Opinion

Opinion

• 2019 RSA Conference bottom line: People are security's strongest asset

  People in the security community and beyond are more important and influential than the leading technologies if the talk at the 2019 RSA Conference is any indication.  Continue Reading

• What a proactive cybersecurity stance means in 2019

  Meeting cyberthreats head-on is no longer a choice but a necessity. Learn what dangers IT security teams may face in 2019 and why a proactive attitude is vital.  Continue Reading

• How paradigms shifting can alter the goals of attackers and defenders

  The use of disruptive technology is altering the way attackers and defenders set goals for network security. Learn more about the shifting field with Matt Pascucci.  Continue Reading

• Marcus Ranum: Systems administration is in the 'crosshairs'

  After years of spirited debates and top-notch interviews, columnist Marcus Ranum is signing (sounding?) off with some final thoughts on the future of security.  Continue Reading

• Ron Green: Keeping the payment ecosystem safe for Mastercard

  "We have invested a billion dollars over the last couple of years just in security," says Ron Green, Mastercard's chief of security, who joined the company in 2014.  Continue Reading

• The threat hunting process is missing the human element

  Threat hunting hinges on an analyst's ability to create hypotheses and to look for indicators of compromise in your network. Do you have the resources to hunt?  Continue Reading

• Why U.S. election security needs an immediate overhaul

  There's no evidence that threat actors have been able to manipulate or change vote counts in our elections, but Kevin McDonald says that doesn't mean it can't -- or won't -- happen.  Continue Reading

• Industries seek to improve third-party security risk controls

  Healthcare security leaders are developing industry best practices for better third-party risk management using common assessment and certification standards.  Continue Reading

• White hat Dave Kennedy on purple teaming, penetration testing

  Russia and other nation-states use application control bypass techniques because they don't "trigger any alarms," the chief hacking officer says.  Continue Reading

• Kurt Huhn discusses the role of CISO in the Ocean State

  A strategy focused on widespread training and education leads to progress against one of the state's biggest threats, says the Rhode Island CISO.  Continue Reading

• Why a unified local government security program is crucial

  When considering a local government cybersecurity program, companies must understand the dangers of not having one. Matt Pascucci explains why a program designed to monitor the public sector is crucial.  Continue Reading

• Tom Van Vleck on the Multics operating system, security decisions

  Time-sharing systems got a lot right from a security standpoint. "We aimed toward a completely lights-out, 'no chance for mistakes' interface," says the security researcher.  Continue Reading

• Fannie Mae CISO calls for more data on security incidents

  Chris Porter's years as a lead analyst and author of Verizon's Data Breach Investigations Report helped prepare him for the chief of security role at the primary housing lender.  Continue Reading

• Why third-party access to data may come at a price

  Google and other platform companies dangled not only APIs but access to user data from unwitting customers to attract third-party developers and other partners.  Continue Reading

• Q&A: Why data security controls are a hard problem to solve

  Feeling less friendly after Facebook? "There is a great deal of power in being able to combine data-sources," says Jay Jacobs, security data scientist.  Continue Reading