Tag: CISO
The discovery of a significant container-based (runc) exploit sent shudders across the Internet. Exploitation of CVE-2019-5736 can be achieved with “minimal user interaction” it subsequently allows attackers to gain root-level code execution on the host. Scary, to be sure. Scarier, however, is that the minimal user interaction was made easier by failure to follow a…
Read MoreAs it’s been said, we’re trying to have a civilization here. So, what is the foundation of a society? Is it the economy? Personal relationships? Employment? Institutions like a legal system or a free press? I would argue that the cornerstone underlying all of those is trust—and trust’s corollary, reputation. Because nothing really works without…
Read MoreIn this series, we examine how the reality of a security program differs from the perception some security practioners hold. To do this, we’re focusing on four specific gaps that can weaken security defenses and instigate security incidents. For example, consider the rising number of cloud breaches caused by engineers disabling basic access control, either…
Read MoreAt the beginning of this year, we invited security leaders to talk about their past failures and the lessons they wanted to pass on. We called it If we had to do it again, and people really liked it. A number of folks approached me wanting to tell their stories as well; so a month…
Read MoreAt RSA Conference 2019, F5 Labs’ Preston Hogue sat down with Information Security Media Group to give a video interview on the importance of actionable threat intelligence to DevSecOps professionals. In particular, Hogue explores the challenge presented by DevSecOps itself, and the rise of application-focused threat intelligence. You can see the full video article published…
Read MoreAs we’ve seen in this series, security defenders’ perception of a security program can differ from the reality. Part 1 examined three key gaps that lead to incomplete risk management processes. Part 2 explored the gap in critical areas of perception of risk and defense between security leadership and security technicians, and how it can…
Read MoreThis move to container-based development and agile methodologies has been great for innovation and iteration, but it’s also brought a massive shift in the application landscape with real impact on security teams. In just the past year or two, DevOps has become much more mature. Today we need to understand risks and implement controls not…
Read MoreTo both understand and keep pace with evolving cybercriminal mindsets, many businesses are fighting fire with fire – in other words hiring hackers for help. In fact, large corporations such as Airbnb, PayPal and Spotify, recently revealed that they have willingly spent over £38M on ethical hackers to tighten their cyber defences and avoid crippling…
Read MoreAs the Chief Information Security Officer at F5, it is my pleasure to welcome you to F5 Labs’ CISO to CISO section. This is an arena for frank and transparent discussions on all aspects of running an information security program. We’ll discuss topics like technical guidance on mitigating specific risks, as well as broader perspectives…
Read MoreThen there are the technical questions that need to be answered. What data will be captured, shared, and processed? What mobile platforms will the app run on? What server-side platforms will it need to talk to? Internal platforms? Third-party services? You also need to dig into the questions of expectations and dependencies. How important will…
Read More