Who doesn't love free software?Infosec professionals are fortunate to have many good free tools for a range of tasks. The following list of two dozen tools include everything from password crackers to vulnerability management systems to networks analyzers. Whatever your security role is, you'll find something useful here.MaltegoPaterva develops this forensics and open-source … [Read more...] about 24 best free security tools
source Getty Kanye West tweeted out videos of himself on his computer on Monday. If you look closely, one of the videos shows his MacBook – and what appears to be black tape covering the laptop’s camera. This is Kanye West, a world famous musician and fashion designer. Lately, he’s been stirring up some … [Read more...] about Kanye West covers his laptop camera with tape
Whether you’re a newly minted or battle-hardened CISO, the environment you’re chartered with protecting is likely full of what I call conventional controls.These mechanisms provide the foundation for demonstrating due diligence to regulators, auditors, security assessors and stakeholders. They are often based on established frameworks oriented on the alignment of … [Read more...] about Model-driven security: using unconventional controls to stay ahead of threats
Back when I began my security career, cyber threat intelligence (CTI) was considered the “standard” for intelligence in the commercial sector. It’s easy to see why: CTI’s indicator-centric approach remains integral to the success of any network defense or perimeter security initiative. However, these use cases are where the benefits of CTI begin and end. … [Read more...] about How do I BRI?
As a consultant, one of the biggest security problems I see is perception: The threats companies think they face are often vastly different than the threats that pose the greatest risk. For example, they hire me to deploy state-of-the-art public key infrastructure (PKI) or an enterprise-wide intrusion detection system when really what they need is better patching.The fact is … [Read more...] about The 5 types of cyber attack you’re most likely to face
“It began as a mistake.” –Charles Bukowski, Post Office.This is probably one of my favorite opening sentences of all time, and perfectly details my affair with security awareness (and I’d guess a lot of my peers as well…).I’ve built some really fun, really impactful awareness programs for companies like Disney, Sony Pictures, and Activision … [Read more...] about 5 mistakes I’ve made (and how to avoid them)