Home Podcasts Videos Guest Posts Q&A My Take Bio Contact

Guest Blog Post


GUEST ESSAY: Taking a fresh approach to privileged access management — to curtail abuse

By Ravi Srivatsav

To be productive in an interconnected work environment, employees need immediate access to numerous platforms, both on- and off-premises.

Related: Why SMBs need to do PAM well

Keeping track of user activity and effecting proper on- and off-boarding are becoming more and more difficult, even as unauthorized access via unused, expired, or otherwise compromised access credentials has become the number one cybersecurity threat vector.

Some nine out of ten cyberattacks are estimated to begin with a threat actor gaining unauthorized access to a computer system via poorly managed access credentials.

The sophistication of cyberattacks is perpetrated through unused, old, expired, and otherwise mismanaged access credentials are increasing by the minute, at the same time as it’s becoming challenging to respond to these attacks in an organized and timely manner.

Context needed

Organizations that are used to workflow-based access systems or ticket-based systems, i.e. traditional Privileged Access Management (PAM,) must now make a big cultural shift. PAM enables granular access and monitors, detects, and alerts instances of unauthorized access through policy guardrails.

However, while PAM and other legacy access management systems do alert to unauthorized access, these warnings lack a clear picture of the user’s intent and the context behind the alert.

GUEST ESSAY: The key differences between ‘information privacy’ vs. ‘information security’

By John Bruggeman

Information privacy and information security are two different things.

Preserving privacy for a greater good

Information privacy is the ability to control who (or what) can view or access information that is collected about you or your customers.

Privacy controls allow you to say who or what can access a database of customer data or employee data.

The rules or policies you put in place to make sure information privacy is maintained are typically focused on unauthorized disclosure of personal information.

Controls need to be in place to protect individuals’ privacy rights, including,  often, their right to be forgotten and be deleted from your company database.

Here are a few examples of demographic data that in combination with sensitive data makes it Personally Identifiable Information (PII).

GUEST ESSAY: Using generative AI to support — not replace — overworked cybersecurity pros

By Zac Amos

As the threat of cybercrime grows with each passing year, cybersecurity must begin utilizing artificial intelligence tools to better combat digital threats.

Related: Leveraging human sensors

Although AI has become a powerful weapon, there’s concern it might be too effective compared to human cybersecurity professionals — leading to layoffs and replacements.

However, the truth is that automated AI tools work best in the hands of cybersecurity professionals instead of replacing them. Rather than trying to use AI to get rid of your security team, seek to use automated tools in conjunction with your existing professionals to ensure the strongest cybersecurity defense.

Generative AI wild card

The newest breakthrough in artificial intelligence technology is machine learning and generative AI. Unlike traditional AI, machine learning can be taught to act on data sets and make accurate predictions instead of being limited to only analyzing.

Machine learning programs use highly complex algorithms to learn from data sets. In addition to analyzing data, they can use that data to observe patterns. Much like humans, they take what they have learned to “visualize” a model and take action based on it.

Author Q&A: Former privacy officer urges leaders to prioritize security as part of cloud migration

By Byron V. Acohido

Cyber threats have steadily intensified each year since I began writing about privacy and cybersecurity for USA TODAY in 2004.

Related: What China’s spy balloons portend

A stark reminder of this relentless malaise: the global cyber security market is on a steady path to swell to $376 billion by 2029 up from $ 156 billion in 2022, according to Fortune Business Insights.

Collectively, enterprises spend a king’s ransom many times over on cyber defense. Yet all too many companies and individual employees till lack a full appreciation of the significant risks they, and their organizations, face online. And as a result, many still do not practice essential cyber hygiene.

Perhaps someday in the not-too-distant future that may change. Our hope lies in leveraging machine learning and automation to create very smart and accurate security platforms that can impose resilient protection.

Until we get there – and it may be a decade away — the onus will remain squarely on each organization — and especially on individual employees —  to do the wise thing.

A good start would be to read Mobilizing the C-Suite: Waging War Against Cyberattacks, written by Frank Riccardi, a former privacy and compliance officer from the healthcare sector.

GUEST ESSAY: A primer on NIST 207A — guidance for adding ZTNA to cloud-native platforms

By Zack Butcher

Zero trust networking architecture (ZTNA) is a way of solving security challenges in a cloud-first world.

Related: The CMMC sea change

NIST SP 800-207A (SP 207A), the next installment of Zero Trust guidance from the National Institute of Standards and Technology (NIST), has been released for public review.

This special publication was written for security architects and infrastructure designers; it provides useful guidance when designing ZTNA for cloud-native application platforms, especially those in enterprises where applications are hosted in multi-cluster and multi-cloud deployments.

I co-authored SP 207A, and it’s a great blueprint for any organization working to implement a ZTNA, whether they’re working with the U.S. federal government or not.

The 4th Annual Multi-Cloud Conference and Workshop on ZTNA is an upcoming event for anyone interested in how the federal government is advancing standards in ZTNA. The event—May 24-25; in-person and virtual—is hosted by NIST and Tetrate.

GUEST ESSAY: A roadmap for wisely tightening cybersecurity in the modern workplace

By Eric Sugar

Hackers can hurt your business or organization in many ways. First and foremost, cyberattacks can lead to data breaches in which sensitive information is stolen. If a cyber-criminal uses you as a way to get at your customers, suppliers, or employees, these vital business relationships can turn sour.

Related: Tapping hidden pools of security talent

Sometimes hackers can encrypt your systems, holding them hostage and asking you to pay money to regain access to them. This problem, called ransomware, explains why keeping backups is so important. Hijackers’ demands lose power when you can just recover your operations from backups.

Cyberattacks can also lead to a loss of productivity. When your team can’t do their work because they don’t have access to the systems or these are unavailable, everything gets delayed and projects fall behind.

Finally, don’t forget the bad press that results for businesses when they are hacked. This isn’t the kind of exposure you want for your brand.


If your organization is privy to confidential data, then you’re in charge of protecting it, and the law will hold you accountable for doing so.

The penalties for failing to protect this data can be steep. Depending on the type of information businesses lost and how they tried to protect it, they can be fined up to five percent of their revenue.

GUEST ESSAY: How to close the skills gap by dipping into hidden pools of cybersecurity talent

By Sara Velasquez Posada

There is no doubt there is a constant and growing concern amongst CEO’s, and particularly CISO’s, concerning the hiring of the cybersecurity talent their organizations require to safeguard against cyberattacks.

According to Cybersecurity Ventures, by 2025 there will exist a gap of over 3.5 million unfilled cybersecurity positions. Moreover, of the current worldwide workforce, surveys conducted by PwC have shown that there is only a 38 percent ‘availability of key skills’, considering the new and more sophisticated emerging threats developed by malicious actors.

These stats are both alarming, and pose an important question that we will try to help you figure out : Where are you supposed to find the right cybersecurity talent for your organization?

Various industries, particularly those that have been recently targeted the most by cyber attackers (such as critical infrastructure and even governmental entities) have increased their need for hiring cybersecurity talent.

And even though people are becoming increasingly aware of the immense possibilities that exists when starting a career in the field, the pace at which they are gaining the required skills and knowledge to meet the security needs of organizations is not as high as the growing demand for their assistance.

To ensure your organization hires the best cybersecurity talent currently available in the market, we have gathered a list of tips that can be helpful during this critical process: