How to make Infrastructure as Code secure by default
Infrastructure as Code (IaC) has become a widely adopted practice in modern DevOps, automating the management and provisioning of technology infrastructure through …
Best practices for implementing the Principle of Least Privilege
In this Help Net Security interview, Umaimah Khan, CEO of Opal Security, shares her insights on implementing the Principle of Least Privilege (PoLP). She discusses best …
Key metrics for monitoring and improving ZTNA implementations
In this Help Net Security interview, Dean Hamilton, CTO at Wilson Perumal & Company, discusses the complexities of zero trust network access (ZTNA) implementation, …
The CISO’s approach to AI: Balancing transformation with trust
As organizations increasingly adopt third-party AI tools to streamline operations and gain a competitive edge, they also invite a host of new risks. Many companies are …
Laying the groundwork for zero trust in the military
In this Help Net Security interview, Curtis Arnold, VP and Chief Scientist at Core4ce, discusses the starting points for military training in zero trust principles, …
Overlooked essentials: API security best practices
In this Help Net Security interview, Ankita Gupta, CEO at Akto, discusses API security best practices, advocating for authentication protocols like OAuth 2.0 and OpenID …
GDPR turns six: Expert discusses AI impact
The European Union’s GDPR policy came into effect six years ago. Since then, it has become widely regarded as the standard for data sharing, but the rise of new technology has …
Unpacking CISA’s AI guidelines
CISA’s late April AI and infrastructure guidelines address 16 sectors along with their cybersecurity needs and operations concerning the growth of AI as a tool to build both …
Avoiding the cybersecurity blame game
Cyber risk management has many components. Those who do it well will conduct comprehensive risk assessments, enact well-documented and well-communicated processes and …
CISOs pursuing AI readiness should start by updating the org’s email security policy
Over the past few years, traditional phishing messages — with their pervasive linguistic errors, thinly-veiled malicious payloads, and often outlandish pretexts — have been on …
Are you meeting your cyber insurance requirements?
Cyber insurance policies are specifically designed to offer financial protection to organizations in the face of cyber attacks, data breaches, or other cybersecurity …
Establishing a security baseline for open source projects
In this Help Net Security interview, Dana Wang, Chief Architect at OpenSSF, discusses the most significant barriers to improving open-source software security (OSS security) …