Infosec Insider

2019-05-21 05:10:25

Pentesting with Sheepl

By Marcos Colon

May 21, 2019

InfoSec Insider caught up with Trustwave SpiderLabs Principal Security Consultant Matt Lorentzen, who discussed the open source pentesting tool and provided us with a demo.

2019-05-14 05:29:10

The Holistic CISO: How to Increase Organizational Effectiveness

By Marcos Colon

May 14, 2019

The modern-day CISO faces a multitude of challenges they must face head-on to build a sense of leadership and vision within the security and risk department. InfoSec Insider caught up with CISO Spotlight's Todd Fitzgerald, who offered up concrete tips up-and-coming security leaders can leverage when it comes to achieving organizational effectiveness.

2019-05-07 05:23:55

A Guide to Purchasing Cybersecurity Solutions

By Josue Ledesma

May 07, 2019

Knowing how to approach buying cybersecurity vendors is a difficult task. There’s a lot to manage internally (budget, needs, fit) and it’s hard to know what kind of vendors or solutions would serve your organization best. The fear, uncertainty, and doubt (FUD) experienced by cybersecurity vendors are especially troubling.

2019-05-02 05:56:10

Election Trouble Ahead: Voter Machine Issues

By Marcos Colon

May 02, 2019

Rapid7’s Director of Research Tod Beardsley highlights what you should know about voting machine security and what more needs to be done for the approaching 2020 elections.

2019-04-30 05:40:02

DeMISTIfying Security: How to Boost Your Cyber Budget

By Ed Moyle and Raef Meeuwisse

April 30, 2019

In this follow-up episode, the DeMISTIfying Security experts provide you with proven tips that you can leverage to boost the cybersecurity budget within the business. Don't miss out on this episode.

2019-04-25 05:27:50

The Cyber Impact on Democracy

By Marcos Colon

April 25, 2019

Cybereason CSO Sam Curry shares how “black propaganda” is leveraged by foreign adversaries, why 2016 was a failure of imagination from a cyber standpoint, and what we should be prepared for leading into the 2020 presidential elections.

2019-04-23 05:48:28

Cybersecurity Leadership Today: Why It's Failing and What Can Be Done to Fix It

By Marcos Colon

April 23, 2019

InfoSec Insider caught up with Cylance's Chief Security and Trust Officer, Malcolm Harkins, who shared why he believes leadership in information security today is sorely lacking, but more importantly, what needs to be done in order for today's security leaders to create an "ideal state" for their departments.

2019-04-18 05:14:26

Threat Profiling in the ICS World: What You Need to Know

By Marcos Colon

April 18, 2019

There are a slew of threats aimed at industrial control systems, and security warriors in that space need to constantly be on their toes. We caught up with Sergio Caltagirone, vice president of threat intelligence at Dragos, who shared how infosec pros in the ICS world can get started with threat profiling.

2019-04-16 05:10:53

Should You Be Paying Attention to Airborne Attacks?

By Josue Ledesma

April 16, 2019

It’s no mystery that the world of cybersecurity constantly faces a massive challenge. It has to pre-empt attacks, predict how hackers will use new attack vectors, and defend their environment against all existing attacks and attacks that may not even exist yet. In this feature, we go over one of the more obscure, but dangerous and difficult attacks to defense against—airborne attacks.

2019-04-11 05:07:16

Who Watches the Watchers?: A Discussion on Who Can Be Trusted Today

By Marcos Colon

April 11, 2019

Security departments have evolved tremendously over the years, but so have cyber threats. As organizations become more aware that nearly no one can be trusted, whose job is it to watch the watchers? At this year’s RSA Conference in San Francisco, InfoSec Insider caught up with Forcepoint's Dr. Richard Ford who dives into the topic.

2019-04-09 05:48:15

DeMISTIfying Security: Is the Board to Blame When There's Cyber Shame?

By Ed Moyle and Raef Meeuwisse

April 09, 2019

In the latest edition of InfoSec Insider’s DeMISTIfying Security series, veteran experts Ed Moyle and Raef Meeuwisse discuss the state of cybersecurity as it relates to executive support within the business.

2019-04-04 05:14:57

Cybercrime Extortion: 2019 Trends and Insights

By Marcos Colon

April 04, 2019

Cyber swindlers are continually looking to reinvent themselves, and their methods are becoming savvier. InfoSec Insider caught up with Digital Shadows CISO Rick Holland on the recent research that his team has conducted on cybercrime extortion, and how security practitioners can secure their organizations don't fall prey to these attacks.

2019-04-02 05:30:40

The Threat Posed by Overprivileged Identities

By Marcos Colon

April 02, 2019

Organizations have struggled to gain control over privileged identity management—a challenge that has tripped up many security and risk departments and has caused major cyber incidents. If the title of this article caught your eye, chances are you’re grappling with this issue and are looking for some insights that will make your life a little easier.

2019-03-28 05:49:26

Must You Rely on Cybersecurity Vendors to Be Secure? Is Do-It-Yourself Cybersecurity a Viable Option?

By Jim Romeo

March 28, 2019

Cybersecurity remains a persistent challenge in information technology, and for IT security professionals, AI and other tools are valuable for organically managing cybersecurity without depending on vendors that might have more sophisticated tools and experience using them.

2019-03-28 05:10:56

Your Weak Physical Security Could Be A Hacker’s Easiest Target

By Brent White & Tim Roberts, Senior Security Consultants, Threat Services, NTT Security

March 28, 2019

While having strong IT security in place to secure sensitive data on devices and networks is critical, ensuring your organization practices strong physical security is equally important. Organizations need to prevent attackers from being able to walk in and walking out with data, systems, physical documents, or worse – a new connection to your network as a persistent threat.

2019-03-26 05:02:47

The Basic Cyber Law Concepts Every Security Professional Needs to Know

By Steve Black, Professor of Law, Texas Tech University

March 26, 2019

Cyber law is focused on bringing more clarity to privacy questions that new technology introduce. It’s important for all security professionals to have a basic understanding of current and potential future cyber law concepts in order to stay compliant and ensure sensitive data stays safe.

2019-03-21 05:58:48

The State of Passwords in 2019: Will They Ever Go Away?

By Josue Ledesma

March 21, 2019

Password security has undergone a significant transformation over the last few years. As a reaction to the insecure form of identity verification that is logging in with a password, technologies such as two-factor authentication (2FA), multi-factor authentication (MFA), and hardware keys. This begs the question—where does that leave passwords in 2019?

2019-03-19 05:32:51

DeMISTIfying Security: The Impacts of Security Assumptions

By Ed Moyle and Raef Meeuwisse

March 19, 2019

In this follow-up video, the DeMISTIfying Security experts discuss two recent containerization-related issues and how the modern-day security warrior can venture into the unknown to effectively tackle challenges such as this.

2019-03-14 05:52:53

Are Medical Devices Securely Managed Yet?

By Jim Romeo

March 14, 2019

Recent incidents illustrate the risks that healthcare networks are subject to in today's ever-expanding cybersecurity threat landscape. In particular, securing networked medical devices in this environment can be challenging.

2019-03-12 05:45:31

Managing Your Infosec Budget: How to Choose the Right Vendors and Solutions

By Josue Ledesma

March 12, 2019

So many vendors, so little budget. Security departments are constantly tasked to know how to properly allocate funds to staffing, resources, tools, solutions, software, vendors, third-party contractors, and more. Even an unlimited budget wouldn’t help as security departments can find themselves bloated with software or vendors, leading to an inefficiently run department.

2019-03-12 05:10:01

How Moving Away From Traditional Academia Has Changed Cybersecurity Education

By Paul Rohmeyer, Program Director MS Information Systems, Stevens Institute of Technology

March 12, 2019

Today, there are highly specialized training options offered both in-person and online in the form of meetups, webinars, formal courses, and in-house and external conferences. The attractiveness (cost, convenience, and specialty) of these alternative options has driven cybersecurity talent to steer towards education avenues outside of traditional academia.

2019-03-07 05:08:13

Why Your Cybersecurity Comms Need to Evolve

By Dawn Papandrea

March 07, 2019

When you’re talking information security among your peers, it sounds like a totally different language than the rest of your organization speaks. This puts infosec professionals in a bind. On the one hand, security vulnerabilities exist throughout the company. Yet you, alone, are carrying the burden of knowing just how serious it can get. That’s why it’s up to you to create an information security communication strategy.

2019-03-05 05:13:23

DeMISTIfying Security: The Top 3 Dangerous Security Assumptions

By Ed Moyle and Raef Meeuwisse

March 05, 2019

From steering clear of marketing buzz to the impact of misinformation, DeMISTIfying Security hosts Ed Moyle and Raef Meeuwisse point out the security assumptions that could be catastrophic to any security practitioner’s role.

2019-02-28 05:40:26

How to Manage Employee Mobile Device Risk in Your Organization

By Josue Ledesma

February 28, 2019

In this article, we’ll go over what devices infosec departments should have an eye on and how to tackle the challenge of BYOD head-on. For an expert’s perspective, we spoke to Georgia Weidman, founder of Shevirah, a mobile and IoT testing company.

2019-02-26 05:33:43

How to Turbocharge Your Cybersecurity Awareness Training

By Jim Romeo

February 26, 2019

Cybersecurity awareness training is a critical component to your security hygiene. The most effective training programs are offered frequently and use available frameworks, focus points, tools, and tactics to build a culture where cybersecurity is embraced, not avoided or shunned.

2019-02-21 05:01:13

Confused on How to Implement Cybersecurity Policy Based on the NIST Security Framework? Read On.

By Jim Romeo

February 21, 2019

We understand that some security professionals may not have the easiest time implementing the NIST Security Framework. That’s why we’ve created the “missing manual” on getting it right in this latest InfoSec Insider post.

2019-02-19 05:40:25

DeMISTIfying Security: Getting a Jump on Zero Trust in Your Environment

By Ed Moyle

February 19, 2019

Last week the DeMISTIfying Security hosts explored the Zero Trust model. This follow-up segment takes things one step further as security veteran Ed Moyle explains how you can get a jump on kickstarting Zero Trust within your organization.

2019-02-14 05:25:09

How to Get Started with Secrets Management

By Ed Moyle

February 14, 2019

The only thing worse than having a huge problem is having a huge problem and not realizing it. Believe it or not, many organizations are in the latter boat right now. Specifically, many organizations are undergoing a proliferation of secrets at a scale and scope that eclipses the ability of mechanisms and controls they may have in place to keep them protected.

2019-02-12 05:59:59

Glimpsing Inside the Trojan Horse: An Insider Analysis of Emotet

By Max Heinemeyer

February 12, 2019

Emotet is a highly sophisticated malware with a modular architecture, installing its main component first before delivering additional payloads. In this contributed article, Darktrace's Max Heinemeyer, director of threat hunting, breaks down the threat.

2019-02-07 05:00:06

2019 Cybersecurity Threat Trends: What Should Be On Your Radar Part 2

By Josue Ledesma

February 07, 2019

Last week we shared the first part of this two-part series on cyber threats in 2019. This week we wrap up the remainder of the insights we shared thanks to our conversation with subject matter expert Adrian Sanabria, VP of strategy and product at NopSec.

2019-02-05 05:04:12

DeMISTIfying Security: Exploring the Zero Trust Model

By Ed Moyle and Raef Meeuwisse

February 05, 2019

In the latest edition of MISTI’s DeMISTIfying Security, Ed and Raef dissect the zero trust model. From the pros and cons, to the obstacles you may face rolling out this philosophical approach to security, this week’s segment will shed new light on this topic.

2019-01-31 05:50:59

2019 Cybersecurity Threat Trends: What Should Be on Your Radar

By Josue Ledesma

January 31, 2019

InfoSec Insider caught up with one SME that helped us put together a list of the looming threats your company should keep an eye on and how organizations can defend themselves accordingly. Here's a look at what you should have on your radar.

2019-01-29 05:57:19

The Thrill of the Hunt (Threat Hunting, That Is)

By Jim Romeo

January 29, 2019

The term threat hunting has been tossed around a lot, but what does it actually mean and can your cybersecurity playbook benefit from it? Many organizations are tapping into its benefits, so we've decided to provide you with a breakdown in this feature article.

2019-01-24 05:18:57

Lessons Learned: How to Defend Your Organization Against Social Engineering

By Josue Ledesma

January 24, 2019

Social engineering is unique in the cybersecurity world as its scope of influence can vary widely on the software, hardware, and even psychological level. In this article, we’ll cover social engineering attacks and help you learn from recent developments in the space.

2019-01-22 05:25:41

DeMISTIfying Security: To 2019 and Beyond!

By Ed Moyle and Raef Meeuwisse

January 22, 2019

In last week's segment, Ed and Raef discussed some of the major developments in infosec in 2018. This week, they take out their crystal ball and look into 2019, sharing their thoughts on what many practitioners could expect.

2019-01-17 05:25:37

The State of Artificial Intelligence in 2019

By Marcos Colón

January 17, 2019

Artificial intelligence is found in homes across the globe, and it's also being leveraged by troves of organizations across the country. But how mature is the technology and how open should you be to adopting it as part of your security strategy? In this exclusive interview, we catch up with one expert who breaks it down for us.

2019-01-15 05:26:38

DeMISTIfying Security: 2018 Year in Review

By Ed Moyle and Raef Meeuwisse

January 15, 2019

In the latest installment of InfoSec Insider’s DeMISTIfying Security series, security experts Ed Moyle and Raef Meeuwisse return to review the major breaches, developments, and takeaways that you can get from information security events in 2018.

2019-01-10 05:00:59

How to Prepare for the Digital Transformation Era

By Marcos Colón

January 10, 2019

Like it or not, the digital transformation era is here. But what does that actually mean--and more importantly--what does that mean to you? We caught up with Zscaler's Business Value Consulting Leader, Jason Georgi, who broke it down for InfoSec Insider.

2019-01-08 05:34:22

How AI Can Prevent Dangerous Email Mistakes

By Marcos Colón

January 08, 2019

What's the state of artificial intelligence in the enterprise today? More importantly, how can the security and risk department benefit from its benefits to measurably reduce risk within the business? InfoSec Insider caught up with Neil Larkins, CTO at Egress Software, who breaks it down for us.

2019-01-03 05:16:05

Cloud Security in 2019: What InfoSec Leaders Can Expect

By Marcos Colón

January 03, 2019

InfoSec Insider catches up with the Cloud Security Alliance's Jim Reavis, who shares what security leaders should be focusing on when it comes to cloud security in 2019. You'll want to take note of these insights and predictions.

2018-12-27 11:34:33

InfoSec Insider Top 10 in 2018

By Marcos Colón

December 27, 2018

As 2018 wraps up, InfoSec Insider looks back at some of the most popular articles we've produced for our loyal audience. From communicating security metrics to the board and making sense of attack patterns, to key areas that you should focus your cybersecurity strategy on, here's a list of the top 10 articles.

2018-12-25 05:19:29

Know Your Inventory: A CISOs Guide to Asset Management

By Josue Ledesma

December 25, 2018

A CISO’s list of responsibilities are vast. They need to protect, defend, and identify any risks and potential attacks that may hit their company’s environment. However, knowing what needs protection is its own challenge.

2018-12-20 09:43:37

The Cloud Security Dos and Donts Explained

By Marcos Colón

December 20, 2018

Security practitioners that are looking to migrate their business to the cloud in a successful manner have to consider quite a lot. That's why InfoSec Insider caught up with security leader and industry veteran Mark Arnold during this video interview where he quickly breaks down what you should and shouldn't be doing when it comes to the topic.

2018-12-18 05:58:25

Are You Using These Best Practices to Build a Vendor Risk Management Program?

By Jim Romeo

December 18, 2018

Today's IT playing field implores a higher state of alertness, not only within your enterprise but also outside of it. However, when it comes security, not all vendors are created equal. Some very likely have inferior security hygiene and practices that can affect you big time.

2018-12-13 05:11:50

The Blockchain Revealed: How InfoSec Can Benefit from the Protocol

By Marcos Colón

December 13, 2018

InfoSec Insider catches up with Debbie Hoffman, CEO of Symmetry Blockchain Advisors at the CSA Congress event, who clarifies what blockchain means to security leaders today, and any privacy implications they should be aware of.

2018-12-11 05:49:11

Leveraging Collaboration and SOAR to Secure Our Digital Future

By Cody Cornell

December 11, 2018

The idea behind collaborative security is to change the security and threat landscape from the daunting “one vs. many” to “many vs. many,” embracing the power of knowledge and collaboration to protect valuable data.

2018-12-06 09:14:34

Cybersecurity 101: How to Get Started in the Business (Part 2)

By Ed Moyle and Raef Meeuwisse

December 06, 2018

In this walkthrough, InfoSec Insider experts Ed Moyle and Raef Meeuwisse demonstrate one useful exercise that can aid security practitioners in getting a lay of the land in their organization, serving as the perfect first step in ultimately measuring and reducing information security risks.

2018-12-04 05:42:01

Cybersecurity 101: A Discussion on the Basics and Fundamentals

By Ed Moyle and Raef Meeuwisse

December 04, 2018

InfoSec Insider SMEs Ed Moyle and Raef Meeuwisse are back, but this time they're talking fundamentals. If you're an up-and-coming security warrior, you'll definitely want to heed this advice from the two infosec experts.

2018-11-29 05:54:58

Considerations for Cloud Service Providers on the Path to FedRAMP Accreditation

By Baan Alsinawi

November 29, 2018

The government has urged the private sector to offer agencies secure cloud solutions through the FedRAMP accreditation, which establishes baseline standards for security assessment, authorization, and continuous monitoring. Here, we provide six key considerations to help guide FedRAMP accreditation efforts.

2018-11-27 05:48:52

An Open Source Intelligence (OSINT) Revolution, You Say?

By Jim Romeo

November 27, 2018

As a security practitioner, we're sure you've heard of the benefits that open source intelligence (OSINT). But what exactly is it and how can you leverage it as it relates to your current security strategy? This article answers that question and more.

2018-11-22 05:33:26

When Is It Time to Share Your Secret Sauce?

By Marcos Colón

November 22, 2018

When is it time for your organization to share cybersecurity information with its competitors and how much should you be sharing? We interview two industry experts that provided us with their take on the topic in this featured video interview.

2018-11-20 05:09:02

Do You Really Need a Penetration Test?

By Ed Moyle

November 20, 2018

This will probably be a contentious point for some, but there are situations where a penetration test isn’t the best use of an organization’s resources. Here, we examine what is (and isn't) a pentest, and what its goals should be depending on your organization's needs.

2018-11-15 05:43:40

How to Communicate Threat Intelligence to the Board

By Marcos Colón

November 15, 2018

Cyber threats are top of mind for board members, but communicating cyber threat intelligence may not be the easiest task for security leaders. In this recent interview with Tim Callahan, senior vice president and global security officer at Aflac provides some helpful tips that could go a long way.

2018-11-13 05:35:42

How to Train Your Team (and Organization) to Effectively Use Threat Intelligence

By Josue Ledesma

November 13, 2018

Threat intelligence has transformed the information security world for the better but it’s not always leveraged in the best way possible by organizations and departments. InfoSec Insider spoke to threat intel expert Karl Sigler to get a sense of how organizations can maximize threat intelligence for their organization.

2018-11-08 05:54:03

What’s Next for IoT Security?

By Marcos Colón

November 08, 2018

InfoSec Insider catches up with Armis co-founders Yevgeny Dibrov and Nadir Izrael who discuss the current climate as it relates to IoT security, and offer up some dos and don’ts when it comes to connected devices within the enterprise.

2018-11-06 05:26:33

4 Things to Know About Penetration Testing & AI

By Min Pyo Hong, CEO and Founder, SEWORKS

November 06, 2018

Conducting penetration testing via simulated attacks on your organization's network is the best way to help your business evaluate the strength of your network security protocols and identify any backdoors, weaknesses, and gaps between different security tools, and prioritize risk. This contributed article explains why.

2018-11-01 05:54:15

Common Application Vulnerabilities You Should Know About

By Marcos Colón

November 01, 2018

While patching vulnerabilities seems like a “low-hanging fruit” task for many security practitioners, it seems as though many still fail to do so. In this interview with application security expert Chris Eng, he highlights the common blind spots associated with vulnerability management.

2018-10-30 05:39:26

2018 Midterm Election Security: Thoughts from Security Experts

By Marcos Colón

October 30, 2018

InfoSec Insider catches up with cybersecurity experts on the lessons learned from the 2016 election hacks, and what the security practitioner of today could learn from those events. With early voting already in full swing, we take a brief look back at what occurred.

2018-10-25 05:59:24

So, How Strong Are Your Organization's Passwords?

By Marcos Colón

October 25, 2018

Ntrepid Corporation’s Chief Scientist Lance Cottrell chats with InfoSec Insider and offers up the major dos and don’ts tied to password management, as well as pinpoints the significant weaknesses in some of the systems we’ve come to rely on heavily.

2018-10-23 05:31:29

Why Data Privacy and Policy Training Matters

By Josue Ledesma

October 23, 2018

Data privacy and protection is an often underappreciated aspect of information security, but in many ways, it provides the foundational groundwork for a well-established security environment that offers internal and external reassurance. Here's why and how you should train up your team.

2018-10-18 05:30:25

Are You Investing in the Right Cybersecurity Tools?

By Marcos Colón

October 18, 2018

NSS Labs CEO Vikram Phatak speaks with InfoSec Insider and offers up tips to up-and-coming security professionals on how to make smart and effective cybersecurity solution purchasing decisions. From blocking out buzzwords and marketing jargon to building a great team, here’s what you need to know.

2018-10-16 05:47:41

The New Regulatory Wrinkles for Data Protection You Should Know About

By Aaron Turner

October 16, 2018

We’ve seen the rules for data security change from relatively simple policies, such as simple access controls, to much more complex policy requirements with the implementation of GDPR. This article’s intended to cover three new perspectives that will influence data protection controls in the coming years.

2018-10-11 05:14:43

Cryptocurrency Mining Malware and Cryptojacking: What to Know and How to Protect Your Organization (Part 2)

By Ed Moyle

October 11, 2018

On Tuesday InfoSec Insider kicked off a how-to video series that focuses on topics surrounding the challenges that our readers face on a daily basis. In this companion video, security expert Ed Moyle provides a deep dive on how you can protect your organization from cryptocurrency mining malware and cryptojacking.

2018-10-09 05:07:36

Cryptocurrency Mining Malware and Cryptojacking: What to Know and How to Protect Your Organization

By Ed Moyle and Raef Meeuwisse

October 09, 2018

Security experts Ed Moyle and Raef Meeuwisse dissect the topic of cryptocurrency mining malware and cryptojacking; what it means to you as a security professional and how you can protect the enterprise from it.

2018-10-04 05:13:15

Security Automation is Here. Now What?

By Marcos Colón

October 04, 2018

enSilo CEO Roy Katmor sits with InfoSec Insider to discuss how security automation is impacting the time and duties of the modern day security professional, and how the skills they need to succeed will change as a result of the technology.

2018-10-02 05:20:41

Need a Concise Guide to Pen Testing? Here It Is.

By Jim Romeo

October 02, 2018

What's the best way to detect network risks and other vulnerabilities from cyber threats? If you guessed a pen test, then you're right. In this feature article, we've created a no-nonsense that answers pertinent questions about penetration testing.

2018-09-27 05:15:45

Creating the Perfect Incident Response Playbook

By Marcos Colón

September 27, 2018

Arctic Wolf's Sam McLane sits with InfoSec Insider at the Black Hat Conference in Las Vegas to discuss the major dos and don'ts when it comes to incident response, in addition to some misconceptions that some security practitioners may have on the topic.

2018-09-25 05:19:06

Social Mapper: The What, Why, and How

By Marcos Colón

September 25, 2018

InfoSec Insider catches up with Trustwave SpiderLabs Threat Intelligence Manager Karl Sigler on the company’s latest open source tool which enables penetration testers and red teasers to scrape social media data.

2018-09-20 05:06:17

A Discussion on Dark Web Threats in 2018

By Marcos Colón

September 20, 2018

InfoSec Insider catches up with Digital Shadows CISO Rick Holland, who discusses the latest dark web threats this year, and what security practitioners should have on their radar.

2018-09-18 05:47:59

A Look at the Windy City’s Newest Cyber Command Center

By Marcos Colón

September 18, 2018

InfoSec Insider takes a first-hand look at Trustwave’s new SpiderLabs Fusion Center in Chicago and speaks with Chris Schueler, senior vice president of managed security services, on the purpose behind its creation.

2018-09-13 05:06:59

Election Security in 2018: What’s Next?

By Marcos Colón

September 13, 2018

Forcepoint’s Dr. Richard Ford discusses the impact that the 2016 election meddling had on the cybersecurity community, and the lessons learned that security practitioners should take note of, but most importantly, act on.

2018-09-11 05:44:08

Disable PowerShell? How about control it instead?

By Ed Moyle

September 11, 2018

At the end of the day, PowerShell is an enormously flexible, valuable, and helpful tool in any enterprise administrator’s toolbox, so “turning it off” isn’t really a viable option for most shops. In this informative feature, subject matter expert Ed Moyle explains why.

2018-09-06 05:58:29

Back to the Basics: The State of Cyber Hygiene in 2018

By Marcos Colón

September 06, 2018

Tripwire's Tim Erlin chats with InfoSec Insider on the state of cyber hygiene in 2018, where we are, why we're there, and highlights different areas that security practitioners are failing to cover as it relates to securing the business.

2018-09-04 05:38:22

Push Authentication: Bringing the Most Secure Method of 2FA Mainstream

By Simon Thorpe

September 04, 2018

For consumers looking for an easier-to-use login experience, there is a solution: push authentication. This approach is a vast improvement over sending a one-time passcode via SMS and is truly the most secure method of 2FA.

2018-08-30 05:19:15

More Humans Needed: Closing the Cybersecurity Talent Gap

By Marcos Colón

August 30, 2018

Cybrary COO Kathie Miley pinpoints the real issues organizations face when it comes to the cybersecurity talent shortage, why employers are doing a good job of finding the right talent only in certain circumstances, and the impact the cybersecurity solutions market is having on the talent shortage.

2018-08-28 05:53:56

The Evolved Perimeter: IoT Identity and Integrity

By Jackson Shaw, VP of Product Strategy, One Identity

August 28, 2018

The rise of IoT has introduced new challenges to security in the enterprise. Like most security challenges, protecting against threats is the basic work of good IT hygiene. Organizations can adopt existing identity management best practices to meet this new challenge.

2018-08-23 04:53:22

The State of Mobile Payments Security

By Aaron Turner

August 23, 2018

What is the bottom line from a security perspective when it comes to mobile payments? In the current state of the ecosystem, mobile security expert Aaron Turner offers up his take and advice on the topic.

2018-08-21 05:49:30

Understanding Zero Trust: A New Strategy for Cyber Defense

By Pravin Kothari, CEO, CipherCloud

August 21, 2018

The idea that all internal networks should be considered trusted while external networks should be trusted was fundamentally wrong. This featured article describes why the move to the cloud has also accelerated the movement to Zero Trust.

2018-08-16 05:12:32

Intelligent Context Monitoring for Security Operations

By Vijay Dheap

August 16, 2018

The context around security events is essential to qualify if those events are false positives or worthy of a security response. However, today security operations are predominantly focused on event monitoring and rely on security analysts to reconstruct context.

2018-08-14 05:38:38

GDPR is Here...So What's Next?

By Heather Dean Bennington

August 14, 2018

GDPR was a major focus for many organizations this year. Whether it has been extensive business process mapping, understanding the purposes of personal data, or defining its scope. But now that it's here, what should security professionals focus on next?

2018-08-09 05:16:34

How Infosec Can Put More “Intelligence” into Operationalizing Threat Intelligence

By Marcos Colón

August 09, 2018

Threat intelligence expert Dave Ockwell-Jenner discusses how organizations have changed the way they approach threat intelligence, and provides the primary Dos and Don’ts associated with developing a successful threat intelligence program.

2018-08-07 05:09:54

Blockchain: What It Is and What It Means for InfoSec

By Josue Ledesma

August 07, 2018

Blockchain has become the new buzzword of choice across a wide spectrum of industries, such as finance, tech, and the information security industry. However, what blockchain is and what its applications are still seem to be unclear. This article sets the record straight.

2018-08-02 05:24:02

Tips on Creating Your Own Bug Bounty Program

By Marcos Colón

August 02, 2018

Bugcrowd Founder Case Ellis discusses the evolution of bug bounty programs and their impact on information security, in addition to providing tips on the key areas to focus on when it comes to developing a bug bounty program at your organization.

2018-07-31 05:07:04

How to Build Practical Cross-Training in Infosec

By Ed Moyle

July 31, 2018

Given the skills gap in information security, it's important for cybersecurity managers to diversify and expand the skill base of their team members. Here, we highlight how they can do it from a practical point of view.

2018-07-26 05:44:21

The Cyber Threat Alliance: Making Cybersecurity Collaboration Work

By Marcos Colón

July 26, 2018

The Cyber Threat Alliance’s Chief Analytic Officer Neil Jenkins provides update on the state of information sharing in 2018 and provides some insight on the steps security practitioners can take if they’re interested in sharing their threat data.

2018-07-24 05:34:38

Mobile Privacy & Infosec Tips for Frequent Travelers

By Aaron Turner

July 24, 2018

Summer will be over before you know it and for many of you, it might be time to hit the road again for business travel. Before you pack up all of your devices, you might want to keep some of this advice in mind to ensure your data is secure.

2018-07-12 05:32:55

Are Security Professionals Doing Enough?

By Marcos Colón

July 12, 2018

Cybereason’s Israel Barak discusses the approach that far too many businesses take when it comes to their security strategy and highlights the steps that security professionals should be seeking to rethink the programs and challenges they face tied to measurably reducing risk within the business.

2018-07-10 05:24:25

First-Hand Experience in Developing a Threat Hunting Program

By Jessa Gramenz

July 10, 2018

Developing a threat hunting program may be challenging, but it doesn’t have to be. In this feature article, one subject matter expert provides us with a glimpse into her experience on the topic and what you can expect.

2018-07-05 05:45:08

How Hacked Elections Impacted the Security Industry

By Marcos Colón

July 05, 2018

CA Veracode’s Chris Wysopal discusses how the 2016 presidential election hack broadened the horizon on how security warriors think about defending their data and offers up advice on what they should consider when it comes to protecting sensitive information.

2018-07-03 05:46:00

Threat Modeling: What, Why, and How?

By Adam Shostack

July 03, 2018

Threat modeling is essential to becoming proactive and strategic in your operational and application security. In this feature article, you'll learn what threat modeling is, how it relates to threat intelligence, and how and why to start.

2018-06-28 05:00:33

Looking to Benefit from AI? Build Something!

By Marcos Colón

June 28, 2018

Cylance’s Colt Blackmore discusses why leveraging AI isn’t limited to purchasing an out-of-the-box solution and details the critical steps that security practitioners should take to successfully utilizing the technology to their organization’s advantage.

2018-06-26 05:32:29

A Primer on Breach and Attack Simulations

By Adrian Sanabria

June 26, 2018

In this age of vendors offering simple solutions to complex problems, defenders need the ability to see past the glamour of marketing. That's where attack simulation technology can help, enabling use cases in the market that help answer pressing questions in enterprise security.

2018-06-21 05:38:49

Cover Your Bases: Areas to Focus on in Your Information Security Strategy

By Marcos Colón

June 21, 2018

Trustwave’s Karl Sigler discusses the state of cyber threats in 2018 and suggests what areas of your security strategy you should focus on to take proactive steps in measurably reducing risk within the business.

2018-06-19 05:14:31

Imagine If Security Solutions Understood Our Language

By Vijay Dheap

June 19, 2018

It's up to security professionals to infer security significance of all the events security solutions report. The first step to arriving at an answer to this intractable problem is teaching our security tools to understand us. Advancements in Natural Language Processing could help.

2018-06-14 05:06:03

The CISO of Yesterday, Today, and Tomorrow

By Marcos Colón

June 14, 2018

SAP CSO Justin Somaini discusses how the role of the CISO has evolved into what it is today, and what up and coming security leaders should prepare for once they take charge of a security program at a major organization.

2018-06-12 05:18:30

The Dark Web: What You Should Know and Why You Should Care

By Josue Ledesma

June 12, 2018

The dark web is one of those elusive subjects that can often get misinterpreted. We spoke to Reclamere's Connie Mastovich to get her expert take on what the dark web is, what risk it poses to companies, and how to protect yourself from it.

2018-06-07 05:01:57

Why is DNS Underutilized as a Security Tool?

By Marcos Colón

June 07, 2018

Farsight CTO Merike Kaeo discusses why DNS is still be underutilized as a security tool today, shares some examples of lessons-learned that could apply to you, and provides steps you can take to ensure you’re taking advantage of your DNS infrastructure.

2018-06-05 05:25:04

How to Make Sense of Attack Patterns

By Josue Ledesma

June 05, 2018

In this featured post, we speak to TrustedSec Founder Dave Kennedy who offers up advice on how you can set up your security department’s defenses to respond and defend against common attacks.

2018-05-31 05:00:29

Cybersecurity is at Negative Unemployment. But why?

By Marcos Colón

May 31, 2018

ISACA’s Rob Clyde discusses what’s leading cybersecurity to be at negative unemployment, but also shares how addressing issues in diversity, training, and education could go a long way in closing that talent gap.

2018-05-29 05:18:53

Don’t Follow the Herd When it Comes to Security Purchasing Decisions

By Ed Moyle

May 29, 2018

When it comes to making security purchasing decisions, many practitioners tend to follow the crowd. But given the variables tied to making those decisions, that may not be the best route to go. Here's why.

2018-05-24 05:33:11

How to Speak the Business of Security Effectively

By Marcos Colón

May 24, 2018

Cisco's Edna Conway shares her insight on what infosec leaders can do to ensure that security becomes an active discussion about the way you operate within the business, rather than an added bolt-on feature.

2018-05-22 06:16:00

Are You Confident in Enterprise Artificial Intelligence?

By Vijay Dheap

May 22, 2018

If you work in security, you've heard of AI and the "game-changing" promises of its models. How secure is AI, though, and what can organizations do to ensure AI isn't another breachable vulnerability?

2018-05-17 05:15:27

What is Attack Driven Development?

By Marcos Colón

May 17, 2018

Bugcrowd’s Keith Hoodlet outlines the importance of attack driven development and offers up the key steps security practitioners should take for this approach to have a positive impact on their overall security strategy.

2018-05-15 06:16:00

Crisis Communications in a Headline-Driven World

By Katherine Teitler

May 15, 2018

Media communication in the face of a cybersecurity incident often gets the shaft in favor of incident handling, but what you don't handle can come back to haunt you.

2018-05-10 05:02:37

How Security Leaders Can Get Proactive with Their Comms Departments

By Marcos Colón

May 10, 2018

Uber’s Melanie Ensign discusses the relationship between the communications function and infosec teams and offers up some uncommon communication tips for security leaders that may have a skewed view of the communications department within their organization.

2018-05-08 06:16:00

A Look at the Current State of Mobile Security

By Aaron Turner

May 08, 2018

Enterprise security practitioners can greatly improve their network security posture, if only they would take the time to right-size mobile security policies.

2018-05-03 05:23:39

How the 'Fog of More' Bogs Down Infosec Pros

By Marcos Colón

May 03, 2018

Given the troves of education information, training, and technology available to security professionals, you’d think they’d be a step ahead of malicious actors. But this overabundance of information may actually be causing more harm than good. Here’s what one expert had to say about the “fog of more.”

2018-05-01 06:16:00

ISACA Workforce Development Report Highlights Need for More & More Qualified Security Employees

By Katherine Teitler

May 01, 2018

Cybersecurity staffing requires more than simply finding enough people to accomplish tasks.

2018-04-26 05:29:15

Are You Taking the Right Approach to Threat Intelligence?

By Marcos Colón

April 26, 2018

Are you taking the right approach when it comes to threat intelligence? We caught up with one subject matter expert that provides some uncommon tips on developing a successful threat intelligence program.

2018-04-24 06:16:00

How to Manage Your Security Post-Conference Inbox

By Katherine Teitler

April 24, 2018

Cybersecurity conferences often lead to inbox overload, but they don't have to if the onsite experience is managed correctly.

2018-04-19 05:28:30

Are You Over- or Under-Investing in Cybersecurity?

By Marcos Colón

April 19, 2018

We caught up with one CISO that shares his advice on what security leaders can do to ensure they're taking the right approach to budgeting as it relates to their overall security strategy.

2018-04-17 06:16:00

Cybersecurity Executives Misalign Concerns with Actions

By Katherine Teitler

April 17, 2018

Cybersecurity teams seem to understand their biggest areas of challenge, yet the action to put effort behind remediating those problems falls short.

2018-04-12 06:02:05

How to Proactively Hunt for Cyber Threats

By Marcos Colón

April 12, 2018

InfoSec Insider catches up with one threat expert who discusses why security professionals should consider a proactive threat hunting model, and outlines how they can take that approach.

2018-04-10 06:16:00

Cloudy With a Chance of Shared Security Responsibility

By Katherine Teitler

April 10, 2018

Today, most reputable cloud service providers are security conscious, yet users remain responsible over many—but varying—aspects of information security. Here, we take a look at the three most common public cloud models that should be on your radar.

2018-04-05 06:16:00

How to Avoid Becoming the Security Scapegoat

By Katherine Teitler

April 05, 2018

When a company falls victim to a cyber incident, security personnel are often in the line fire--especially when they've focused only on the technical side of the job. Here we provide some tips that can lessen the chances that any one person will bear the absolute blame.

2018-04-03 06:16:00

Five Cyber Risks Your Organization is Likely to Encounter

By Katherine Teitler

April 03, 2018

Today's threat landscape is like a tentacled sea monster that security practitioners have to battle on a daily basis. In this feature story, we highlight the top five most likely cyber risks to organizations today.

2018-03-29 06:16:00

The Top 10 Talks from InfoSec World 2018

By Katherine Teitler

March 29, 2018

Another year, another successful InfoSec World in the books. While we're sad it's over, here's a brief look at the best-attended talks at this year's show.

2018-03-27 06:16:00

NIST Addresses IoT Security Concerns as Lawmakers Float Certification

By Katherine Teitler

March 27, 2018

With more everyday products being built with internet connectivity capabilities, cybersecurity practitioners have become concerned about the security and privacy of those devices. The state of IoT security is pretty grim, but will proposed guidance and regulations improve processes?

2018-03-22 06:24:19

The Challenges of Measuring Information Security Performance Today

By Marcos Colón

March 22, 2018

InfoSec Insidercatches up with NSS Labs CEO Vik Phatak who discussed what the state of measuring security performance is today, what approach practitioners should be taking, and the common mistake that security pros make when it comes to purchasing security solutions.

2018-03-20 06:16:00

Third-Party Vendor Relationships are Risky Business

By Katherine Teitler

March 20, 2018

While third-party vendor relationships can provide tremendous benefits, partnering does not relieve the primary organization of its security and compliance obligations.

2018-03-16 06:16:00

The Security Game Needs to Change if you Want Developers to Play

By Matias Madou

March 16, 2018

Secure Code Warrior's Matias Madou shares how security and development teams can come together for better collaboration.

2018-03-15 06:16:00

A Brief Guide to Cybersecurity for SMBs

By Katherine Teitler

March 15, 2018

Small- and medium-sized companies must be vigilant about cybersecurity--even if they don't have the staff to handle it internally.

2018-03-13 06:16:00

Zero Trust: Not New, but Breaking into the Security Scene in a Big Way

By Katherine Teitler

March 13, 2018

Zero trust networking was introduced by Forrester Research back in 2009, but only recently has it gained great strides.

2018-03-12 06:16:00

Surviving the Walking Dead: Fending off Social Zombies at InfoSec World

By Tom Eston

March 12, 2018

IoT, home automation, government surveillance, and new privacy regulations all pose a challenge to your organization, but you don't have to let those challenges eat you alive.

2018-03-08 06:16:00

Privileged Identities: Who's Watching the Watchers?

By Katherine Teitler

March 08, 2018

Jonathan Sander addresses why security teams fail at controlling privileged identities, and what they should be doing that won't upset the apple cart.

2018-03-06 06:16:00

Will Net Neutrality Impact the Security Tools Market?

By Katherine Teitler

March 06, 2018

The revocation of Net Neutrality won't impact enterprise security strategy, but it could effect the security tools market. Possibly.

2018-03-01 06:16:00

Key Questions to Ask Your Cybersecurity Recruiter

By Katherine Teitler

March 01, 2018

There is no question that the cybersecurity job market is hot, but not any old recruiter is suited to help you with your hiring needs.

2018-02-27 06:16:00

Learning to Make Better Decisions About Cybersecurity

By Katherine Teitler

February 27, 2018

Tony Sager hopes security practitioners don't view the CIS Controls as "just another checklist."

2018-02-22 06:16:00

Negotiating Today’s Shadow IT Labyrinth

By Katherine Teitler

February 22, 2018

The rise of the "citizen developer" may be a blessing for organizations looking to create efficiencies, but could become a curse for security teams if not handled properly.

2018-02-20 06:16:00

Facing GDPR, Even if You’re Late to the Game

By Katherine Teitler

February 20, 2018

Tackling GDPR means knowing where all your data reside, even if they're outside of your direct control. Here we take a look at how you can tackle this initiative even if you're a bit late given the time of year and when the regulation goes into effect.

2018-02-15 06:16:00

Six Tips for Shoring Up Your SMB Security Strategy

By Katherine Teitler

February 15, 2018

SMBs can’t just throw up their hands at cybersecurity, despite a probable dearth of resources. Since most aren't likely to magically receive a multimillion dollar cybersecurity budget windfall, we've provided our top 6 tips for how to manage security on a limited budget.

2018-02-13 06:50:59

Phishing Scams: Fact or Fiction?

By Karl Sigler

February 13, 2018

Phishing attacks aren't going anywhere any time soon. In fact, these scams have only grown in popularity among attackers. This helpful article dispels the four common phishing myths to help employees and outside partners be even more adept at identifying these crimes.

2018-02-08 06:16:00

Four Ways to Improve Security Testing Outcomes

By Katherine Teitler

February 08, 2018

Security testing must be about more than finding vulnerabilities and remediating them. In this feature article we take a look at four proven ways that you can improve your security testing outcomes.

2018-02-07 06:16:00

Got Data Junk?

By Ben Rothke

February 07, 2018

When it comes to old or no-longer-useful corporate data, you can't just hit "delete." Effective electronic data disposal and destruction requires a much more pragmatic and centralized approach.

2018-02-06 06:16:00

Selling Security Metrics to the Board of Directors

By Katherine Teitler

February 06, 2018

For security metrics to be relevant to the board of directors, security teams must tell the story of how those metrics are supporting business goals. How to accomplish this is no easy task.

2018-02-02 06:16:00

Lessons Learned from Running Which Also Apply to a Career in IT

By Jeremy Finke

February 02, 2018

What do running and your career in information technology/information security have in common? At first glance, not a whole lot. But with a couple of quick examples, I think we will find some similarities.

2018-02-01 06:16:00

5 Ways to Make Your IR Plan Actionable

By Katherine Teitler

February 01, 2018

If you're looking to ensure that your cyber incident response plan doesn't turn into shelfware, here are five ways to make it actionable.

2018-01-31 06:16:00

Analyzing Your Government Contract Cybersecurity Compliance

By Robert Jones

January 31, 2018

If you're a government contractor or a government entity hiring contractors, you need to know the ins and outs of the new FAR and DAR Councils' cybersecurity rules for government contractors.

2018-01-30 06:16:00

Have Point Solutions Reached End of Life?

By Katherine Teitler

January 30, 2018

The infosec tools market can be overwhelming with its abundance of options. How do you choose the best tool for your environment? This informative article will help point you in the right direction.

2018-01-25 06:16:00

Learning to Influence Without Authority

By Katherine Teitler

January 25, 2018

CISOs may have a highly-respected job title, but earning influence with business peers is a more significant challenge.

2018-01-24 06:16:00

From Trapping to Hunting: Intelligently Analyzing Anomalies to Detect Network Compromises

By Giovanni Vigna

January 24, 2018

Is your organization adequately equipped to identify anomalous patterns across the network? If you're doubtful, it may be time to try out alternative models that will help you detect previously unknown attacks.

2018-01-23 06:16:00

How Artificial Intelligence Fits into Your Cybersecurity Strategy

By Katherine Teitler

January 23, 2018

Artificial intelligence expert, Vijay Dheap, helps separate fact from fiction and provides guidance for companies looking into using AI as part of the defensive security strategy.

2018-01-18 06:16:00

Be Mindful of the Password-Storing Mechanism You Choose

By Katherine Teitler

January 18, 2018

Browser password-saving tools are convenient and may allow account holders to apply stronger passwords, but they're not security tools.

2018-01-16 06:16:00

The Art of Aligning Security Goals with Business Goals

By Katherine Teitler

January 16, 2018

To help security leaders find new ways to better align with business colleagues, we turned to two experts to find out how they’re constantly maneuvering between technical requirements and fueling business priorities.

2018-01-11 06:54:31

Psyber Intelligence Part 2: Hacking Social Intelligence

By Lance James

January 11, 2018

Given today’s content-driven society, it benefits cybersecurity and threat intelligence practitioners to gain some understanding of the psychological strategies and exploitation techniques within the intelligence and counterintelligence tradecraft.

2018-01-09 06:16:00

The Latest Infosec Vulnerability Meltdown: From the Viewpoint of a Cloud Researcher

By Katherine Teitler

January 09, 2018

In this follow-up article, cloud researcher Mark Nunnikhoven gives us his take on the Meltdown and Spectre vulnerabilities, which can exploit flaws in modern processors. Nunnikhoven provides us with the potential implications that you should take note of.

2018-01-08 06:16:00

The Latest Infosec Vulnerability Meltdown: From the Viewpoint of a Security Consultant and Entrepreneur

By Katherine Teitler

January 08, 2018

An interview with industry veteran Aaron Turner that helps demystify the probable consequences of Meltdown and Spectre, the two headline-grabbing security vulnerabilities capable of exploiting critical vulnerabilities in modern processors. Turner breaks down what you should do.

2018-01-04 06:16:00

Security New Year’s Resolutions

By Katherine Teitler

January 04, 2018

Working in the field of cybersecurity can be extremely rewarding, but it can also be extremely stressful and lead to burnout, if you let it.

2018-01-02 06:09:00

What It Means To Do DevOps

By Marcos Colón

January 02, 2018

One expert discusses the growing importance of DevOps within the enterprise, the initial steps organizations should be taking to implement a DevOps approach, and how to get buy-in from key stakeholders.

2017-12-29 06:12:00

News in a Minute Weekly Roundup | Dec. 29

By Marcos Colón

December 29, 2017

Here’s a look at some of the top news stories that wrapped up 2017. Major items included a critical vulnerability patched by Mozilla, Nissan Canada announcing a data breach that impacted more than one million customers, and hackers targeting a zero-day vulnerability in Huawei home routers.

2017-12-28 06:30:00

6 Things Security Practitioners Should Know About the SOC

By Katherine Teitler

December 28, 2017

The security operations center is a critical element of running a situationally aware security organization. Unfortunately, many companies today don’t have the resources to form one.

2017-12-26 06:12:00

Readers Choice: Top 10 InfoSec Insider Articles of 2017

By Marcos Colón

December 26, 2017

You picked them! Here's a look at the most read articles published on InfoSec Insider in 2017. From CASB to threat intelligence, you'll find a unique mix of some engaging content that answers some of your pressing questions.

2017-12-22 06:12:00

News in a Minute Weekly Roundup | Dec. 22

By Marcos Colón

December 22, 2017

With so much going on in the office last week, here’s a look at some of the top stories you may have missed, including claims that Uber may have illegally accessed its competitors’ networks, Kaspersky Lab asking a court to overturn the Trump Administration’s ban of its software, and more.

2017-12-20 06:56:20

The Pros and Cons of Leveraging OSINT Tools

By Marcos Colón

December 20, 2017

A threat intelligence expert shares his experiences and advice when it comes to leveraging OSINT tools, highlighting the benefits to security organizations, but also discussing the legal ramifications one could face by accessing them.

2017-12-18 05:56:00

How to Mitigate Cyber Risks through Cyber Insurance

By Katherine Henry & Brendan Hogan, Bradley Arant Boult Cummings LLC

December 18, 2017

Cybersecurity professionals can provide valuable input in their companies’ procurement of cyber insurance, and should be involved in all phases of cyber insurance procurement and management. Here are some important areas you should focus on.

2017-12-15 06:12:00

News in a Minute Weekly Roundup | Dec. 15

By Marcos Colón

December 15, 2017

A roundup of the top news stories in information security this week, including researchers exploiting a critical vulnerability that easily unlocks a popular gun safe, and a new bill threatening jail time for failing to disclose a data breach within 30 days.

2017-12-14 07:46:00

GDPR is Looming, and Companies are Laissez-faire

By Katherine Teitler

December 14, 2017

Companies can use GDPR as a way to shore up lax security controls and processes.

2017-12-13 05:57:35

How to Leverage Structured Analytic Techniques in Threat Intelligence

By Marcos Colón

December 13, 2017

Security professionals are over the hype surrounding threat intelligence. Now, they're aiming to find better ways to operationalize it. In this interview with Digital Shadows' Rick Holland, he explains why structured analytic techniques are an effective way to make sense and leverage your threat intelligence data.

2017-12-12 06:16:00

Hacked Websites: How Weak Security Impacts Us All

By Todd O'Boyle

December 12, 2017

Attackers are increasingly targeting vulnerable WordPress websites to prey on innocent users...because it's easy.

2017-12-11 07:46:00

Choosing the Infosec Career Path That’s Right for You

By Katherine Teitler

December 11, 2017

Choosing the right infosec career path might not be cut and dried, but certain personalities may be a better for for some roles.

2017-12-08 06:12:00

News in a Minute Weekly Roundup | Dec. 8

By Marcos Colón

December 08, 2017

A roundup of the top news stories in information security this week, including the UK warning its government agencies to steer clear of Kaspersky Lab products, PayPal dealing with a data breach, and NIST's latest Cybersecurity Framework draft.

2017-12-06 06:46:00

Canary Management…I Mean Change Management

By Joshua Marpet

December 06, 2017

Your change management process is tightened up and locked down, right? No, well, read on.

2017-12-04 07:46:00

Despite Technology Advances, Cybersecurity Programs Aren’t Keeping Pace

By Katherine Teitler

December 04, 2017

Cybersecurity teams have made advances against modern-day adversaries, but not at the pace they need to be to make a true impact against exponentially growing threats.

2017-12-01 06:12:00

News in a Minute Weekly Roundup | Dec. 1

By Marcos Colón

December 01, 2017

A roundup of the top news stories in information security this week, including an emergency security patch issued by Apple, a new variant of Mirai making the rounds, and a data breach impacting 1.7 million accounts.

2017-11-30 07:46:00

Artificial Threat Intelligence: Using Data Science to Augment Analysis

By Lance James

November 30, 2017

Data science can help analysts make more informed threat intelligence decisions...but only if it's integrated correctly.

2017-11-29 07:46:00

Becoming a Transformational CISO

By Katherine Teitler

November 29, 2017

Qualys's Mark Butler shares why CISOs must be more than security practitioners who keep their organization's data safe.

2017-11-27 07:46:00

The Rise of the Virtual Cyber Security Leader

By Dominic Vogel

November 27, 2017

Learn why the virtual CISO is quickly becoming an attractive option for enterprises.

2017-11-24 06:12:00

News in a Minute Weekly Roundup | Nov. 25

By Marcos Colón

November 24, 2017

A roundup of the top news stories in information security this week, including a massive data breach that Uber disclosed after nearly one year after attempting to conceal it and a new reporting detailing the increasing damage costs tied to ransomware.

2017-11-21 07:46:00

How I Became a Senior Software Architect

By Katherine Teitler

November 21, 2017

Infosec Insider learns how practitioners from across the cybersecurity industry came into their current security role.

2017-11-20 07:46:00

The Business Benefit of Backups

By Katherine Teitler

November 20, 2017

There are many reasons organizations don’t back up systems correctly, but are any of them good reasons?

2017-11-17 06:12:00

News in a Minute Weekly Roundup | Nov. 17

By Marcos Colón

November 17, 2017

A roundup of the top news stories in information security this week, including a slew of vulnerabilities addressed by Microsoft and Adobe, researchers claim to have cracked the new iPhone X's Face ID, and more.

2017-11-16 07:46:00

SSL/TLS Assurance

By Ed Moyle

November 16, 2017

TLS is the cornerstone of secure communications for networked communications, but are you implementing and maintaining it correctly?

2017-11-15 07:46:00

We Don’t Need More Security Awareness Training

By Katherine Teitler

November 15, 2017

Security awareness works, so why isn't it helping our enterprise become more secure?

2017-11-13 07:46:00

Why Do Data Breach Disclosures Take So Long? Let's Ask the SEC Chairman

By Shawn E. Tuma

November 13, 2017

Security pros act incredulous when they hear of a delayed breach disclosure, but is it wrong?

2017-11-10 06:12:00

News in a Minute Weekly Roundup | Nov. 10

By Marcos Colón

November 10, 2017

A roundup of the top news stories in information security this week, including a phony version of WhatsApp being downloaded more than one million times from Google Play, a big acquisition in the security space, and an Anonymous hacker seeking asymlum in Mexico.

2017-11-09 07:46:00

Google Pushes “Prompt” as Second Factor Security Verification

By Katherine Teitler

November 09, 2017

Two-factor authentication works; why aren't more enterprises requiring it as a default security measure?

2017-11-08 07:46:00

Trump’s Twitter Deactivation Reminds Us to Check Our Change Management

By Katherine Teitler

November 08, 2017

One rogue employee or unauthorized user can significantly impact your organization's information security risk...if you let them.

2017-11-06 05:08:21

Upstream Disconnect: Why CISOs and the Board Aren’t Seeing Eye to Eye

By Marcos Colón

November 06, 2017

After conducting 80 interviews with security leaders and board members, these two experts discuss the findings of their research and offer a rare window into how each group viewed progress and setbacks in their oversight of cyber risk.

2017-11-03 06:12:00

News in a Minute Weekly Roundup | Nov. 3

By Marcos Colón

November 03, 2017

A roundup of the top news stories in information security this week, including a USB stick containing sensitive Heathrow security data found on the street, FireEye releases a password cracking tool for free, and Apple finally addresses the KRACK flaw.

2017-11-02 07:46:00

The ACDC Act Would Take Defenders’ Eyes Off Real Cyber Defense

By Katherine Teitler

November 02, 2017

The Active Cyber Defense Certainty Act could have negative impacts on defenders' security efforts.

2017-11-01 07:46:00

The Cyber Professional’s Personality Profile

By Dominic Vogel

November 01, 2017

To get the most out of your relationship with your CISO, it will be helpful for you to understand what makes them tick.

2017-10-30 07:46:00

Why A Lower Cost Per Data Breach Isn’t Cause for Celebration

By Katherine Teitler

October 30, 2017

A look at what the Ponemon "Cost of Data Breach" study tells us about how to prepare for a data breach or cybersecurity incident.

2017-10-27 06:12:00

News in a Minute Weekly Roundup | Oct. 27

October 04, 2017

Dave Lewis, Global Security Advocate at Akamai Technologies, explains why organizations need to build the security program around people and processes.

2017-10-02 07:46:00

States Push for Consumer Protection in Credit-Related Data Breaches

July 31, 2017

We’ve all heard about the security staffing shortage; it attracts a lot of press and is hard to ignore. If you’re currently working for an organization that is not hiring, you, yourself, might be receiving regular calls from recruiters about one of the estimated 1 million open positions. Maybe you’re even covertly scoping out your next job opportunity.

2017-07-28 07:41:00

News in a Minute Weekly Roundup | July 28

By Marcos Colón

July 28, 2017

A roundup of the top news stories in information security this week, including a massive security breach that resulted in more than 5 million stolen Social Security numbers.

2017-07-27 07:48:16

How to Tackle the Expo Floor at Infosec Conferences

By Marcos Colón

July 27, 2017

In this exclusive video interview, Mike Spanbauer, VP of Security Test and Advisory, provides some helpful tips to security professionals when it comes to vetting security technology.

2017-07-26 07:46:00

Revisiting the Security Roadmap

June 20, 2017

Government decisions and the passage of new laws are slow moving, which is just one of the reasons outdated laws are governing current technology usage.

2017-06-19 07:46:00

Incident Response is About More Than Responding to Incidents

May 23, 2017

Unless you’ve been living under a rock, you’ve heard about the WannaCry Ransomware attack.

2017-05-22 07:46:00

Malicious Insiders Are a Huge Problem But You Have a Bigger Issue

May 09, 2017

In this video interview Josh Pyorre, security researcher at OpenDNS, discusses his approach to detecting threats.

2017-05-08 07:46:00

Building a Better Security Industry

By Katherine Teitler

May 08, 2017

How often have you heard the term “cultural fit” as it relates to employees of your or another’s place of employment?

2017-05-05 07:46:00

Compromised Credentials and Financially-Motivated Attacks Top the 2017 DBIR

By Katherine Teitler

May 05, 2017

The issuance of the DBIR has become an industry event of sorts, giving people the opportunity to carefully examine and argue the finer points against that which they see in their environments.

2017-05-03 07:46:00

Does the U.S. Need a Data Protection Authority?

By Katherine Teitler

May 03, 2017

When the House recently voted to overturn a proposed ruling that would have limited internet service providers’ ability to share and sell customer data, cries of “foul” were heard.

2017-05-02 18:02:02

Why Secure Data Logistics Provides Optimum Visibility

By Marcos Colón

May 02, 2017

Security experts David Etue and Christopher Ensey discuss their research into secure data logistics.

2017-05-01 07:46:00

Speaking to Malware: A New Approach to Combat Attacks

By Todd O’Boyle

May 01, 2017

Cyber attackers need persistent access to your company’s network, systems, and users to steal from you. The good news is that persistence can also be used against attackers.

2017-04-28 11:05:00

Why Innovation is the Key Ingredient to Establishing a Resilient Enterprise

By Marcos Colón

April 28, 2017

Jim Routh, CSO at Aetna, discusses the importance of focusing on the "three Ts of security" and highlights the most important things security executives must do to succeed.

2017-04-26 13:46:00

Pen Testing is Dead. Long Live Pen Testing

By Mike Landeck

April 26, 2017

A few years ago I was working with one of the savviest executives I have ever known. No one could negotiate a deal like he could.

2017-04-25 07:46:00

A Look at Security Leaders’ Priorities

By Katherine Teitler

April 25, 2017

There’s a phrase that’s oft repeated when a person is trying to understand what’s on the mind of and what motivates another person: What keeps you up at night?

2017-04-24 13:46:00

Running Security Operations Agilely

By Kristy Westphal

April 24, 2017

How, then, do security operations run better with Agile? DevOps, DevSecOps, and Agile all imply pretty big changes to your organization.

2017-04-20 13:46:00

Putting The Brakes On Hacked Cars

By Chris Hardee

April 20, 2017

Your average car has between 3 million and 10 million bugs buried somewhere within its code, but some carmakers are making an effort to update their cars.

2017-04-19 13:46:00

What Do You Do When the Tech Hits the Fan?

By Joshua Marpet

April 19, 2017

New technology is impressive, but sometimes it’s not available or just plain doesn’t work. Legwork, investigation, and following leads are skills security pros can’t forget to practice and use.

2017-04-18 13:51:53

What You Need to Know About Cyber Liability Insurance

By Marcos Colón

April 18, 2017

In this video interview with Risk Based Security CISO Jake Kouns, he offers up some helpful advice to security professionals on cyber insurance, and sheds light on its biggest misconception.

2017-04-17 22:33:42

Assessing Cryptographic Systems

By Ed Moyle

April 17, 2017

There are technologies operating in our environments that we tend not to pay attention to unless there’s a problem.

2017-04-14 13:46:00

Why Security Managers are Afraid of the Cloud

By Katherine Teitler

April 14, 2017

Cloud computing has become a ubiquitous part of today’s business operations. Though the cloud is not security practitioners’ favorite tool in the toolbox, it is here to stay.

2017-04-12 13:46:00

Staying in Front of the Development Lifecycle is the Key to Secure Apps

By Katherine Teitler

April 12, 2017

With the average number of web apps in use by organizations on the rise, unpatched vulnerabilities heighten risk, not just for specific users of that application, but for the entire organization.

2017-04-11 13:46:06

Fail vs Finished: The Difference Between Information and Intelligence

By Lance James

April 11, 2017

The majority of threat “intelligence” you receive and attempt to operationalize successfully currently isn’t intelligence at all; it’s simply information!

2017-04-10 08:00:00

Tips for Managing Diverse Personalities on Your Security Team

By Katherine Teitler

April 10, 2017

A security team—just like any functional area team—is made of up unique individuals with distinct personalities and working styles.

2017-04-04 07:00:00

Why Visibility is The CISOs Biggest Challenge

By Marcos Colón

April 04, 2017

The hurdles chief information security officers face today are more daunting than ever, given the evolving threat landscape, but most importantly, the current state of technology within the enterprise.

2017-04-03 08:00:00

Secure Data Logistics: How Information Security can Learn from Armored Cars

By David Etue

By Katherine Teitler

March 22, 2017

As if protecting organizational systems from data theft and abuse weren’t a big enough challenge, “Poor cybersecurity hygiene is now having life-altering effects” says one industry expert.

2017-03-21 08:00:00

What is the Best Security Framework for your Business?

By Dominic Vogel

March 21, 2017

Cybersecurity frameworks are quite similar to relationships—you get out of them what you put into them. To some extent, we have all waded into the waters of cybersecurity frameworks.

2017-03-20 08:00:00

Preinstalled Mobile Malware Highlights Need for 3rd Party Risk Assessments

By Katherine Teitler

March 20, 2017

Consumer-grade mobile devices have been inserted into corporate environments while security teams are forced to sit on the sidelines of decision making.

2017-03-17 08:00:00

Machine Learning and Cyber Hunting for All Organizations

By Kris Lovejoy

March 17, 2017

As organizations around the world are dealing with the sophistication of today’s hackers, they are recognizing that proactive approaches are needed to address advanced cyber threats.

2017-03-16 08:00:00

What Keeps a Chief Privacy Officer Up at Night

By Katherine Teitler

March 16, 2017

The majority of people don’t even know every place their personal information has been provided or acquired, and it’s this quagmire that keeps privacy officers up at night.

2017-03-15 08:00:00

Secure Development for the Cloud

February 08, 2017

It would be somewhat of an understatement to say that methods of communication have changed over the last 31 years. Yet in that time, laws pertaining to the privacy of those new types of communication have remained stuck in the past.

2017-02-08 08:31:00

The Phishing Kill Chain

By Ira Winkler

February 08, 2017

As a person who currently focuses on security awareness, hearing about or witnessing successful phishing attacks is frustrating. What is more frustrating is listening to security professionals blame users for falling for a phishing message instead of looking at themselves.

2017-02-07 08:31:00

Leadership Lessons from the Orchestra

By Katherine Teitler

February 07, 2017

Leadership is a lot like playing in an orchestra. For those less familiar with an orchestra setting, let me explain. The basics: A traditional orchestra is made up of strings, woodwinds, brass, and percussion, plus keyboards.

2017-02-06 08:31:00

We Should Talk More!

By Joshua Marpet and Scott Lyons

February 06, 2017

Technologists are the bedrock of IT and IT security. They innovate, create, build, implement, maintain, and decommission the most amazing software and hardware systems ever compiled.

2017-02-03 08:31:00

What Happens When the President Insists on an Unsecure Device?

By Katherine Teitler

February 03, 2017

The President of the United States is apparently using an Android phone, and likely an outdated version, at that. Despite reports that the newly inaugurated president was, in typical fashion, offered a “secure, encrypted device approved by the Secret Service,” it appears Mr. Trump prefers his own personal device. Don’t we all?

2017-02-02 08:31:00

Signs You’ve Been Breached

By Katherine Teitler

February 02, 2017

It’s true that cyberspace is growing by the day, and as companies and individuals add more information to internet-accessible sources, the risk of compromise of that data grows in parallel. With this greater risk comes more responsibility.

2017-02-01 08:31:00

Risk v Threat: Threat Intelligence Exposed

By Katherine Teitler

By Katherine Teitler

September 27, 2016

As a first time DerbyCon goer, I didn’t quite know what to expect. In its sixth year, DerbyCon is well known throughout the security community, and I’ve worked with several of the speakers, a few of the organizers, and met many security vendor representatives at MISTI and past-job events.

2016-09-26 17:00:00

Be a Better Social Engineer and Security Manager

By Katherine Teitler

By Jack Jones, EVP of Research & Development and co-founder at RiskLens

December 21, 2015

Would you ride on a space shuttle mission if you knew that the scientists and engineers who planned the mission and built the spacecraft couldn't agree on the definitions for mass, weight, and velocity?