CISA’s Krebs seeks more measured approach to election security heading into 2020
Given the too-late realization that Russia interfered in the 2016 presidential election through massive disinformation campaigns and -- as the Mueller report most recently documented with a few new twists -- actual efforts to hack into state elections systems,...
What a security career will look like in five years
When it comes to protecting the growing infrastructure at Polaris Alpha, CISO Eric Schlesinger believes in a people-and-processes approach over a tools-based approach. But five years from now, those priorities will likely shift.To read this article in full, please...
3 ways to improve PC security
Insider Pro columnist Jack Gold writes that organizations must focus on three key areas if they want to protect their PCs -- and ultimately the entire organization -- from security breaches.
IDG Contributor Network: Lessons learned through 15 years of SDL at work
Do a quick search on secure development and you’ll find pages and pages of advice and best practices. You could relatively quickly create a long checklist of best practices and how-tos covering everything from how to create a threat...
Senator Warner seeks “grand alliance” to protect against surveillance threat from China’s tech dominance
When it comes to technology policy, Senator Mark Warner (D-VA), Vice Chairman of the Senate Intelligence committee, is clearly concerned about the power China holds, particularly when it comes to trusting China’s leading tech suppliers and the prospect of...
Security Recruiter Directory
Looking for a qualified candidate or new job? CSO's security recruiter directory is your one-stop shop.The recruiters listed below can help you find your next Chief Security Officer (CSO), Chief Information Security Officer (CISO), or VP of Security and...
What is OAuth? How the open authorization framework works
Since the beginning of distributed personal computer networks, one of the toughest computer security nuts to crack has been to provide a seamless, single sign-on (SSO) access experience among multiple computers, each of which require unrelated logon accounts to...
BrandPost: The CISO must be included in any SD-WAN discussion
Extending advanced services to the WAN Edge of the network can have a serious impact on a security architecture and strategy. News cycles are filled with stories about critical network breaches that began by taking advantage of some neglected...
Arcadia Power Can Help You Go Green & Lower Your Power Bill
We only have one planet, and using clean, renewable energy resources is perhaps the easiest way to preserve and maintain our future. Luckily, clean energy farms generate far more power than ever before, so whether you want to ensure...
10 signs you’re being socially engineered
Together, phishing and social engineering are by far the number one root-cause attack vector, and they have been around nearly since computers themselves were invented.To read this article in full, please click here(Insider Story)
Secrets of latest Smominru botnet variant revealed in new attack
The latest iteration of Smominru, a cryptomining botnet with worming capabilities, has compromised over 4,900 enterprise networks worldwide in August. The majority of the affected machines were small servers and were running Windows Server 2008 or Windows 7.Smominru is...
Misconfigured WS-Discovery in devices enable massive DDoS amplification
Hundreds of thousands of devices can be abused to amplify distributed denial-of-sevice (DDoS) attacks because they are misconfigured to listen and respond to WS-Discovery protocol requests over the internet. Web Services Dynamic Discovery (WS-Discovery or WSD) is an UDP-based...
How to detect and halt credential theft via Windows WDigest
Once attackers get into a system, they often want to elevate privileges or do credential harvesting. One way they do this is by finding a WDigest legacy authentication protocol left forgotten and open on servers. On Windows Server prior...
6 questions candidates should ask at every security job interview
"Off with their heads!" the Red Queen cried in Alice in Wonderland, but you could be forgiven for thinking that's how some enterprises treat security folk after a data breach.To read this article in full, please click here(Insider Story)
The top 5 email encryption tools: More capable, better integrated
The world of email encryption has changed significantly in the past few years. The leading tools are evolving, each in their own way:To read this article in full, please click here(Insider Story)
Review: Blue Hexagon may make you rethink perimeter security
This fully functional, fully trained cybersecurity tool is ready on day 1 to spot threats on whatever network it’s charged with protecting.
Three strategies to prove security’s value
Security executive Ricardo González doesn’t see IT security as a cost center; instead, he describes it as “a strategic investment in reduction of corporate risk, and a positive contribution to the realization of business value.”To read this article in...
Shining light on dark data, shadow IT and shadow IoT
What's lurking in the shadows of YOUR organization? What you don't know can hurt you. Insider Pro columnist Mike Elgan looks at how your business is at risk and offers six steps to minimize it.
What is the EU’s revised Payment Services Directive (PSD2) and its impact?
New security requirements for online payments will come into effect in Europe in September as part of the revised Payment Services Directive (PSD2), but they are also expected to make an impact in the US and other regions of...
What is PSD2? And how it will impact the payments processing industry
PSD2 explained
New security requirements for online payments will come into effect in Europe in September as part of the revised Payment Services Directive (PSD2), but they are also expected to make an impact in the US and other regions...
Steve Grobman – McAfee
Steve GrobmanSenior Vice President & Chief Technology OfficerMcAfee
Why Nominated: With over 20 years of experience, Grobman has held numerous technical and cybersecurity leadership positions over the years. In these various roles – from his time as an...
Greg Lesnewich – Recorded Future
Greg LesnewichThreat Intelligence AnalystRecorded Future
Why Nominated: With a focus on state-sponsored espionage campaigns and
Middle Eastern- borne cyber threats, as a Threat Intelligence Analyst at
Recorded Future, Greg Lesnewich provides detailed threat actor and malware
profiles to some of the world’s...
Ophir HarpazSecurity ResearcherGuardicore
Why nominated: After spending several years working on email
security products, Ophir Harpaz became interested in understanding how malware
worked. She then began working as a cybercrime researcher specializing in
financial malware and hunted banking trojans and analyzed their...
Amina Bashir – Flashpoint
Amina BashirAnalyst II, Hunt TeamFlashpoint
Why Nominated: Flashpoint analystAmina
Bashir is her company’s go-to subject-matter expert on the threat landscape of
the Indian subcontinent. In her role, she has authored key research on the
malicious use of chatbots, as well as vulnerabilities...
Ning Wang – Offensive Security
Ning WangCEO Offensive Security
Why Nominated: Ning Wang is a rising star has worked to break the
boundaries in the security industry, so that people can see that anyone is
capable of starting a career in cybersecurity and advancing it –...
