Who doesn't love free software?Infosec professionals are fortunate to have many good free tools for a range of tasks. The following list of two dozen tools include everything from password crackers to vulnerability management systems to networks analyzers. Whatever your security role is, you'll find something useful here.MaltegoPaterva develops this forensics and open-source … [Read more...] about 24 best free security tools
source Getty Kanye West tweeted out videos of himself on his computer on Monday. If you look closely, one of the videos shows his MacBook – and what appears to be black tape covering the laptop’s camera. This is Kanye West, a world famous musician and fashion designer. Lately, he’s been stirring up some … [Read more...] about Kanye West covers his laptop camera with tape
Whether you’re a newly minted or battle-hardened CISO, the environment you’re chartered with protecting is likely full of what I call conventional controls.These mechanisms provide the foundation for demonstrating due diligence to regulators, auditors, security assessors and stakeholders. They are often based on established frameworks oriented on the alignment of … [Read more...] about Model-driven security: using unconventional controls to stay ahead of threats
Back when I began my security career, cyber threat intelligence (CTI) was considered the “standard” for intelligence in the commercial sector. It’s easy to see why: CTI’s indicator-centric approach remains integral to the success of any network defense or perimeter security initiative. However, these use cases are where the benefits of CTI begin and end. … [Read more...] about How do I BRI?
“It began as a mistake.” –Charles Bukowski, Post Office.This is probably one of my favorite opening sentences of all time, and perfectly details my affair with security awareness (and I’d guess a lot of my peers as well…).I’ve built some really fun, really impactful awareness programs for companies like Disney, Sony Pictures, and Activision … [Read more...] about 5 mistakes I’ve made (and how to avoid them)