People: The Critical Element in DevSecOps
In his talk, “DevOps is Automation, DevSecOps is People,” at the 2018 Security Congress in New Orleans, Mike Shema, CISO at Colbalt.io, said there needs to be a more collaborative approach when it comes to securing DevOps. The Classic DevOps Approach The increasingly popular buzzword “DevOps” means development and operations, ... Read More
Forgo the FUD to Prevent the Security Breach
How fear, uncertainty and doubt feed the false belief that security breaches can’t be avoided Coming off the heels of the Facebook breach news, it might sound downright crazy to suggest that breaches can be avoided. But no organization is destined to be a victim of ransomware or a denial-of-service ... Read More
Is Formal Education Critical for a Career in Cybersecurity?
A look at whether the need for more formalized education in the security sector is necessary The role of an ethical hacker is only one of the many career paths available in the cybersecurity industry, but it’s worth noting that more than half (58 percent) of hackers are self-taught, according ... Read More
Cyber War Games: Exercises to Improve Disaster Response
Threats against critical infrastructure and questions about election security have heightened cybersecurity concerns, raising the question of how businesses can better prepare themselves for the inevitability of a cyberattack. This increased focus on preparedness has given rise to a tactic long practiced by the government: cyber war game exercises. A ... Read More
What Security Leaders Can Do To Stay Relevant
During this year’s Exabeam Spotlight18 conference in Las Vegas, amid the conversations about building a modern SOC or a successful insider threat program, Steve Moore, chief cybersecurity strategist at Exabeam, discussed the relevance of being relevant as a security leader. Security teams often work in a bubble, overwhelmed and under-resourced, ... Read More
Corporate ‘Boot Camps’ and Other Ways to Find and Retain Security Talent
Security operations teams are drowning under a sea of alerts that aren’t quieting down anytime soon, and the threat of the growing skills gap has fomented lots of worry about how to fill the talent pipeline. A recent Ponemon study found that 75 percent of organizations report they have an ... Read More
Zero-day Threats: Has Detection Become Deception?
Whether it’s a vulnerability found in Microsoft Windows Task Scheduler service or attackers leveraging a cryptomining attack exploiting an Apache Struts flaw, zero-day threats continue to threaten enterprise security. As more vulnerabilities are reported, these threats create real-world problems for enterprise security. Zero-day threats are nothing new, but they are ... Read More
Why the Entire C-Suite is Responsible in a Data Breach
C-suite executives and IT cyber pros not seeing eye to eye on cybersecurity is a common concern, but when crisis strikes this lack of alignment can have potentially catastrophic, business-ending consequences. In fact, IBM’s 2018 “Cost of a Data Breach Study” found the average cost of a data breach is ... Read More
Demystifying Insider Threats
Insider threats are a growing concern for many organizations in large part because there is so much confusion around how they are defined. Security experts across all sectors interpret insider threats differently, thus assigning them different levels of risk. Accidents happen, and there certainly will be times when an email ... Read More
Cyber Kill Switch: The Good, the Bad and the Potentially Ugly
When WannaCry struck, companies across the globe feared they would be next until an unsuspecting hero emerged, sink-holing the worm with a kill switch. Since then, security defenders across all sectors have been trying to devise their own kill switch, acutely aware of the negative consequences that could come with ... Read More
