Home Black Hat Deep Tech Essays Fireside Chat My Take News Alerts Q&A RSAC Videocasts About Contact

Guest Blog Post


GUEST ESSAY: Everything you should know about the cybersecurity vulnerabilities of AI chatbots

By Zac Amos

AI chatbots are computer programs that talk like humans, gaining popularity for quick responses. They boost customer service, efficiency and user experience by offering constant help, handling routine tasks, and providing prompt and personalized interactions.

Related: The security case for AR, VR

AI chatbots use natural language processing, which enables them to understand and respond to human language and machine learning algorithms. This helps them improve their performance over time by gaining data from interactions.

In 2022, 88% of users relied on chatbots when interacting with businesses. These tools saved 2.5 billion work hours in 2023 and helped raise customer satisfaction to 69% for $0.50 to $0.70 per interaction. Forty-eight percent of consumers favor their efficiency prioritization.

GUEST ESSAY: Why internal IT teams are ill-equipped to adequately address cyber risks

By Michael Cocanower

Every industry is dealing with a myriad of cyber threats in 2024. It seems every day we hear of another breach, another scam, another attack on anything from a small business to a critical aspect of our nation’s infrastructure.

Related: The case for augmented reality training

Because of this, cybersecurity investments and regulatory oversight are increasing at an astounding rate, especially for those in the financial services industry, bringing an overwhelming feeling to chief compliance officers without dedicated security teams.

And the solution they are turning to is not one that will solve their problems in the long run: handing cybersecurity responsibilities to internal IT teams.

It’s a tale as old as the first computer. When a technical issue arises, hand it over to IT. However, from the sheer amount of regulations coming down the pipeline to the tools necessary to counter threat actors, internal IT is not the right resource for this monumental task.

Regulatory overload

Firms in the financial services industry are staring down the bottom of the regulatory barrel coming into 2024. From identity theft to greater oversight on risk management, internal IT teams

GUEST ESSAY: Best practices to shrink the ever-present risk of Exchange Server getting corrupted

By Bharat Bhushan

Even in the cloud era, Microsoft Exchange Server remains a staple business communications tool across the globe.

Related: The need for robust data recovery policies.

One critical issue faced by organizations that rely on Exchange Server is the risk of a corrupt Exchange Server database cropping up.

Fortunately, effective tools and wise best practices can help mitigate this this exposure enabling companies to indefinitely leverage Exchange Server as a productive, resilient and secure communications tool.

Navigating new risks

Today, heavy reliance on cloud-centric IT infrastructure and cloud-hosted applications has become the norm. Yet a significant number of enterprises and small and mid-sized businesses (SMBs) continue to rely on Exchange Server.

Microsoft introduced this e-mail and calendaring server in 1996 and over time it has over time become ubiquitous in enterprises and small and mid-sized businesses (SMBs) alike.

GUEST ESSAY: Leveraging real-time visibility to quell persistent ‘take-a-USB-stick-home’ attacks

By Ben Smith

Each of us has probably sat through some level of cybersecurity awareness training during our professional lives.

Related: Dangers of spoofed QR codes

Stop and think before you click on a link within an email from an unexpected source. Don’t re-use a password across multiple sites. Beware over-sharing personal information online, especially on social media platforms. All good advice!

When we sit back and think about the target audience for this training, much of this advice is designed to reach the busy or distracted employee who postpones laptop software updates or who copies sensitive or who copies proprietary information to a USB stick and takes it home.

GUEST ESSAY: The case for using augmented reality (AR) and virtual reality (VR) to boost training

By Zac Amos

Augmented reality (AR) and virtual reality (VR) technologies provide intriguing opportunities for immersive and interactive experiences in cybersecurity training.

Related: GenAI’ impact on DevSecOps

Here’s  how these technologies can bridge learning gaps in cybersecurity awareness and enhance the overall training experience.

AR and VR technologies can create distinct immersive experiences by merging digital reality with the physical world. Augmented reality lets users experience the world around them with digital images and audio-visual elements layered on top. This integration offers innovative ways for people to interact with their environment, enhancing their overall experience. Common examples of AR applications include the Pokemon Go mobile game and Snapchat filters.

Virtual reality also utilizes interactive audio-visual elements but within a computer-generated environment. These virtual worlds appear genuine, giving users a more immersive and holistic

GUEST ESSAY: Leveraging DevSecOps to quell cyber risks in a teeming threat landscape

By Yuga Nugraha

In today’s digital landscape, organizations face numerous challenges when it comes to mitigating cyber risks.

Related: How AI is transforming DevOps

The constant evolution of technology, increased connectivity, and sophisticated cyber threats pose significant challenges to organizations of all sizes and industries. Here are some of the key challenges that organizations encounter in their efforts to mitigate cyber risks in the current environment.

 •Rapidly evolving threat landscape. The threat landscape is constantly evolving, with cybercriminals coming up with new techniques and exploiting vulnerabilities. Organizations must stay ahead of these threats, but it can be challenging due to the dynamic nature of the

GUEST ESSAY: Adopting an ‘assume-breach mindset’ to defend company networks in 2024

By Zac Amos

Professionals are constantly seeking ways to fortify their defenses against malicious threats. One approach gaining traction is the “assume-breach mindset.” This proactive approach is designed to better prepare organizations for inevitable security breaches.

Related: The case for proactive security

An assume-breach mindset is a cybersecurity strategy that flips the traditional security model. Rather than solely focusing on prevention, it assumes the attackers are already inside the network and prepares accordingly.

This mindset acknowledges that no system is completely invulnerable and the goal is to limit the damage once a breach occurs.


When it comes to cybersecurity, being prepared for the worst-case scenario is often the best strategy. Here are some advantages of dopting an assume-breach mindset:

•Early detection. Assume-breach focuses on the early detection of threats, allowing organizations to identify and respond to breaches more quickly.