Blog

Blog

100 Days in Office: President Trump on Digital Security

April 29, 2017, marked Donald Trump's 100th day in office as President of the United States. Since his inauguration on January 20, President Trump has fulfilled his campaign promises of nominating a conservative judge to the Supreme Court and withdrawing the United States from the Trans-Pacific Partnership. But he has yet to meet some of his other...
Blog

Foundational Controls Work - A 2017 DBIR Review

When the 2017 Verizon Data Breach Investigations Report (DBIR) came out last week, I read through it like I do every year. Each time I go through the report, I challenge myself to find something new and interesting. This year, I was intrigued by the "Things to consider" and "Areas of focus" at the end of each section. These two blurbs gave tips on...
Blog

Bug Bounties: An Overview of Their Past, Present, and Future

Bug bounties, security acknowledgements and reward programs all have strong ties to IT security today. But that wasn't always the case. In the past, public penetration testers and security researchers mostly looked out for their personal benefit without recognizing their own responsibility to the security community. The reason? In a lot of cases,...
Blog

4 Things Birdwatching Can Teach About Security Awareness

Sometimes you find inspiration in unlikely places. Never did I think, for example, that I would be able to connect my day job as a writer in the security awareness field with a burgeoning hobby of mine: birdwatching. But the more I “bird,” the more what I learn about birdwatching—both in the field and from birdwatching blogs—begins to filter into my...
Blog

FTC Says Identity Theft Victims Don't Always Need a Police Report

Victims of identity theft don't always need to file a police report, explains the Federal Trade Commission (FTC) in an alert. In an effort to help simplify the recovery process for identity theft victims, the FTC has created a government portal at IdentityTheft.gov. Victims just need to register with this page and answer some questions. ...
Blog

What Makes Passwords Secure?

On average, each person has 27 online logins and passwords. They protect our bank accounts, our social media, our phones, and more. Passwords are the keys that unlock our digital lives. But what makes them so secure, and how can you make sure your passwords are doing a good job of protecting your information and your identity? Creating a Secure...
Blog

ISP Brought Down by Warring Malware Families

A battle between two rival families of malware is being blamed for the downtime that a Californian ISP suffered earlier this month. As BleepingComputer reports, customers of Sierra Tel unexpectedly found themselves without telephone and internet connectivity on April 10. In a statement issued by the ISP the following day, the blame was put firmly on...
Blog

Top Security Tips for your Wordpress Website

Whenever you talk about WordPress security, every gig hands you a list of security plugins. My point of view and approach are different. I am not saying that using security plugins will not provide you efficient security. All I am saying is that only using security plugins will not completely secure your website. You have to take actions out of the...
Blog

Why We Need More Women in Cyber Security

Women currently represent only 11 percent of the cyber security workforce worldwide. This statistic is cause for alarm because it’s a key factor in the massive talent shortage that is impacting this crucially important field. It is estimated that, as of now, there are 1 million unfilled cyber security jobs—and that number is growing fast. This...
Blog

Making Sense of the General Data Protection Regulation (GDPR)

The upcoming GDPR compliance deadline of May 2018 affects any organization across the world that collects, processes, or stores data on citizens of the European Union. The intent behind the GDPR is to better protect the privacy of EU citizens, and the mechanism to do so is through harmonizing the existing data privacy laws across Europe. “The six...
Blog

Disclosing Zero Days

Governments ought to disclose zero-day vulnerabilities and begin to collaborate to make digital disarmament more than just ‘a thing.’ The case for these policy changes is becoming increasingly clear as new public debates begin to take shape around online privacy, trust and the prevention of cyber conflict. However, much work lies ahead in correctly...
Blog

Women in Information Security: Lesley Carhart

The cybersecurity industry can be made stronger if we attract more women and non-males. I've had the pleasure of interviewing some in my series. I spoke to Dr. Jessica Barker, who advises organizations on information security and maintains a blog at Cyber.uk. Then I spoke to Emily Crose, a network threat hunter. Most recently, I had the opportunity...
Blog

The Human Factor: Technology Changes Faster Than Humans

The title of this piece is quite obvious, but it is also an unappreciated fact. Consider for a moment the change we have seen over the last 30 years: access to cyberspace was scarce, often limited to enterprise users such as governments, educational institutions and the largest corporation, whereas today, there are billions of users that treat the...
Blog

The Top 5 Vendor-Neutral Cloud Security Certifications of 2017

Many organizations migrate to the cloud because of increased efficiency, data space, scalability, speed and other benefits. But cloud computing comes with its own security threats. To address these challenges, companies should create a hybrid cloud environment, confirm that their cloud security solution offers 24/7 monitoring and multi-layered...
Blog

5 Tips for a Winning Security Project Business Case

Make no mistake: just like watching a perfect ballet performance, success is attributed to the hard work done behind the scenes. Only the best are chosen. The same goes for preparing and submitting a security project business case. Securing funding for a security project starts with a credible and comprehensive business case that not only justifies...
Blog

Using Smart Meters as a Digital Attack Vector

Even if you’re not in the utility industry, it’s hard to ignore the slow march forward of the smart meter. The days of a utility employee stopping by to check the meter are well on their way out. In fact, it’s hard to imagine a system that relies on someone physically showing up to check the meter at all. Today, smart meters go beyond simply...