Collaborate Disseminate
The rising adoption of cloud-native architectures, DevOps, and agile methodologies has broken traditional approaches to application security, a survey of 700 CISOs by Coleman Parkes reveals. As organizations shift more responsibility “left”… Continue reading Application security approaches broken by rising adoption of cloud-native architectures
The security community witnessed triple-digit growth in the number of publicly disclosed ransomware incidents in 2020. As noted in a previous blog post on Five Things You Need to Know About Ransomware Attacks, ransomware attacks grew 715% in H1 20… Continue reading Ransomware Trends: Six Notable Ransomware Attacks from 2021
This article talks about label standard and best practices for Kubernetes security, a common area where I see organizations struggle to define the set of labels required to meet their security requirements. My advice is to always start with a hierarchi… Continue reading Label standard and best practices for Kubernetes security
We have limited investment dollars and therefore must ensure we are protecting the right assets. The practical side of determining “what” needs to be protected and “how” is a convoluted maze of academics, taxonomies, frameworks, and inconsistent a… Continue reading CISO Stories Podcast: Five Critical Elements for Protecting the Right Assets
Given that attacks are only increasing and there needs to be greater efficacy in how companies protect themselves, let us reference how the financial industry has created and relies on a body of standards to address issues in financial accounting as a … Continue reading Mind the GAAP: A Lens for Understanding the Importance of the CIS Controls
Cybersecurity control failures was listed as the top emerging risk in 1Q21 in a global poll of 165 senior executives across function and geography, according to Gartner. Despite a myriad of risks resulting from the pandemic, such as the new work enviro… Continue reading Cybersecurity control failures listed as top emerging risk
Imagine an arc. Not just any arc. A rainbow. When we think of a rainbow, it conjures impressions of color, inspiration and even supernatural characteristics. Does your cybersecurity program long for a magical pot of gold at the end of a rainbow? With … Continue reading A Full Rainbow of Protection: Tripwire Is More than ‘Just FIM’
Never in history has the cyber defender had access to so many technologies and tools to defend our companies. This has created a “Fog of More,” making the choices difficult to manage.
This week’s guest is Tony Sager, a 35-year NSA software vulnera… Continue reading CISO Stories Podcast: Is There a Magic Security Control List?
Where were you when you first heard about the SolarWinds breach? It’s not unusual for information security professionals to learn about a breach. Keeping track of the news is part of the job. The SolarWinds attack, however, was different for two primar… Continue reading Securing Your Supply Chain with CIS and Tripwire
A security operations center (SOC) is the central nervous system of any advanced cybersecurity program. Yet even the most well-funded, highly organized and properly equipped SOC is often no match for a simple misconfiguration error. Organizations have … Continue reading The SOC is blind to the attackable surface