Penetration testing and other technical assessments are designed to be practical, useful exercises to examine your security defenses and look for holes in your network or applications. There’s real value in performing these assessments to see how threat actors might be able to get into your organization and take proactive steps to address any problems. However, if the… Read More
When you enlist a hunt team to run compromise assessments, it’s important to determine which solutions and processes they’re using to actively hunt down threats. After all, compromise assessments (time-bound or more focused projects) are proactive efforts to detect persistent threats that have evaded existing security controls. You must adopt the mindset that your existing controls have already… Read More
In my previous blog, I wrote about security awareness programs and provided some high-level recommendations for how you can improve their effectiveness. In this article, I’d like to share some thoughts on how to test and measure how well those programs are doing. How do you know if you are making an impact? What can you actually… Read More
It’s easy to assume that cloud service providers are fully responsible for every aspect of cloud security. The truth is that configuration is an aspect of the shared responsibility model of cloud security that often falls in the hands of organizations using cloud services and platforms. IT and security professionals are taking notice of the security threat… Read More
Leading up to the May 25 General Data Protection Regulation (GDPR) compliance deadline, many of us saw these subject lines flood our inbox: “Please confirm your subscription,” “Last chance to stay on our list,” and “Do you still want to receive our emails?” Even organizations not directly impacted by GDPR compliance had to keep their heads… Read More
When was the last time you took a good look at your security awareness program? Was it last October during National Cyber Security Awareness Month (NCSAM)? As security professionals, we are regularly reminded that our end users are the weakest link. With so many priorities to juggle in your overall security program, it’s understandable that addressing the… Read More