As a woman who works in cybersecurity, I think it's very important to encourage more women and non-males to enter our field. I've had the pleasure of speaking to many female and non-male information security professionals. Last time, I spoke to Jennifer Sunshine Steffens, the CEO of IOActive. This time, I speak to Heather Butler. She works in a key...

Businesses now have less than a year to achieve compliance with the General Data Protection Regulation (GDPR). As part of their efforts, organizations must look to Article 32 of the Regulation. This section affirms the data controller's and processor's responsibility to leverage "the pseudonymisation and encryption of personal data" to protect...

It doesn't matter if you're a regular computer user, the chairman of Hillary Clinton's presidential campaign , or a notoriously short-fused celebrity chef, we all need to harden the defences of our email accounts. Tabloid readers should know that all too well, having seen plenty of stories over the years of intimate photos stolen from Hollywood...

With the British election this June, cryptography on the internet is a hot topic. This past March, British Home Secretary Amber Rudd criticized WhatsApp's implementation of encryption in the wake of a terrorist attack: "It is completely unacceptable. There should be no place for terrorists to hide. We need to make sure that organisations like...

“Cyber talent crunch challenges CIOs,” says one headline. “Businesses vulnerable due to talent shortage,” screams another. Intel even published a report revealing, among other things, that 82% of IT professionals confirm there is a shortfall in information security talent. And yet, at every information security conference I attend, I find no...

When a layperson imagines someone who works in cybersecurity, or any area of tech, they probably picture a man. But I'm a female information security professional, and I've had a great time speaking to other women in my industry. Last time, I spoke to Sarah Aoun, who educates journalists and political activists on how to keep their data secure. This...

It's imperative that organizations protect their industrial control systems (ICS) against intentional and accidental security threats. As I discussed in a previous article, that effort begins with understanding the potential threats confronting their network. Organizations can then leverage that information to create a digital security strategy, or a...

According to the Oxford Dictionary, net neutrality is "the principle that internet service providers should enable access to all content and applications regardless of the source, and without favoring or blocking particular products or websites." Simply put, net neutrality ensures that service providers don't give preferential treatment to websites...

Social engineering is the exploitation of human error to deceive end users. Ransomware is a type of malware (malicious software) often used in social engineering attacks. When attacked with ransomware, businesses are literally held for ransom while being denied the ability to carry out their usual business operations. The UK Government has recently...

When I started at Tripwire just over five months ago, I never really thought about compliance and why it’s critical. To me, it was something that companies went through and dare I say it, it seemed a bit boring. But the more time I spend at Tripwire, the more I understand why business compliance requirements are so important and how they help us as...

Internet-connected cameras around the world are once again being hijacked by malicious hackers in order to carry out distributed denial-of-service (DDoS) attacks. Security researchers at Trend Micro have identified that over 1,000 different models of Internet Protocol (IP) cameras are at risk of being compromised by the threat dubbed Persirai, which...

Last time, I had the honor of speaking with Lesley Carhart, a security incident response team leader who also writes the tisiphone.net cybersecurity blog. She's a Circle City Con staff. I just so happen to be talking to one of the people who's presenting there later this year, Cheryl Biswas. Cheryl is currently a cybersecurity consultant for KPMG....

In previous articles on understanding big data, the need for AI, using encryption and tokenization (including the drawbacks of encryption), and the series on human vulnerabilities, we laid down just some of the building blocks necessary to create a robust cybersecurity strategy. Yet there is a larger problem we often experience: losing the trees for...

Earlier this year, I had the opportunity to present at S4x17 in Miami on the topic of deep packet inspection (DPI) technologies and the ways in which you could evaluate products that tout DPI features. At first glance, I thought, "Sure, no problem. How hard could it be?" It turns out that this is a difficult problem for a few reasons. The difficulties...

Women currently represent only 11 percent of the cyber security workforce worldwide. This statistic is cause for alarm because it’s a key factor in the massive talent shortage that is impacting this crucially important field. It is estimated that, as of now, there are 1 million unfilled cyber security jobs—and that number is growing fast. This...

The upcoming GDPR compliance deadline of May 2018 affects any organization across the world that collects, processes, or stores data on citizens of the European Union. The intent behind the GDPR is to better protect the privacy of EU citizens, and the mechanism to do so is through harmonizing the existing data privacy laws across Europe. “The six...

Alphabet, Google's parent company, recently filed a lawsuit against its former engineer Anthony Levandowski, who is now working with Uber. The company accused Levandowski of copying more than 14,000 internal files and taking them directly to his new employer. While this case is far from over, it brings about a very interesting and important...

In an article we wrote for Tripwire, we discuss the advantages of encryption and tokenization. The premise of our argument is as follows: slow down your adversary by making your data meaningless to them. In other words, make yourself a “goes nowhere” project forcing your adversary to seek out a target that does not cause them the grief you do....

There has been a lot of news recently about the cybersecurity skills shortage. While there is a lot to be concerned about with all of the news about insecure devices and unsecured networks, I am confident that the shortage alarms are more headline-grabbing sensationalism than actual fact. In this two-part article, I will explore the problem of the...

Attackers are using drills to physically compromise ATMs so that they can steal thousands of dollars from the financial institutions operating them. In the fall of 2016, a bank client revealed one of their ATMs that attackers had emptied to Kaspersky Lab. The only indication of physical tampering was a golf ball-sized hole someone had drilled into...