Resources

Blog

Why You Should Consider a Career in Government Cyber Security

Cyber crime is a serious and growing problem. According to Cybersecurity Ventures, cybercrime damages will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015. And as seen in recent high-profile hacks and data breaches involving U.S. government agencies (the NSA, the Office of Personnel Management, the Securities and Exchange...
Blog

Back to the Future: Stick to the Fundamentals for DevOps Security

In early August, I will be leading a couple of sessions at the Community College Cyber Summit about cyber security fundamentals. I've also been spending time working with my amazing colleagues thinking about DevOps. Spending so much time going back and forth from "back to basics" and "the future of development" had me thinking that securing DevOps...
Blog

DevOps and Cloud: The Match that Drives Today’s Businesses

When concepts like DevOps and Cloud computing come together, this powerful combination propels organizational growth at a rapid speed. Some trends in today’s industry have helped bring about the collaboration of these two most important change agents. Let’s take a look at them here: The world is witnessing an industry-wide shift wherein we are...
Blog

Security as a Quality Gate for DevOps

It’s hardly a controversial statement to say that DevOps is changing the way that organizations build and deploy applications. There’s plenty of material, stories, whitepapers and whole companies that demonstrate this trend. There are, however, a couple of things that make a discussion about security and DevOps important. First, while there are a...
Blog

How the CIS Controls Can Help You Achieve PCI DSS 3.2 Compliance

Compliance with version 3.2 of the Payment Card Industry Data Security Standard (PCI DSS) is a must for organizations that handle, process, transmit and store payment card data. But compliance isn’t always easy to establish or maintain. Indeed, there are certain challenges along the way that can make organizations’ compliance with PCI DSS 3.2...
Blog

Tripwire Patch Priority Index for July 2018

Tripwire's July 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe. First on the patch priority list this month are patches for Microsoft's Internet Explorer, Edge and Scripting Engine. These patches resolve 22 vulnerabilities, including fixes for security feature bypass, information disclosure, and...
Blog

Some Dos and Don'ts for Hiring Your Security Leader

I’m an executive-level security headhunter. That means I spend a lot of my week doing two things: talking to CISOs or those people ready to be CISOs and consulting with companies that are in the market for a security leader. My experience is that companies looking for a security leader fall into three categories. The first category consists of...
Blog

Is the End of the EU-US Privacy Shield in Sight?

European Union data protection law restricts the transfer of EU-origin personal data to countries outside the European Economic Area unless there is a mechanism in place to ensure an adequate level of protection of the personal data. In 2000, the European Commission approved the EU-SU Safe Harbor Privacy Principles that allowed many U.S. companies...
Blog

Reddit Says Some User Data Accessed in Security Incident

Reddit said that a digital attacker infiltrated some of its systems and accessed user data during a recent security incident. On 1 August, the social news aggregation website revealed that an attacker had compromised a few of its employees' accounts with its cloud and source code hosting providers...
Blog

Save the Embarrassment: The Value of Two-Factor Authentication

These days, it’s not a matter of if your password will be breached but when. Major websites experience massive data breaches at an alarming rate. Have I Been Pwned currently has records from 295 sites comprising 5.3 billion accounts. This includes well-known names like LinkedIn, Adobe, and MySpace. Password breaches are a cause for embarrassment;...
Blog

There’s a Hole in My AWS S3 Bucket!

2017 saw many data leaks and breaches that stemmed from poorly configured Amazon AWS configurations, or more specifically, configurations of AWS S3 buckets. These weren’t small leaks, either. As a result, Verizon, Dow Jones & Co and the WWE found themselves in the media for the wrong reasons. And they’re not the only ones. A quick Google search...
Blog

Shipping Company Struck by Ransomware Attack

A shipping company suffered a ransomware attack that affected certain network systems in one of its regions of operation. On 25 July, COSCO Shipping Lines disclosed on Facebook that it had suffered a "local network breakdown" in the Americas. The company, which is owned and operated by the Chinese government, said that the incident degraded local...
Blog

Sextortion Scam Luring Victims in with Breached Passwords – Don’t Pay!

If you haven't been targeted already, you might have at least heard about the latest "sextortion scam" that surfaced a couple weeks ago. I've been seeing the email scam making its rounds since then, and sure enough, it's now hit my own inbox. Seeing this nefarious message firsthand, I wanted to share some things to watch out for with scams like this...
Blog

How to Spot a Zero-Day Sight-Unseen

Zero-day attacks have businesses and consumers alike worried about how to protect data. If we don’t know what a threat looks like, can we really protect ourselves against it? For some time, security tools have been developed with the objective of helping organizations defend against the unknown, but the reality of zero-day attacks (the fact that...
Blog

Women in Information Security: Monica Jain

Last time, I got the opportunity to speak with Jessica Hebenstreit. Not only is she a senior security consultant who has had a lot of different roles; she’s also the chief Operating Officer of the Diana Initiative. I learned a lot from our discussion. This time, I got to speak with Monica Jain, co-founder of LogicHub Inc. It takes a lot of hard work...
Blog

Exobot Android Banking Trojan's Source Code Leaked Online

Someone leaked the source code for the Exobot Android banking trojan online, leading the malware to circulate widely on the underground web. Bleeping Computer said it received a copy of the source code from an unknown individual in June. In response, it verified the authenticity of the code with both ESET and ThreatFabric. Security researchers from...