Tag: CISO
Previously, I talked about the elegant beauty in offloading parts of your risk portfolio in four distinct ways. The logic is to streamline the company’s mitigation efforts and allow you to focus more time and investment where it matters most—on the unique risks inherent to the business. But there is a fifth element, and it is…
Read MoreYou’re a chief information security officer (CISO) who’s managing the security requirements for your organization’s value chain. As a former CISO (and current virtual CISO to several companies), I know that’s one of the core functions of our role. How do you know you’re doing a good job? How would you evaluate your performance? The…
Read MoreIt’s important for the fashion-conscious hacker to know what’s on trend! Here’s a preview of APT Group Purple Aardvark’s summer line—a few hits, some misses. Source link lol
Read MoreIn the F5 and Ponemon report, The Evolving Role of CISOs and their Importance to the Business, security leaders were asked to rank their top threats to their security ecosystem. The number one answer was advanced persistent threats (ranked 8.8 out of 10). We’ve already talked about why CISOs should manage the most likely damaging…
Read MoreOnce upon a time I was a security consultant. I was assigned to review the firewall configuration for a sizeable Seattle startup of about 800 employees. They were in the business of hosting websites for thousands of small businesses across the world and therefore had a somewhat complex Internet connectivity setup. I sat down and…
Read MoreThere’s an old joke that a job in security is a safe place to be grumpy. From what I’ve seen over my career, that is often true. Security people seem to cherish their reputation for being pessimistic and untrusting. Some take it further and cast their disdain upon the users, who obviously need to be…
Read MoreBecause of an international criminal act, you can get a cheap morning latte. Historically, the country of Yemen had a monopoly on coffee, forbidding the export of the plants and seeds—their intellectual property. However, in 1616, a Dutch merchant managed to smuggle out a few coffee plants from the city of Mocha in Yemen. Holland…
Read MoreThe first time I heard about distributed brute-force login attacks was from master web application firewall (WAF) administrator Marc LeBeau. At the time he was defending a hotel chain against attackers who were brute-force guessing customer passwords and withdrawing hotel points. According to LeBeau, there’s a popular attack vector among brute-force attackers right now that…
Read MoreI would like to present as Exhibit A, this snippet culled from a 2018 survey on security:1 “Almost half of the business management team (48 percent) believes that app performance and speed are more important than security, whereas 56 percent of IT management ranked performance and security as equally important. 65 percent of companies…
Read MoreAllow me to nitpick for a moment: There’s a difference between data and information. Data are the facts or details from which information is derived. As such, standalone pieces of data are rarely useful. It’s not really information until data points are connected with context to tell a story. This nuance is more relevant than…
Read More