCWEB1), including econsents.hbpbc.org and mobile.hbpbc.org, are bound to HTTP on port 80 with no SSL certificates installed. Web traffic carrying ePHI and electronic consent data is transmitted in cleartext.
Potential risk
Unencrypted external web endpoints handling consent and clinical data expose ePHI to interception. This is a direct violation of §164.312(e)(1) and creates a substantial likelihood of unauthorized access to ePHI.
Recommendation
Deploy SSL/TLS certificates on all five IIS sites and enforce HTTPS with HSTS. Coordinate with Palm Beach County IT to prioritize econsents.hbpbc.org and mobile.hbpbc.org. Verify no port 80 bindings remain after remediation.
Management response
Management agrees with this finding. The IT team will coordinate with Palm Beach County to procure and install SSL certificates on all affected IIS sites within 30 days.
Remediation Roadmap — Securance consultant (only present when engagement includes a Remediation Roadmap)
Specific remediation tasks
Procure SSL/TLS certificates for all five IIS site domains
Install and bind certificates on CSCOSCWEB1 and CSCEOCWEB1
Enforce HTTPS with HSTS headers. Redirect all port 80 traffic to 443.
Verify econsents.hbpbc.org and mobile.hbpbc.org are prioritized
Confirm no port 80 bindings remain post-implementation
Resource required:Palm Beach County IT + Securance
Also addressed by:NIST CSF PR.DS-02 — EquivalentCIS v8.1 CIS 9.2 — PartialCMMC SC.3.177 — Related
Person responsible for remediating this finding. Free text — enter name and title.
Update remediation status
Remediation notes
Evidence files
Drag files here or click to upload — screenshots, tickets, policies accepted
Not yet updated · Delivered May 26, 2026
Activity log
SC
Securance Consulting — finding published to engagement portal
May 26, 2026 · Risk: Urgent (Level 5)
No client updates yet.
Progress report
Point-in-time remediation snapshot · Generated on demand
Total findings
16
Open
15
94% unaddressed
Remediated
1
6% complete
Days elapsed
6
of 365-day window
By safeguard
Administrative (8)
8%
Physical (1)
100%
Technical (5)
0%
Forward-looking (2)
0%
Timeline
StartMay 26, 2026
EndMay 26, 2027
Days remaining359
Lead consultantDebra Gotlib
Contact Securance
Reach your engagement team directly
Your engagement team
DG
Debra Gotlib
Engagement Lead
debra.gotlib@securanceconsulting.com
ML
Michelle LeWay
Consultant
michelle.leway@securanceconsulting.com
Send a message
Subject
Message
Views
Multi-year plan
Risk by score
Risk by category
Participants
Excluded items
Engagement
City of Glendale
IT Risk Assessment Final · April 30, 2026
Risk summary
High (35–44)8
Medium (31–34)16
Low (23–30)15
39 total technologies
Multi-year IT audit plan
City of Glendale · 39 auditable technologies · 5-year rolling plan · April 30, 2026
Total technologies
39
High risk
8
score 35–44
Medium risk
16
score 31–34
Low risk
15
score 23–30
Year 1 recommendation: Motorola PremierOne (44), Firewall/Router/Switch (41), ISE/SolarWinds/Panorama (41), and MUNIS (37) are the highest-priority Year 1 audits.
Multi-year audit schedule
1Y12Y23Y34Y45Y5
#
Category
Technology / Process
Score
Y1
Y2
Y3
Y4
Y5
1
Enterprise App
Motorola PremierOne
44
1
2
Infra App
Firewall, Router, Switch
41
2
3
Infra App
ISE, SolarWinds, Panorama
41
2
4
Enterprise App
MUNIS
37
3
5
Enterprise App
NorthStar
36
1
6
Enterprise App
Paymentus
35
2
7
IT Process
Vendor Management
35
3
8
Infra App
Active Directory / Entra ID
35
1
9
Enterprise App
Customer Connect 6
34
2
10
IT Process
User Provisioning
34
1
Showing 10 of 39
IT risk by score
City of Glendale · 39 technologies ranked by composite risk score
Items considered but excluded from this assessment cycle with documented rationale
Technology Vendor INI — Third-Party Staff Access
INI vendor presence reduced to a single staff member following discontinuation of the modern data platform initiative under the new CIO. Third-party access risk has substantially diminished and is no longer suitable for inclusion in the current cycle.
Unsanctioned IT Tool and Web Application Development
New CIO has halted all unsanctioned development and adopted a formal “buy versus build” philosophy. The risk of ungoverned development no longer exists in its prior form.
City Has Outgrown MUNIS
Represents a valid strategic technology risk but does not present a discrete, assessable control gap for the current cycle. An ERP replacement review is better suited as a future audit topic once a formal initiative is initiated.
Clariti Permitting Software Implementation
City terminated its contract with Clariti following material misrepresentation of the solution’s capabilities. Affected departments have reverted to previously used technologies. Immediate risk has been resolved.
Monitors
Overview
Credential leakage 51
Malicious IPs & domains 34
Domain squatting 7
Alerts & notifications 3
Monitoring
City of Durham
durhamnc.gov
Active since Jan 2025
● Monitoring active
Scan status
Last scan
Jun 1, 2026 · 02:14 AM
Frequency
Continuous
⚠ New exposure
3 accounts · Jun 1, 2026
Dark web monitoring
City of Durham · durhamnc.gov · Last scan: Jun 1, 2026
Credential exposures
51
new this month
Malicious IPs
34
flagged / blocked
Domain squats
7
detected
Mentions cleared
98
past 30 days
New credential leak detected: j.daniel@durhamnc.gov, j.holder@durhamnc.gov, l.williams@durhamnc.gov found in a breach dataset posted June 1, 2026. LummaC2 infostealer artifacts identified. Immediate password reset recommended.
Credential leakage
12 exposed accounts found
j.daniel@durhamnc.gov
Jun 1 · LummaC2
New
j.holder@durhamnc.gov
Jun 1 · RedLine
New
l.williams@durhamnc.gov
Jun 1 · Rhadamanthys
New
svu@durhamnc.gov
May 14 · Password hash
Reviewing
e.brusher@durhamnc.gov
Apr 28 · Reset confirmed
Cleared
View all 12 →
Malicious IPs & domains
34 flagged sources this month
opentableministry.org
14 phishing attempts
High
185.234.219.14
C2 beacon · Blocked
Critical
45.155.205.233
Ransomware C2 infra
High
91.108.56.130
Tor exit node · Flagged
Medium
concretestructureau.com
9 phishing attempts
High
View all 34 →
Domain squatting
7 lookalike domains detected
durham-nc.org
Active phishing clone
Urgent
durhamnc-portal.com
Data collection page
Action
durhamnc-gov.com
Registered May 30 · Parked
Monitor
cityofdurhamnc.com
Redirect
Review
durhamnc.net
Expired
Cleared
View all 7 →
Credential leakage
City of Durham · durhamnc.gov · 12 exposed accounts detected
Active infostealer activity detected. LummaC2, RedLine, and Rhadamanthys malware families identified with exfiltration timestamps as recent as February 24, 2026. Immediate password resets recommended for all flagged accounts.
City of Durham · 34 flagged sources · Barracuda integration active
Top fraud-sending domains
opentableministry.org
14 phishing attempts · Top sender this month
High
concretestructureau.com
9 phishing attempts · 2nd highest volume
High
mailnotify-durhamnc.com
4 attempts · Domain impersonation
Critical
secure-durham-login.net
2 attempts · Credential phishing
Critical
noreply-city-durham.org
1 attempt · BEC impersonation
Medium
Flagged IP addresses
185.234.219.14
C2 beacon attempt · Blocked · Jun 1
Critical
45.155.205.233
Known ransomware C2 infrastructure
High
194.26.192.180
Credential harvesting · Blocked
High
91.108.56.130
Tor exit node · Flagged
Medium
37.120.247.39
Brute force · 47 attempts vs. Portal
Medium
Top impersonated senders — June 2026
L. Williams
×7 impersonated
High risk
L. Smith
×3 impersonated
Medium
E. Vinella-Brusher
×1 impersonated
Low
Domain squatting
City of Durham · 7 lookalike domains detected · Continuous monitoring active
Domain
Description
Registered
Content
Risk
Action
durham-nc.org
Login page clone of durhamnc.gov — active phishing
Apr 8, 2026
Phishing
Urgent
durhamnc-portal.com
Employee portal mimick — data collection form active
May 15, 2026
Active
Urgent
durhamnc-gov.com
Registered May 30 · No content yet · Parked
May 30, 2026
Parked
Medium
cityofdurhamnc.com
Registered Apr 12 · Redirects to commercial site
Apr 12, 2026
Redirect
Medium
durhamnc-it.net
IT dept lookalike · No content · Recently registered
May 22, 2026
No content
Medium
durhamnc.net
Old registration · Domain expired
Expired
Expired
Cleared
—
city-durham-nc.org
Typosquat · Registrar contacted · Investigating
Jun 1, 2026
Investigating
Medium
Alerts & notifications
City of Durham · 3 active alerts requiring attention
Critical · Credential exposure
New breach dataset — 3 durhamnc.gov accounts
NewJun 1, 2026
j.daniel@durhamnc.gov, j.holder@durhamnc.gov, and l.williams@durhamnc.gov found in a breach dataset posted to a dark web forum. LummaC2 infostealer artifacts identified. Exfiltration likely occurred within the past 72 hours. Immediate password resets and session termination recommended.
Critical · Domain squatting
Active phishing site: durham-nc.org
NewMay 31, 2026
durham-nc.org is serving a login page clone of durhamnc.gov and actively collecting credentials. Registered April 8. Takedown request should be filed immediately with the registrar (GoDaddy) and optionally with CISA and FBI IC3.
High · C2 traffic blocked
C2 beacon blocked — 185.234.219.14
Under reviewJun 1, 2026
Command-and-control beacon from 185.234.219.14 blocked at the perimeter firewall. IP is associated with known ransomware infrastructure. No lateral movement detected. Recommend reviewing endpoint logs on the originating workstation to confirm no prior compromise.
Views
Executive brief
Annual schedule
Projects & deliverables 9
Security tool metrics
Monthly briefs
Engagement
City of Fort Collins
Paul Ashe, vCISO CISSP · CISA · CPA Jan 2026 – Dec 2026
● Active engagement
vCISO executive brief — April 2026
City of Fort Collins · Prepared for Richard Barbee (Director TS) & Dewayne Kendal (CTO)
City of Fort Collins vCISO program · January through December 2026
CompletedIn progressPlannedOngoing
Click any item to update its status
Update item status
Q1 Kickoff & Planning
Project
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
Bi-weekly status call
●
●
●
●
●
●
●
●
●
●
●
●
Incident support
●
●
●
●
●
●
●
●
●
●
●
●
vCISO onboarding
✓ Done
External network pen test
✓
✓ Done
Firewall configuration review
✓
✓ Done
IRP review, RACI, playbooks
✓
✓
✓ Done
Endpoint security review
Active
→
IT policy & procedures review
Planned
NIST CSF gap analysis
Planned
→
CJIS assessment
Planned
→
→
Tabletop exercise
Planned
NERC CIP assessment
Planned
→
Projects & deliverables
City of Fort Collins · 9 project types · Download any deliverable directly
Assessment · Completed Mar 2026
External network & firewall assessment
CompletedCheckPoint firewall · 2 routers · Pen test
External network vulnerability assessment and penetration test of the City’s internet-facing environment, combined with a CheckPoint firewall configuration and ruleset review. Fieldwork covered CSCOSCWEB1, two internet routers (inetrtr1, inetrtr2), and the CheckPoint firewall object base. Used network footprinting, automated scanning, and manual enumeration.
2026 Ft Collins vCISO Report_v1.pdf
3.6 MB · Final report
_CheckPoint_Firewall_Analysis.xlsx
117 KB · Firewall analysis workbook
Threat Intel · Completed Mar 2026
Dark web exposure & ransomware precursor assessment
Completedfcgov.com · CyberTIQ TSRS
CyberTIQ identified significant credential exposure tied to fcgov.com systems, including confirmed infostealer malware artifacts (LummaC2, RedLine, Rhadamanthys) with exfiltration timestamps as recent as February 24, 2026. 44 internal users exposed across Accela, AMOS, Engage, Records, and SalesTax portals. Classified as elevated, time-sensitive risk.
Reviewed IT-02.03-PROC IRP (last revised Dec 2022). Plan is structurally sound but overdue, missing Colorado PDPA and CIRCIA notification timelines, no ransomware payment decision guidance. Updated IRP with tracked changes, CJIS addendum, and v1.1 playbooks covering ransomware, malware, compromised credential, malicious email, DDoS, and data breach.
2026 Fort Collins IRP Review Memo_v1.0.pdf
83 KB · Review memo
City of Fort Collins IRP Playbooks_vsc1.1.pdf
4.0 MB · Updated playbooks
Advisory Memo · Completed May 2026
FortiGate capabilities & AI threat mitigation strategy
CompletedFortiGate NGFW · AI governance · DLP
Evaluated FortiGate NGFW as the network enforcement layer for an AI governance strategy. Covered application control for ChatGPT, Copilot, Gemini, Claude, Perplexity; SSL/TLS deep inspection; DLP for data leakage prevention. Addressed shadow AI, prompt-driven exfiltration, and inbound AI-generated threats.
Assessed the City’s proposed change from DMARC p=none to p=quarantine enforcement. Confirmed as the correct next step. Provided staged rollout guidance using the pct= tag (25% → 100% over 4–8 weeks), Cisco Email Security quarantine digest configuration, and IT approval-before-release design to prevent BEC self-release.
2026 Fort Collins DMARC Memo_v1.0.docx
55 KB · DMARC memo
Grant Compliance · In progress
BEAD grant program — Connexion cybersecurity compliance
In progressCISA CPG · Cybersecurity plan · SCRM plan
Supporting Connexion (City broadband utility) with BEAD program cybersecurity compliance deliverables. Completed CISA CPG gap assessment, cybersecurity plan v1.0, and SCRM plan aligned to NIST SP 800-161 and BEAD NOFO requirements. High-level RMF overview presented to IT leadership.
2026_Connexion_Cybersecurity_Plan_v1_0.docx
515 KB · Cybersecurity plan
Assessment · In progress
Endpoint security review
In progress1 week · Client assistance request pending
Review of the City’s endpoint security posture across all managed devices. Client assistance request issued May 3, 2026 to gather endpoint inventory, EDR configuration details, patching cadence data, and agent health statistics. Awaiting client response before fieldwork can proceed.
2026 Endpoint Client Assistance Request.xlsx
11 KB · Information request
Incident Advisory · Completed May 2026
Kali365 phishing kit — advisory response
CompletedThreat advisory · Mitigation guidance
Advisory regarding the Kali365 phishing kit targeting Microsoft 365. Documented session cookie hijacking and MFA bypass via adversary-in-the-middle proxy. Recommended detection and response actions for the City’s email security stack and identity protection controls.
Kali365 Phishing Kit Email Response.pdf
97 KB · Advisory
Assessment · Planned H2 2026
NIST CSF 2.0 gap analysis
Planned4 weeks · Jul–Aug 2026
Full NIST CSF 2.0 gap assessment covering Govern, Identify, Protect, Detect, Respond, and Recover. Will produce a gap assessment report with scored findings, priority remediation recommendations, and input for the cybersecurity program and roadmap deliverable.
Documents will appear here when the project begins
Security tool metrics
City of Fort Collins · April 2026 · Updated monthly
API Connector Configuration — Securance admin only
Connect security tools via API to automatically ingest metrics. Each client engagement is configured independently. API credentials are encrypted at rest and never displayed after saving.
Prepared for R. Barbee & D. Kendal · 3,085 healthy endpoints, 699 phishing blocked, 0 high alerts, 444 tickets
Delivered
March 2026
External network assessment and firewall review completed · Pen test report and CheckPoint findings delivered
Delivered
February 2026
Dark web report delivered · CyberTIQ TSRS assessment · 44 internal user credentials exposed
Delivered
January 2026
vCISO onboarding completed · Annual project schedule established · Bi-weekly status calls initiated
Delivered
Views
All documents
Upload document
Box.com
Oakland University
/Karen's Clients/Oakland University
● Synced 2h ago
Documents uploaded to your Box folder appear here automatically. You can also upload directly to the portal.
Documents
All documents — Box.com folder sync active · Last synced 2 hours ago
Box.com folder is connected and syncing. Documents you upload to your Box folder appear here automatically. You can also upload directly from this page.
File name
Type
Size
Date
Source
2026_Oakland_HIPAA_Risk_Assessment_v1.0.pdf
PDF
3.6 MB
Jun 1, 2026
Box.com
AI_Governance_Policy_Draft_v2.docx
DOCX
145 KB
May 28, 2026
Box.com
Vendor_Questionnaire_Completed_Blackbaud.xlsx
XLSX
87 KB
May 15, 2026
Box.com
Network_Diagram_Current_State.pdf
PDF
1.2 MB
Apr 30, 2026
Uploaded here
Showing 4 of 11 documents
Upload document
Files uploaded here are synced back to your Box.com folder automatically
Upload files
Drag files here or click to browse
Any format accepted · Max 100MB per file · Files sync to Box.com automatically