Blue team

Guessing the answer is yes. Well, let's talk about some of the simple ways you can avoid account compromises by strengthening your identity security through MFA, least privilege, account reviews, and all the things! This segment is sponsored by CyberArk. Visit https://cisostoriespodcast.com/cyberark to learn more about them! This segment is spon...

For this interview, Ben from CyberNest joins us to talk about one of my favorite subjects: information sharing in infosec. There are so many amazing skills, tips, techniques, and intel that security professionals have to share. Sadly, a natural corporate reluctance to share information viewed as privileged and private has historically had a chillin...

Red and blue teamers, plus app builders, must be encouraged to freely share perspectives and respect each others’ needs, says InfoSec World panel.

With a shortage of four million cybersecurity workers, we need to get more creative in identifying non-technical skills among potential candidates that can be applied to the cybersecurity realm. One way is to test them for aptitude and personality traits, like the career planning tests I took in college.That’s what the University of Maryland did […]

This article explores two types of attacks that leverage cryptocurrency directly: (ransomware-leveraged) extortion and cryptojacking.

The introduction of containers and micro-service architectures have changed the way we develop, deploy, and run our applications.  Not only has this changed application development, but it’s also created some visibility challenges for application security.  Move those applications to the cloud and we only amplify those challenges.  How do we architect our cloud services and […]

The MITRE ATT&CK Framework is widely recognized as instrumental in providing a common language and framework for describing attack techniques and effectively sharing information across organizations. However, we’re just starting to see the potential benefits this matrix can provide when integrated directly into security tools. Uptycs recently announced a major release of its product that […]

There are a number of industry analyst reports on application security.  Each analyst firm and report takes its own slice of the market to analyze and report on vendors within that market.  For example, the Forrester Wave focuses on Static Application Security Testing, the Gartner Magic Quadrant focuses on Application Security Testing as a whole, […]