Home Podcasts Videos Guest Posts Q&A My Take Bio Contact

Guest Blog Post


GUEST ESSAY: What ‘Fight Club’ taught me about protecting my online personas

By Thomas Yohannan

Dissociative identity disorder, AKA multiple personality disorder, is a human condition by which the victim’s personality becomes fragmented into two or more distinctive states.

DID has long been a rich topic for Hollywood screen writers. The movie Fight Club, in which Edward Norton and Brad Pitt portray polar opposite personalities of the main protagonist, is a classic example.

Related podcast: Phil Lieberman calls for resetting the C-suite mindset

DID sufferers subvert themselves in self-contained sets of memories, behaviors, attitudes, even perceived age. This is done so that the victim can insulate certain fragile areas of his or her psyche, and thus is able to function with a sense of security in otherwise threatening environments, psychologically speaking.

It may not be a bad idea …more

GUEST ESSAY: The top 4 cybersecurity certificates every IT staffer should have

By Victoria Zambito

Assuredly, it is a very positive development that more companies are looking to boost the security expertise of their in-house IT teams. This is being manifested by flow of IT professionals seeking out and participating in security-related certificate programs.

Numerous third-party organizations offer these educational tracks; a select few garner great respect within the field. Here’s the cream of the crop:

CompTIA A+ Certification

The CompTIA A+ Certification provides essential foundational knowledge for IT professionals. It covers basic enterprise hardware and software deployment, management techniques and cloud computing. Approximately 1 million IT professionals hold the highly coveted IT CompTIA A+ certification.

Certified Ethical Hacker (CEH v9) – EC-Council
The Certified Ethical Hacker Certification demonstrates an IT professional has an understanding of how to …more

GUEST ESSAY: A call for rethinking incidence response playbooks

By Liz Maida

We see it week after week. Insidious cyber threats that spread throughout enterprises like wildfire and proliferate around the globe, interfering with crucial work and holding data hostage. These attacks make the news cycle for a few days, security teams wring their hands over it, and then forget all about it – until the next attack. Lather, rinse, repeat.

When will the security community get smarter about our approach to identifying and thwarting cyber threats, instead of just responding to the one at hand?

Related video: Tempered Networks introduces identity-based networks

The known threat of today — whether it’s malware, social engineering or phishing — inevitably morphs into the zero-day threat of tomorrow. Which means that all the tactical work security teams …more

GUEST ESSAY: “Chess Master Project’ should restore resiliency to U.S. power grid

By Paul Myer

The evolving risk of a coordinated, catastrophic, cyberattack on U.S. energy delivery systems (collectively known as “the power grid”) via vulnerable Industrial Control Systems (ICS), resulting in wide spread, prolonged power outages, is not a new concern to energy industry executives or government policy makers.

Owners and operators of energy sector assets understand the possible impacts of coordinated physical and cyber-attacks which threaten reliability and resilience of U.S. energy delivery systems. They experienced havoc and disruptive economic and social impacts from the prolonged power outages over wide-spread areas resulting from the 2003 North East Blackout and the 2011 Southwest Blackout events.

Related podcast: How Russia’s election tampering relates to Ukraine power grid attacks

However, with an industry-standing focus on grid reliability, a lack of qualified cyber security experts, and reliance on the fact that a hypothetical cyberattack event resulting in wide spread outages has not yet occurred on the U.S. power grid, energy sector utilities have become complacent in their cyber protection strategies. …more

GUEST ESSAY: How safeguarding user credentials can lower cyber insurance premiums

By Dean Thompson

According to Lloyd’s of London, a massive global cyberattack could result in economic losses as high as $53 billion.

Given that, it’s no surprise that an increasing number of businesses are adding cybersecurity coverage to their liability insurance. But as businesses rush to insure, the cost and precise scope of coverage of these policies are coming under under scrutiny. A key question is whether or not non-malicious human activity is covered.

On one hand, cybersecurity policies that do not cover human error – which would include falling victim to sophisticated phishing schemes, visiting Trojan-infected sites, or even deferring patches or updates – would be of far more limited value.

That’s because, according to a recent Verizon study, 81 percent of breaches …more

GUEST ESSAY: A call to reinvent security by following the ‘Three Ways of DevOps’

By Jeff Williams

How do you know that your bank’s software is secure? Your airline? Your government?

The average application has 26.7 serious vulnerabilities, 82% of breaches in financial organizations are due to applications, and the average breach costs $4 million. With roughly 20 million developers worldwide, we’re producing vulnerable code faster than ever before.

Other industries have wrestled with similar pervasive problems and made progress. Automobiles are safer, food is more nutritious and so on. DevOps has shown dramatic benefits for other aspects of software development: 5x lower change failure rate, 96x faster mean time to restore service, and 2x more likely to exceed business goals. Perhaps the secret to effective security can be found in DevOps too.

Related podcast: What is DevOps and …more

GUEST ESSAY: 5 deadly sins for which companies reap their just reward: data breaches

By Morey Haber

I love statistics. They are a valuable commodity in a discussion to formalize a point and validate your position. Many times, others will question the source, accuracy, or even meaning of a statistic to skew the results in their favor. In addition, a statistic taken out of context, or viewed on its own, can lead to very misleading results. The point is statistics drive everything from social initiatives to new product development. The methodologies to collect and develop them are a science.

So where is a good source for statistics? If you are security professional like myself, you may turn to vendors, analysts, or the government for results. My company, BeyondTrust, is one of those vendors and produces statistics like the …more