Given my interest in cybersecurity skills and training, I’m contacted by academic institutions, professional organizations and training companies with news about some type of cybersecurity education curriculum. This isn’t surprising given the global shortage of cybersecurity skills. In fact, new ESG research discloses that 45% of organizations report a “problematic shortage” of cybersecurity skills in 2017.Clearly we need more smart and well-prepared people to enter the cybersecurity ranks, but it’s important to note that most cybersecurity professionals don’t enter the workforce directly from college or training programs. According to research conducted in 2016 by ESG and the Information Systems Security Association (ISSA), 78% of cybersecurity professionals follow a more indirect route. These folks start their careers as IT professionals and make their way into cybersecurity as their careers progress.To read this article in full or to leave a comment, please click here
Given my interest in cybersecurity skills and training, I’m contacted by academic institutions, professional organizations and training companies with news about some type of cybersecurity education curriculum. This isn’t surprising given the global shortage of cybersecurity skills. In fact, new ESG research discloses that 45% of organizations report a “problematic shortage” of cybersecurity skills in 2017.Clearly we need more smart and well-prepared people to enter the cybersecurity ranks, but it’s important to note that most cybersecurity professionals don’t enter the workforce directly from college or training programs. According to research conducted in 2016 by ESG and the Information Systems Security Association (ISSA), 78% of cybersecurity professionals follow a more indirect route. These folks start their careers as IT professionals and make their way into cybersecurity as their careers progress.To read this article in full or to leave a comment, please click here
As you probably know by now, on February 16, the State of New York’s Department of Financial Services (DFS) finalized its new cybersecurity regulations, which take effect on March 1, 2017. These regulations are somewhat redundant with others in the financial services industry (i.e. FFIEC, GLBA, NIST CSF, OCC, etc.) but tend to go a bit further with several specific prescriptive requirements. For example, the New York State cybersecurity regulations cover nonpublic data (rather than customer data), mandate the presence of a CISO (or third-party equivalent) and require a program for secure data destruction.To read this article in full or to leave a comment, please click here
As you probably know by now, on February 16, the State of New York’s Department of Financial Services (DFS) finalized its new cybersecurity regulations, which take effect on March 1, 2017. These regulations are somewhat redundant with others in the financial services industry (i.e. FFIEC, GLBA, NIST CSF, OCC, etc.) but tend to go a bit further with several specific prescriptive requirements. For example, the New York State cybersecurity regulations cover nonpublic data (rather than customer data), mandate the presence of a CISO (or third-party equivalent) and require a program for secure data destruction.To read this article in full or to leave a comment, please click here
While the cybersecurity industry was knee-deep in vision, rhetoric, and endless cocktail parties at the RSA Conference, the State of New York introduced new cybersecurity regulations for the financial services industry. The DFS regulations (23 NYCRR 500) go into effect next week on March 1, 2017. Here’s a link to a pdf document describing the regulations. Anyone who has reviewed similar cybersecurity regulations will find requirements in 23 NYCRR 500, so while the regulations are somewhat broader than other similar stipulations, there are obvious common threads. In reviewing the document however, section 500.10 caught my eye. Here is the text from this section:To read this article in full or to leave a comment, please click here
While the cybersecurity industry was knee-deep in vision, rhetoric, and endless cocktail parties at the RSA Conference, the State of New York introduced new cybersecurity regulations for the financial services industry. The DFS regulations (23 NYCRR 500) go into effect next week on March 1, 2017. Here’s a link to a pdf document describing the regulations. Anyone who has reviewed similar cybersecurity regulations will find requirements in 23 NYCRR 500, so while the regulations are somewhat broader than other similar stipulations, there are obvious common threads. In reviewing the document however, section 500.10 caught my eye. Here is the text from this section:To read this article in full or to leave a comment, please click here
While the cybersecurity industry was knee-deep in vision, rhetoric and endless cocktail parties at the RSA Conference, the State of New York introduced new cybersecurity regulations for the financial services industry. The Department of Financial Services (DFS) rules (23 NYCRR 500) go into effect next week on March 1, 2017.Anyone who has reviewed similar cybersecurity regulations will find requirements in 23 NYCRR 500, so while the regulations are somewhat broader than other similar stipulations, there are obvious common threads. In reviewing the document, however, section 500.10 caught my eye. Here is the text from this section:To read this article in full or to leave a comment, please click here
While the cybersecurity industry was knee-deep in vision, rhetoric and endless cocktail parties at the RSA Conference, the State of New York introduced new cybersecurity regulations for the financial services industry. The Department of Financial Services (DFS) rules (23 NYCRR 500) go into effect next week on March 1, 2017.Anyone who has reviewed similar cybersecurity regulations will find requirements in 23 NYCRR 500 familiar, so while the regulations are somewhat broader than others, there are obvious common threads. In reviewing the document, however, section 500.10 caught my eye. Here is the text from this section:To read this article in full or to leave a comment, please click here
As you may have guessed from my blogs, I was really excited about the year’s RSA Security Conference. At the end of January, I wrote a blog about my expectations for endpoint security at RSA. I followed up with another ditty about network security banter at this year’s show and concluded the series with a blog about security analytics and operations talk at RSA. To read this article in full or to leave a comment, please click here
As you may have guessed from my blogs, I was really excited about the year’s RSA Security Conference. At the end of January, I wrote a blog about my expectations for endpoint security at RSA. I followed up with another ditty about network security banter at this year’s show and concluded the series with a blog about security analytics and operations talk at RSA. To read this article in full or to leave a comment, please click here
So far, I’ve written two blogs about my expectations for the upcoming RSA Security Conference next week. The first blog was about my outlook for endpoint security while the second focused on network security. I am also in the middle of a big research project on security analytics and operations right now and believe that many independent technologies will be integrated into a comprehensive architecture that ESG calls SOAPA (i.e. security operations and analytics platform architecture). Here’s another blog where I define the SOAPA architecture and all the consolidating piece parts.To read this article in full or to leave a comment, please click here
So far, I’ve written two blogs about my expectations for the upcoming RSA Security Conference next week. The first blog was about my outlook for endpoint security, while the second focused on network security. I am also in the middle of a big research project on security analytics and operations right now and believe that many independent technologies will be integrated into a comprehensive architecture that ESG calls SOAPA (i.e. security operations and analytics platform architecture).To read this article in full or to leave a comment, please click here
So far, I’ve written two blogs about my expectations for the upcoming RSA Security Conference next week. The first blog was about my outlook for endpoint security, while the second focused on network security. I am also in the middle of a big research project on security analytics and operations right now and believe that many independent technologies will be integrated into a comprehensive architecture that ESG calls SOAPA (i.e. security operations and analytics platform architecture).To read this article in full or to leave a comment, please click here
Earlier this week, I posted a blog about my expectations for endpoint security at the upcoming RSA Conference. Similarly, here’s what I anticipate hearing about network security:
1. DDoS protection. While data breaches get front page, above the fold headlines, DDoS attacks remain relatively invisible by comparison. This is puzzling since DDoS attacks happen almost daily. A quick review of the news shows that the Trump hotel website, Sonic (ISP in CA), Emsisoft, and Lloyd’s Bank have all been hit with DDoS attacks over the past few weeks. These are relatively pedestrian attacks compared to the now infamous Mirai botnet DDoS attack on Dyn back in October and the subsequent attack on French hosting provider OVH a week later. These particular DDoS attacks generated between 60mbps and 1tbps worth of traffic! It’s also worth noting that we are also seeing a rise in stealthy application-layer DDoS attacks as well as blended threats of DDoS and ransomware together. DDoS attacks are still a tad on the geeky side to play a starring role at RSA, but I do expect a lot more DDoS chatter. Good thing because a lot of security Continue reading
Earlier this week, I wrote about my expectations for endpoint security at the upcoming RSA Conference. Similarly, here’s what I anticipate hearing about regarding network security:1. DDoS protection. While data breaches get front page, above-the-fold headlines, DDoS attacks remain relatively invisible by comparison. This is puzzling because DDoS attacks happen almost daily. A quick review of the news shows that the Trump hotel website, Sonic (ISP in CA), Emsisoft and Lloyd’s Bank have all been hit with DDoS attacks over the past few weeks. These are relatively pedestrian attacks compared to the now infamous Mirai botnet DDoS attack on Dyn back in October and the subsequent attack on French hosting provider OVH a week later. To read this article in full or to leave a comment, please click here
As the calendar shifts from January to February, cybersecurity professionals are gearing up for the RSA Security Conference in a few short weeks. Remarkably, the management team is expecting more than 50,000 attendees this year! So, what can we expect from RSA 2017? Well, cybersecurity is being driven by dangerous threats, digital transformation, and the need for massive scalability. This means innovation and change in just about every aspect of cybersecurity technology so I plan of writing a few blogs about my expectations for the RSA Conference. I’ll start with this one about endpoint security.To be clear, endpoint security should no longer be defined as antivirus software. No disrespect to tried-and-true AV, but endpoint security now spans a continuum that includes advanced prevention technologies, endpoint security controls, and advanced detection/response tools. My colleague Doug Cahill and I are currently tracking more than 50 endpoint security vendors, demonstrating just how much activity there is today.To read this article in full or to leave a comment, please click here
As the calendar shifts from January to February, cybersecurity professionals are gearing up for the RSA Security Conference in a few short weeks. Remarkably, the management team is expecting more than 50,000 attendees this year. So, what can we expect from RSA 2017? Well, cybersecurity is being driven by dangerous threats, digital transformation and the need for massive scalability. This means innovation and change in just about every aspect of cybersecurity technology, so I plan to write a few posts about my expectations for the RSA Conference. I’ll start with this one about endpoint security.To be clear, endpoint security should no longer be defined as antivirus software. No disrespect to tried-and-true AV, but endpoint security now spans a continuum that includes advanced prevention technologies, endpoint security controls and advanced detection/response tools. My colleague Doug Cahill and I are currently tracking more than 50 endpoint security vendors, demonstrating just how much activity there is today.To read this article in full or to leave a comment, please click here
As the calendar shifts from January to February, cybersecurity professionals are gearing up for the RSA Security Conference in a few short weeks. Remarkably, the management team is expecting more than 50,000 attendees this year. So, what can we expect from RSA 2017? Well, cybersecurity is being driven by dangerous threats, digital transformation and the need for massive scalability. This means innovation and change in just about every aspect of cybersecurity technology, so I plan to write a few posts about my expectations for the RSA Conference. I’ll start with this one about endpoint security.To be clear, endpoint security should no longer be defined as antivirus software. No disrespect to tried-and-true AV, but endpoint security now spans a continuum that includes advanced prevention technologies, endpoint security controls and advanced detection/response tools. My colleague Doug Cahill and I are currently tracking more than 50 endpoint security vendors, demonstrating just how much activity there is today.To read this article in full or to leave a comment, please click here
Before leaving office, President Barack Obama commuted the sentence of former Army soldier Chelsea (Bradley) Manning. At the time, Manning was serving a sentence of 35 years for leaking classified material to WikiLeaks in 2010. This material was subsequently published by WikiLeaks, embarrassing the US government and exposing several previously undocumented war crimes that took place in Afghanistan and Iraq. The President’s decision to commute Manning’s sentence was extremely controversial. The verdict was made over the objection of Secretary of Defense Ashton Carter, while other military and government officials quickly criticized Obama’s pronouncement. Just today, President Trump referred to Manning as an “ungrateful traitor” who should have never been released from prison on Twitter.To read this article in full or to leave a comment, please click here
Before leaving office, President Barack Obama commuted the sentence of former Army soldier Chelsea (Bradley) Manning. At the time, Manning was serving a sentence of 35 years for leaking classified material to WikiLeaks in 2010. This material was subsequently published by WikiLeaks, embarrassing the US government and exposing several previously undocumented war crimes that took place in Afghanistan and Iraq. The President’s decision to commute Manning’s sentence was extremely controversial. The verdict was made over the objection of Secretary of Defense Ashton Carter, while other military and government officials quickly criticized Obama’s pronouncement. Just today, President Trump referred to Manning as an “ungrateful traitor” who should have never been released from prison on Twitter.To read this article in full or to leave a comment, please click here