Philippe Courtot: V is for Visionary

I was deeply saddened this weekend to learn of the passing of my friend Philippe Courtot, the founder, former chairman and CEO of Qualys (and several other companies before that). The word visionary gets tossed around a lot in today’s world, but if th… Continue reading Philippe Courtot: V is for Visionary

Five worthy reads: Is DataOps the next big value driver in the analytics ecosystem?

Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. In this edition, we’ll learn about DataOps, an interesting methodology that can help organizations fast-track their data ana… Continue reading Five worthy reads: Is DataOps the next big value driver in the analytics ecosystem?

The Security Wisdom of the All-Knowing CISO

Have you ever noticed how closely your role as the CISO of your organisation resembles that of the Wizard from “The Wizard of Oz?” As the Wizard, you are expected to be all-knowing, all-seeing and all-powerful. Your role is to keep everyone safe from t… Continue reading The Security Wisdom of the All-Knowing CISO

Axio VP Cyber Risk Engineering, Lisa Young Joins (ISC)² Board

Axio would like to congratulate Lisa Young, Vice President of Cyber Risk Engineering for her appointment to the Board of Directors of (ISC)², the world’s largest nonprofit association of certified cybersecurity professionals. The association is conside… Continue reading Axio VP Cyber Risk Engineering, Lisa Young Joins (ISC)² Board

Hackers don’t break in – they log in

We talked about this very often so far: Passwords are by far the weakest link when it comes to security today. 81% of successful attacks involve lost, breached or re-used passwords. There is another fairly current article mentioning that, even when it … Continue reading Hackers don’t break in – they log in

Finding a Good Vendor Partner: More than Technology

Finding a security vendor that is the best fit for your company’s business objectives, culture, risk profile, and budget is challenging today. The purpose of this blog is to suggest that working with a “vendor partner” is more than wo… Continue reading Finding a Good Vendor Partner: More than Technology

How to leverage “Secure Access Workstations” for the Cloud

This is a questions I get fairly often. But before I try to answer, let’s take a step back: We know that attackers typically try to compromise user accounts and then move laterally until they find higher-value credentials. The holy grail in this … Continue reading How to leverage “Secure Access Workstations” for the Cloud

Black Hat 2019: Addressing Supply-Chain Risk Starts with People, Microsoft Says

LAS VEGAS – Supply-chain attacks have nabbed headlines lately thanks to high-profile incidents like the Wipro news last April, where attackers were able to compromise the staffing agency’s network and pivot to their customers. That incident point… Continue reading Black Hat 2019: Addressing Supply-Chain Risk Starts with People, Microsoft Says

[SANS ISC] May People Be Considered as IOC?

I published the following diary on isc.sans.edu: “May People Be Considered as IOC?“: That’s a tricky question! May we manage a list of people like regular IOC’s? An IOC (Indicator of Compromise) is a piece of information, usually technical, that helps to detect malicious (or at least suspicious) activities. Classic types

[The post [SANS ISC] May People Be Considered as IOC? has been first published on /dev/random]

Continue reading [SANS ISC] May People Be Considered as IOC?