Students to Demonstrate Cybersecurity Skills in Annual Hacker Contest
Over the past few years, considerable attention has been given to the cybersecurity skills gap. In the post Enterprises Continue to Grapple with a Huge Cyber Security Skills Shortage we covered how the global cyber security workforce shortage is on pace to hit 1.8 million by 2022, a 20 percent ... Read More
Nearly All Cybersecurity Workers on the Job Hunt
Organizations already facing a tough time finding cybersecurity talent may find additional cybersecurity headwinds this year as the vast majority (84 percent) of cybersecurity workers say they are on the lookout for new job opportunities ... Read More
Changes to Data Breach Notifications in the Air
Ever since the first data breach notification law went into effect July 1, 2003 in California (SB 1386), there has been controversy surrounding what types of data being exposed should trigger data breach notifications, who should be notified, and how quickly they should be notified. In fact, it’s become somewhat ... Read More
The Five Attributes Needed to Succeed at DevSecOps
It’s hard to believe but the conversation around how security fits in DevOps has been going on for years. It was in 2012 when Gartner analyst Neil MacDonald wrote his blog DevOps Needs to Become DevOpsSec. In this blog MacDonald wrote “DevOps seeks to bridge the development and operations divide ... Read More
No Mr. Equifax CEO, You Don’t Get to Blame One “IT Guy” for Your Breach
Don’t blame former Equifax CEO Richard Smith that 145.5 million U.S. consumers had their most sensitive credit information stolen under his watch, or that just over 15 million in the U.K. suffered the same fate. It really wasn’t his fault. To some credit, in prepared testimony, when Mr. Smith recently ... Read More
In Defense of Honest Security Reporting
I have to say as I settled in to have lunch and read my friend and associate Alan Shimel’s column, “Security Desensitization: Another Data Breach, Blah, Blah, Blah,” I just about choked on my ham-and-cheese-on-pretzel-bread sandwich. In the post, Alan makes the very valid point that the staggering number of ... Read More
Poorly Managed Public Cloud Databases: A Public Health Hazard
Another week, another poorly configured cloud storage container exposes buckets of data to anyone with access to the Internet. According to Security Boulevard’s Lucian Constantin’s story, “Another Cloud Storage Leak Exposes Verizon IT Files,” the S3 bucket contained around 100MB of data, including internal files, usernames, passwords and email messages ... Read More
Equifax Story Roundup: Separating Fact from Fog, how to protect yourself
The “unthinkable” happened when Equifax, one of the three credit reporting agencies in the U.S., announced that attackers had breached its systems and potentially gained access to the files of 143 million consumers. According to Equifax, the culprits made off with names, Social Security numbers, birth dates, addresses, some driver’s ... Read More
Equifax Rated ‘F’ in Application Security Before Breach
One of the biggest data security and privacy nightmares became real for millions of Americans last week as news broke that Equifax, one of the three major credit reporting agencies in the United States, made it public that attackers had successfully broken into its systems and potentially gained access to ... Read More
