The cyber-physical convergence is accelerating—and so are the risks
Cyber-physical attacks are on the rise. As the IoT creeps further into our daily lives, so does the attack surface. What can we do to keep ourselves safe? The original version of this post was published in Forbes. The fact that a cyber attack can have physical consequences is not ... Read More
Want to secure your apps? Build security in with the right toolchain
Having the right application security toolchain is the most effective way to build security in, which is critical to securing modern apps against attacks. Is it worth making more than a minimal effort to avoid data breaches? The answer ought to be obvious by now. As Tim Mackey, technical evangelist ... Read More
Bug bounties: A good tool, but don’t make them the only tool in security
Bug bounty programs are becoming more popular. Do they work? What are the pitfalls of crowdsourcing application security testing? Our experts weigh in. The original version of this post was published in Forbes. Bug bounties are hot. They are everywhere. Of course, popularity doesn’t guarantee quality. Just because everybody is ... Read More
The days (and nights) of an ‘always on’ sales engineer
Being an IT sales engineer isn’t as glamorous as it seems—but the satisfaction of solving customer problems and performing well under pressure is unmatched. When it comes to most jobs, there’s the reputation, and then there’s the reality. Which is true of sales engineers in IT as well, according to ... Read More
Tanya Janca at RSA on better AppSec: Play nice with DevOps
The DevOps and security relationship is often tense—but does it have to be? At RSA 2019, Tanya Janca explained how teams can play nice, and why they ought to. Play nice. Communicate. Cooperate. If you really want to make the “Sec” part of DevSecOps work effectively, those “soft” interpersonal skills ... Read More
At RSA, it is clear encryption divide is as wide as ever
Selective encryption backdoors don’t work; the laws of mathematics don’t know or care who you are. But the concept was still under intense debate at RSA 2019. The war on, and about, encryption, with law enforcement and intelligence agencies on one side and privacy advocates on the other, is very ... Read More
GDPR: Not heavy-handed yet, but driving data breaches into the open
The GDPR fines issued so far have been small, but breach notifications are up. As GDPR continues to ramp up, it seems likely to achieve its goals of privacy. The original version of this post was published in Forbes. With the European Union’s landmark General Data Protection Regulation (GDPR) now ... Read More
Connected cars need better connection to cybersecurity
Even though auto software security is important to the industry, a new report shows that the lack of resources means connected cars can be dangerously unsafe. The original version of this post was published in Forbes. The “connected” car—as in, connected to the Internet—is now mainstream. Ads for modern vehicles ... Read More
Throwback Thursday: Whatever happened to Anthem?
Whatever happened to Anthem? In 2014–2015, the firm suffered the largest healthcare data breach ever. But healthcare cyber security has improved since then. The data breach of healthcare giant Anthem, which came to light a little more than four years ago, exposed about 79 million patient records. It was the ... Read More
How to improve software security testing in the auto industry
In the automotive industry, security is safety. And auto software security testing, like all security testing, needs to shift left to be effective. This is Part 3 of a three-part interview about automotive industry cyber security practices. Part 1 introduced automotive cyber security challenges. Part 2 is about connected car ... Read More
