Resources

Blog

How Universities Can Help Fill the Security Skills Gap

The world is currently experiencing a serious cyber security talent shortage that is having profound effects on businesses and governments alike. An alarming number of cyber security/information security professionals surveyed for ISACA’s State of Cyber Security 2017 report (37 percent of 633 respondents) said fewer than 1 in 4 job applicants...
Blog

Conference Passes – Cyber Security Merit Badges

What is the first thing you do upon returning from a conference, seminar, or other event? Quickly update your LinkedIn network with new contacts from the event? Draft a presentation that you promised as part of the business justification to attend the conference? Prioritize a list of products you want to implement, and why? Me? I add my latest...
Blog

Women in Information Security: Emily Crose

Previously, I interviewed Dr. Jessica Barker. She's a woman who runs a firm, J L Barker Ltd., where she advises many British organizations on how to handle information more securely. Now, I'm honoured to talk to Emily Crose, a network threat hunter. I discovered her on Medium, where she wrote a thought-provoking article about the differences in her...
Blog

5 Things You Should Know about Gift Card Fraud

In 2016, the U.S. gift card industry was worth $127 billion. That figure is expected to reach $160 billion by 2018. It's little wonder why. Everyone loves them! From the retailer's point of view, customers who shop using a gift card oftentimes spend more than the initial value of the card. As for the customers themselves, gift cards allow them to...
Blog

Managing Cyber Risk in Schools and Educational Institutions

With analyst group Gartner valuing the annual global spending on educational technology at over £17 billion ($21 billion USD) in 2015, there's no doubt that technology implementation is shaping the future of education systems. The appropriate integration of technology guides students, teachers, and administrators towards clarity and extensibility....
Blog

How Secure Are You with Your Smartphones?

Take a moment to think about apps used daily on your smartphone. Facebook? Twitter? Email? Web browser? No one wants to be stalked or let anyone see their personal information from their smartphones. Think about leaving your phone unlocked while you're at home or unattended on your desk while going for meeting at work. What if someone looks at your...
Blog

LinkedIn Scam Wants Job Seekers to Hand Over Their CVs

Fraudsters have designed a new LinkedIn scam that uses phishing emails and a fake website to trick job seekers into handing over their CVs. The scam begins when a user receives a phishing email disguised as a LinkedIn email. In their message, the fraudsters inform the recipient that a company is "urgently seeking for immediate employment" in their...
Blog

Graduating in Information Security: Part Two

In part one of this series, I posited that additional integrity on a resume, as well as in interview situations, can benefit the entire information security profession by highlighting the specific disciplines in our industry. This, in turn, could serve to stop the perception of a cyber skills-gap by driving awareness that the InfoSec field is...
Blog

Microsoft Says "So Long" to Windows Vista

Microsoft has announced the end of Windows Vista support and is urging customers who still use the operating system to upgrade as soon as possible. The Redmond-based technology giant finalized Windows Vista's end of term in a blog post on 11 April: "Windows Vista customers are no longer receiving new security updates, non-security hotfixes, free or...
Blog

VERT Threat Alert: April 2017 Patch Tuesday Analysis

Today’s VERT Alert addresses the Microsoft April 2017 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-720 on Wednesday, April 12th. With the elimination of Security Bulletins, the VERT Alert will be changing. This shortened version will act as a placeholder until the launch of the improved...
Blog

Foundational Controls for Common Attack Types

In January 2017, Tripwire completed a survey of 403 IT Security professionals about the most common attack types and how prepared organizations are to defend against them. You can read about the details here. There are two important conclusions from the research that I have to share for the purposes of this post. First, the top five attack types...
Blog

Insider Threats as the Main Security Threat in 2017

Alphabet, Google's parent company, recently filed a lawsuit against its former engineer Anthony Levandowski, who is now working with Uber. The company accused Levandowski of copying more than 14,000 internal files and taking them directly to his new employer. While this case is far from over, it brings about a very interesting and important...
Blog

Web Scraping for Fun (and Profit)…

There are many websites on the internet that are known to receive regular traffic from hackers, including a number of public forums, which are often used to release their stolen information. Hackers may release some of this information to take credit for a breach, attract buyers for the rest of the stolen information, or increase the damages to the...
Blog

Encryption Works Great, But Only When Done Right

In an article we wrote for Tripwire, we discuss the advantages of encryption and tokenization. The premise of our argument is as follows: slow down your adversary by making your data meaningless to them. In other words, make yourself a “goes nowhere” project forcing your adversary to seek out a target that does not cause them the grief you do....