Collaborate Disseminate
For more than 12 years, I’ve been organizing and running hackathons with the goal of finding security vulnerabilities and fixing them before a product hits the market. These events can play a pivotal role in the product development lifecycle, increasin… Continue reading 10 tips for creating your security hackathon playbook
Working at the speed of digital business is a constant challenge. But in today’s increasingly automated operational environment, crypto agility—i.e., an organization’s ability to (at the moment of compromise) switch rapidly and seamlessly between certi… Continue reading 3 ways to achieve crypto agility in a post-quantum world
Over the next few years, the number of organizations navigating to the cloud to advance their business goals is expected to grow exponentially. According to Gartner, more than 70% of enterprises will use cloud platforms to accelerate their business ini… Continue reading Migrating to the cloud: An overview of process and strategy
The newest version of the vulnerability scoring system CVSS 4.0 is here! After a lengthy gap between version 3 (released in 2015), as of November 2023 version 4.0 is officially live. Building iteratively on version 3 there are a few differences that in… Continue reading Does CVSS 4.0 solve the exploitability problem?
A new user is signing up for a SaaS application. On the one hand, UX teams want that user to get into the app as quickly as possible. On the other hand, security teams want the user to strongly validate their identity and configure settings properly be… Continue reading Great security or great UX? Both, please
Whether we’d like to admit it to ourselves or not, all humans harbor subconscious biases that powerfully influence our behavior. One of these is the omission bias, which has interesting ramifications in the world of cyber security, specifically vulnera… Continue reading The effect of omission bias on vulnerability management
No company is immune to cyberattacks, but when the inevitable happens, too many companies still try to maintain a wall of silence. In fact, over half of security professionals admit their organizations maintain a culture of security through obscurity, … Continue reading Why cyberattacks mustn’t be kept secret
The SEC has instituted a set of guidelines “requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governan… Continue reading Without clear guidance, SEC’s new rule on incident reporting may be detrimental
From AI to ZTA (zero-trust architecture), the technology responsible for protecting your company’s data has evolved immensely. Despite the advances, cybercriminals repeatedly find new and creative ways to gain access to sensitive information. This can … Continue reading Out with the old and in with the improved: MFA needs a revamp
The future of data privacy is the end of compromise. With the world producing data at astounding rates, we need ways to put data to the best use while protecting against breaches and ensuring privacy, data protection and access control. These principle… Continue reading Attribute-based encryption could spell the end of data compromise