Opinion

Opinion

• The threat hunting process is missing the human element

  Threat hunting hinges on an analyst's ability to create hypotheses and to look for indicators of compromise in your network. Do you have the resources to hunt?  Continue Reading

• Why U.S. election security needs an immediate overhaul

  There's no evidence that threat actors have been able to manipulate or change vote counts in our elections, but Kevin McDonald says that doesn't mean it can't -- or won't -- happen.  Continue Reading

• Industries seek to improve third-party security risk controls

  Healthcare security leaders are developing industry best practices for better third-party risk management using common assessment and certification standards.  Continue Reading

• White hat Dave Kennedy on purple teaming, penetration testing

  Russia and other nation-states use application control bypass techniques because they don't "trigger any alarms," the chief hacking officer says.  Continue Reading

• Kurt Huhn discusses the role of CISO in the Ocean State

  A strategy focused on widespread training and education leads to progress against one of the state's biggest threats, says the Rhode Island CISO.  Continue Reading

• Why a unified local government security program is crucial

  When considering a local government cybersecurity program, companies must understand the dangers of not having one. Matt Pascucci explains why a program designed to monitor the public sector is crucial.  Continue Reading

• Tom Van Vleck on the Multics operating system, security decisions

  Time-sharing systems got a lot right from a security standpoint. "We aimed toward a completely lights-out, 'no chance for mistakes' interface," says the security researcher.  Continue Reading

• Fannie Mae CISO calls for more data on security incidents

  Chris Porter's years as a lead analyst and author of Verizon's Data Breach Investigations Report helped prepare him for the chief of security role at the primary housing lender.  Continue Reading

• Why third-party access to data may come at a price

  Google and other platform companies dangled not only APIs but access to user data from unwitting customers to attract third-party developers and other partners.  Continue Reading

• Q&A: Why data security controls are a hard problem to solve

  Feeling less friendly after Facebook? "There is a great deal of power in being able to combine data-sources," says Jay Jacobs, security data scientist.  Continue Reading

• Walmart's Jerry Geisler on the CISO position, retail challenges

  A global CISO in charge of one of the world's largest cybersecurity programs got his start on the retail floor. He's arrived just in time for the digital transformation.  Continue Reading

• Cybercrime study: Growing economic ecosystem spells trouble

  New research shows that cybercriminals are gaining momentum with connected infrastructure and collectively earning billions annually from a cybercrime economy. Now what?  Continue Reading

• Marcus Ranum decodes hardware vulnerabilities with Joe Grand

  Computer hardware designs with dangerous security flaws? That's no surprise to renowned hardware hacker Grand.  Continue Reading

• Healthcare CISO: 'Hygiene and patching take you a long way'

  Cybersecurity and healthcare can get along, according to CISO Joey Johnson, who leads the security program at Premise Health, but it takes patience and attention to the details.  Continue Reading

• Cost of data privacy breach may not be enough

  While the European Union is taking major steps to protect residents' data privacy, little has happened in the United States, even after Equifax and Facebook.  Continue Reading