Tag: CISO

We’re in an exciting time in our profession. There is a lot of new technology, a huge demand for our skills, and a bright future that promises only more work for us. Yet, this excitement is a two-edged blade. We often hear from peers about how hard it is to hire good security folks. My…

Read More

Previously, I’ve talked about four primary risk treatment options: mitigate, avoid, accept, and transfer. Over the history of the security industry, we’ve tended to focus on mitigation. Implementing controls is where the action is. As IT has largely become a consumption model, I would argue that risk transfer is catching up with mitigation and becoming…

Read More

Whether it’s coming from the business units or the IT organization, every company wants to pull off new tech initiatives to create business impact. Thus, we see new functionality. We think it’s cool. We introduce it.  …but then a user slips up because of some unforeseen slack in the system. When that happens, suddenly we’re…

Read More

Forward Secrecy’s day has come – for most. The cryptographic technique (sometimes called Perfect Forward Secrecy or PFS), adds an additional layer of confidentiality to an encrypted session, ensuring that only the two endpoints can decrypt the traffic.  With forward secrecy, even if a third party were to record an encrypted session, and later gain…

Read More

As I write this, the industry is still wagging its fingers at the latest big breach. But in the time that it takes to get this published, there could easily be another colossal security disaster that leaves large numbers of people’s private information exposed. And with every headline announcing a security failure comes the anger…

Read More

We’ve heard this story before: an employee leaves a laptop in their car and it gets stolen. In January 2018, 43,000 patients had their personal medical history exposed in this manner.1 In fact, stolen physical devices containing confidential data were the cause of over a million records leaked in 2017 alone. A recent article in…

Read More

With the explosive growth of the Internet of Things, and the increasing threat posed by botnets that leverage IoT, more must be done to ensure IoT devices include security by design, says David Holmes, principal threat researcher at F5 Networks. The Named Data Networking project can play a critical role, Holmes says in an interview with…

Read More

CISOs could always use more help, it’s as simple as that. As part of an upcoming report on protecting applications, F5 engaged Ponemon to survey security professionals. The survey found that 44% of respondents reported “lack of skilled or expert personnel” as the “main barrier to achieving a strong application security posture.” Our previous F5…

Read More

An orchard of cybersecurity law is growing in Asia. Now based in Singapore, your intrepid reporter is bumping into these cyber laws not as a participant (yet) but as an interested observer. Like the data-protection laws recently passed throughout the region, these cybersecurity regulations have a lot in common with each other. Singaporeans are known…

Read More

It’s inevitable. Every organization needs externally-developed applications to some degree or another. Increasingly, these apps are web-based and accessed over the Internet. As part of a forthcoming report on protecting applications, F5 commissioned a survey with Ponemon. In it, we asked security professionals what percentage of their applications (by category) were outsourced. The top answers…

Read More