Home Podcasts Videos Guest Posts Q&A My Take Bio Contact

Guest Blog Post


GUEST ESSAY: AntiguaRecon – A call to train and promote the next generation of cyber warriors

By Adam Dennis

Imagine being a young person who wants a career, of whatever type you can find, as a cybersecurity professional.

Related: Up-skilling workers to boost security

Related Although you were born with an agile and analytical mind, you have very limited financial resources and few, if any, connections that can open doors to your future ambitions.

If you were born in a country such as the US, Canada or the UK, you might have a wider range of options despite your financial limitations.  But if you are born in Antigua, which is a small Caribbean island way out in the Atlantic, your options can be quite limiting.  Even if you managed to get a range of certifications which show that you have some skills, finding a job in your field is extremely unlikely because the market is so small and undeveloped.

High concept

Now enter AntiguaRecon which was created to teach a group of young Antiguans cybersecurity skills so that it could offer cybersecurity services around the region and in the US, Canada, and elsewhere.  It is not enough to just educate the students.  Our proof of concept will come when we get them jobs too.

The founder, Adam Dennis (that’s me!), has experience running training organizations directed at young people AND a lot of experience running startups.  In the late 1990s (yes, that long ago), I created a youth training program called YouthLink that worked with at-risk youth in Washington, DC. The program operated for five years and was covered by the Washington Post and a number of other news outlets.  Over my career, I have created three non-profits and two SaaS for profits, one of which I sold in 2005.

GUEST ESSAY — The rationale for pursuing a culture of cybersecurity– and a roadmap to get there

By Matthew T. Carr

Organizations with strong cybersecurity cultures experience fewer cyberattacks and recover faster than others.

Related: Deploying human sensors

This results from emulating the culture building approaches of high-risk industries like construction that devote sustained attention to embedding safety throughout the organization.

For most organizations, building a cybersecurity culture is a necessary evil rather than a cherished goal. Prioritizing security means desirable cultural norms like openness, trust building, creativity, efficiency, and risk-taking might suffer.

Until a decade ago few organizations needed a cyber security culture. If the security industry catches up with adversaries, then the need for a cybersecurity culture will eventually fade away. Few will miss it.

Cybersecurity culture is a subset of the overall corporate culture. It harnesses beliefs and values to promote secure behaviors by employees in everyday work activities.

Model culture

Cybersecurity culture is necessary today because routine actions such as opening emails, responding to customer requests and using productivity software can put the organization at risk for ransomware and data breaches.

GUEST ESSAY: Here’s why a big cybersecurity budget won’t necessarily keep your company safe

By Zac Amos

The cybersecurity landscape is constantly changing. While it might seem like throwing more money into the IT fund or paying to hire cybersecurity professionals are good ideas, they might not pay off in the long run.

Related: Security no longer just a ‘cost center’

Do large cybersecurity budgets always guarantee a company is safe from ongoing cybersecurity threats?

According to research from Kiplinger, businesses are spending less money on capital equipment, especially as rumors of a mild recession in the future loom. However, organizations in 2023 know one crucial area to spend money n is cybersecurity.

Cyberattacks are becoming more frequent, intense and sophisticated than ever. In response, many businesses of all shapes and sizes will allocate funds to their IT departments or cybersecurity teams to make sure they’re well-defended against potential threats. They may incorporate tools such as firewalls or antivirus software, which are helpful, but not the only tactics that can keep a network secure.

Unfortunately, having a large cybersecurity budget does not necessarily mean a company has a solid, comprehensive security plan. Organizations can spend all they have on cybersecurity and still have pain points within their cybersecurity program.

GUEST ESSAY: Scammers leverage social media, clever con games to carry out digital exploitation

By Collin McNulty

One common misconception is that scammers usually possess a strong command of computer science and IT knowledge.

Related: How Google, Facebook enable snooping

In fact, a majority of scams occur through social engineering. The rise of social media has added to the many user-friendly digital tools scammers, sextortionists, and hackers can leverage in order to manipulate their victims.

Cybersecurity specialists here at Digital Forensics have built up a store of knowledge tracking criminal patterns while deploying countermeasures on behalf of our clients.

One trend we’ve seen in recent years is a massive surge in cases of sextortion. This online epidemic involves the blackmail of a victim by the perpetrator via material gained against them, typically in the form of nude photos and videos.

These sextortionists are some of the lowest forms of criminals, working tirelessly to exploit moments of weakness in their victims induced by loneliness and our most base-level human natures.

Since the dawn of civilization and economics, instances of fraud have always existed. Scholars have determined that the precursors of money in combination with language are what enabled humans to solve cooperation issues that other animals could not.

GUEST ESSAY: Could CISOs be on the verge of disproving the ‘security-as-a-cost-center’ fallacy?

By Jess Burn

This year has kicked off with a string of high-profile layoffs — particularly in high tech — prompting organizations across all sectors to both consider costs and plan for yet another uncertain 12 or more months.

Related: Attack surface management takes center stage.

So how will this affect chief information security officers (CISOs) and security programs? Given the perennial skills and staffing shortage in security, it’s unlikely that CISOs will be asked to make deep budget or staffing cuts, yet they may not come out of this period unscathed.

Whether the long anticipated economic downturn of 2023 is a temporary dip lasting a couple quarters or a prolonged period of austerity, CISOs need to demonstrate that they’re operating as cautious financial stewards of capital, a role they use to inform their choices regardless of the reality — or theater — of a recession.

This is also a time for CISOs to strengthen influence, generate goodwill, and dispel the perception of security as cost center by relieving downturn-induced burdens placed on customers, partners, peers, and affected teams.

GUEST ESSAY: Five stages to attain API security — and mitigate attack surface exposures

By Rakshith Rao

APIs (Application Programming Interfaces) play a critical role in digital transformation by enabling communication and data exchange between different systems and applications.

Related: It’s all about attack surface management

APIs help digital transformation by enabling faster and more efficient business processes, improving customer experience, and providing new ways to interact with your business.

Whether an API is exposed for customers, partners, or internal use, it is responsible for transferring data that often holds personally identifiable information (PII) or reveals application logic and valuable company data.

Therefore, the security of APIs is crucial to ensure the confidentiality, integrity, and availability of sensitive information and to protect against potential threats such as data breaches, unauthorized access, and malicious attacks.

API security is essential for maintaining the trust of customers, partners, and stakeholders and ensuring the smooth functioning of digital systems. If API security is not properly implemented, it can result in significant financial losses, reputational damage, and legal consequences.

GUEST ESSAY: Why CISOs absolutely must take authentication secrets much more seriously

By Thomas Segura

The IT world relies on digital authentication credentials, such as API keys, certificates, and tokens, to securely connect applications, services, and infrastructures.

Related: The coming of agile cryptography

These secrets work similarly to passwords, allowing systems to interact with one another. However, unlike passwords intended for a single user, secrets must be distributed.

For most security leaders today, this is a real challenge. While there are secret management and distribution solutions for the development cycle, these are no silver bullets.

Managing this sensitive information while avoiding pitfalls has become extremely difficult due to the growing number of services in recent years. According to BetterCloud, the average number of software as a service (SaaS) applications used by organizations worldwide has increased 14x between 2015 and 2021. The way applications are built also evolved considerably and makes much more use of external functional blocks, for which secrets are the glue.