How to start achieving visibility in the cloud
As a security executive, you have a curious gig. On one hand, you’re responsible for securing your organization across multiple systems, networks, clouds, and geographies. On …
CISO do’s and don’ts: Lessons learned
Keeping a business safe from cyber threats while allowing it to thrive is every CISO’s goal. The task is not easy: a CISO has to keep many balls in the air while being …
Worried about cyber pirates hijacking autonomous ships? Focus on port cybersecurity first
On average, the U.S. Coast Guard issues between ten and twenty safety alerts annually. Alerts tend to function more as a public service announcement designed to raise …
Three essential elements of a successful Zero Trust cybersecurity program
Organizations have traditionally deployed cybersecurity approaches that adhered to the phrase made famous by President Ronald Reagan: “Trust, but verify.” This meant that most …
Red teaming: Why a forward offense is the best defense
Companies are under constant threat. Opportunistic attackers scan the internet for weak points, motivated attackers target specific organizations for susceptibility to a scam …
Optimizing the patch management process
In this podcast recorded at Black Hat USA 2019, Jimmy Graham, Senior Director of Product Management at Qualys, discusses the importance of a tailored patch management process. …
Pitfalls to avoid when improving your software development skills
The dizzying pace of technological change makes knowledge acquisition and skill development a very big deal in the IT and IT security industry. Luckily, the opportunities for …
Microsoft is right, mandatory password changes are obsolete
Microsoft has recently come out and said that mandatory password changing is ancient and obsolete. This goes directly against everything we were trained to think for the last …
Solving security problems: Security advice for those with limited resources
In this interview, Mark Sangster, VP & Industry Security Strategist at eSentire, gives SMBs advice on how to minimize the risk of a data breach through better security …
Security or compliance? Stop choosing between them
The difference between security and compliance is more than just process. It’s philosophy and practice. Compliance can be one tactical execution of a great security strategy …
Securing modern web apps: A case for framework-aware SAST
If you were to write a web application entirely by yourself, it would be a rather daunting task. You would need to write the UI elements from lower-level APIs, set up and …
Do you have what it takes to be a hardware hacker?
If you ask Yago Hansen, a hacker specialized in Wi-Fi and RF security, curiosity and a willingness to learn and improve your skills are the two things that you absolutely must …