Tag: CISO

There's often a gap between what we say we need for an effective security posture, and what we actually do. Examining the gaps between "best practices" and reality helps us get to more tangible results. Source link lol

Read More

The discovery of a significant container-based (runc) exploit sent shudders across the Internet. Exploitation of CVE-2019-5736 can be achieved with “minimal user interaction” it subsequently allows attackers to gain root-level code execution on the host. Scary, to be sure. Scarier, however, is that the minimal user interaction was made easier by failure to follow a…

Read More

As it’s been said, we’re trying to have a civilization here. So, what is the foundation of a society? Is it the economy? Personal relationships? Employment? Institutions like a legal system or a free press? I would argue that the cornerstone underlying all of those is trust—and trust’s corollary, reputation. Because nothing really works without…

Read More

In this series, we examine how the reality of a security program differs from the perception some security practioners hold. To do this, we’re focusing on four specific gaps that can weaken security defenses and instigate security incidents. For example, consider the rising number of cloud breaches caused by engineers disabling basic access control, either…

Read More

At the beginning of this year, we invited security leaders to talk about their past failures and the lessons they wanted to pass on. We called it If we had to do it again, and people really liked it. A number of folks approached me wanting to tell their stories as well; so a month…

Read More

At RSA Conference 2019, F5 Labs’ Preston Hogue sat down with Information Security Media Group to give a video interview on the importance of actionable threat intelligence to DevSecOps professionals. In particular, Hogue explores the challenge presented by DevSecOps itself, and the rise of application-focused threat intelligence. You can see the full video article published…

Read More

As we’ve seen in this series, security defenders’ perception of a security program can differ from the reality. Part 1 examined three key gaps that lead to incomplete risk management processes. Part 2 explored the gap in critical areas of perception of risk and defense between security leadership and security technicians, and how it can…

Read More

This move to container-based development and agile methodologies has been great for innovation and iteration, but it’s also brought a massive shift in the application landscape with real impact on security teams. In just the past year or two, DevOps has become much more mature. Today we need to understand risks and implement controls not…

Read More

To both understand and keep pace with evolving cybercriminal mindsets, many businesses are fighting fire with fire – in other words hiring hackers for help. In fact, large corporations such as Airbnb, PayPal and Spotify, recently revealed that they have willingly spent over £38M on ethical hackers to tighten their cyber defences and avoid crippling…

Read More

As the Chief Information Security Officer at F5, it is my pleasure to welcome you to F5 Labs’ CISO to CISO section. This is an arena for frank and transparent discussions on all aspects of running an information security program. We’ll discuss topics like technical guidance on mitigating specific risks, as well as broader perspectives…

Read More