Author Archives: Tripwire Guest Authors

Elastic-ing All the Things at BSidesLV 2017

Posted on by

Take five seconds to think: Which of the two scenarios is the worst as an incident responder? In the first one, you have to analyze terabytes of logs by grepping audits, Windows events, proxy, intrusion prevention systems and mail as you try to pivot, correlate and understand what the heck happened. In the second one, […]… Read More

The post Elastic-ing All the Things at BSidesLV 2017 appeared first on The State of Security.

Continue reading Elastic-ing All the Things at BSidesLV 2017

Are Bug Bounties a True Safe Harbor?

Posted on by

Security vulnerabilities are becoming the new oil, and the bug bounty economy is booming. As news of cyberattacks and data breaches continue to consume the press, never before has the market for vulnerabilities been so dynamic. “Bug bounty programs”, frameworks where security researchers legally trade previously undiscovered vulnerabilities for monetary and reputational rewards by ethically […]… Read More

The post Are Bug Bounties a True Safe Harbor? appeared first on The State of Security.

Continue reading Are Bug Bounties a True Safe Harbor?

Destructive Malware and Interstate Rivalries: The Evolution of Digital Weapons and Geopolitical Conflict

Posted on by

When the details of Crash Override emerged earlier this summer, many argued it would be the wake-up call to finally forewarn of potential digital threats to critical infrastructure. However, when placing last December’s attack on the Ukrainian power grid in a broader context, it quickly becomes apparent that this will likely neither be a wake-up […]… Read More

The post Destructive Malware and Interstate Rivalries: The Evolution of Digital Weapons and Geopolitical Conflict appeared first on The State of Security.

Continue reading Destructive Malware and Interstate Rivalries: The Evolution of Digital Weapons and Geopolitical Conflict

Safer, Sooner, Together. The Cavalry Needs You – Here’s What You Can Do

Posted on by

In previous years at BSidesLV, I talked about the different ways security researchers and pros can be heroes. This year, we’ll focus on getting “Safer, Sooner, Together” where the Cavalry needs you most: on the battlefront; that is, the things we can start doing every day along with the practical opportunities and resources that IATC […]… Read More

The post Safer, Sooner, Together. The Cavalry Needs You – Here’s What You Can Do appeared first on The State of Security.

Continue reading Safer, Sooner, Together. The Cavalry Needs You – Here’s What You Can Do

Cyber Security Heroes Part 3: Holly Williams

Posted on by

They say you should never meet your heroes—often they will just disappoint you. But thankfully, there are also exceptions to this rule. In this five-part series, I will be introducing you to five of my key cyber security/infosec heroes. These individuals inspire me to continuously strive for more, with one even motivating me to move […]… Read More

The post Cyber Security Heroes Part 3: Holly Williams appeared first on The State of Security.

Continue reading Cyber Security Heroes Part 3: Holly Williams

I Got More Games than Milton Bradley: Incentivize a Positive Change in Your Security Culture

Posted on by

The purpose of awareness is to draw attention to a desired focus. Let’s face it, the current compliance-based approach to security awareness isn’t just ineffective in creating positive change in employee behavior; it does the opposite of what a security awareness program is designed to do in that it repels. Companies continue to implement the […]… Read More

The post I Got More Games than Milton Bradley: Incentivize a Positive Change in Your Security Culture appeared first on The State of Security.

Continue reading I Got More Games than Milton Bradley: Incentivize a Positive Change in Your Security Culture

How to Secure Your Information on AWS: 10 Best Practices

Posted on by

The 2017 Deep Root Analytics incident that exposed the sensitive data of 198 million Americans, or almost all registered voters at the time, should remind us of the risks associated with storing information in the cloud. Perhaps the most alarming part … Continue reading How to Secure Your Information on AWS: 10 Best Practices

Why Your C-Suite Needs Security Awareness Training

Posted on by

“My C-level doesn’t understand that they’re being directly targeted – help me scare them!” Such was the request aimed at one of my colleagues at a cybersecurity conference not too long ago. Being in the security awareness industry, it’s not uncommon for others to solicit our feedback on how best to educate employees of all […]… Read More

The post Why Your C-Suite Needs Security Awareness Training appeared first on The State of Security.

Continue reading Why Your C-Suite Needs Security Awareness Training

Effective Security Metrics: ‘Not Everything that Can Be Counted Counts’

Posted on by

“I don’t know if anyone in risk reads the PDF we send them. I mean, even we don’t understand some of what we’re reporting, so why should they?” “The CFO hates our risk management meetings. They look at these numbers we give them and have no idea if it means we’re better or worse.” “We have […]… Read More

The post Effective Security Metrics: ‘Not Everything that Can Be Counted Counts’ appeared first on The State of Security.

Continue reading Effective Security Metrics: ‘Not Everything that Can Be Counted Counts’

Posted in SBN

The Costs of Three Major Email Security Breaches

Posted on by

Email is integrated into nearly every aspect of our lives, everything from business to banking to health and beyond. As such, our email accounts are some of the most precious digital assets we have. Currently, there are 4.9 billion email addresses worldwide. In just two years, there have been 6,789 email data breaches globally, according […]… Read More

The post The Costs of Three Major Email Security Breaches appeared first on The State of Security.

Continue reading The Costs of Three Major Email Security Breaches