What to do when a bug bounty request sounds more like extortion
Experts advise? Take pack the power by forcing the gray hat researcher into a prisoner’s dilemma.
About SC Media
Threat hunting
How purple teams deliver actionable data to security pros
Following the SolarWinds hack security pros are turning to purple teams to lock down security. Today’s columnist, Victor Wieczorek of GuidePoint Security, offers a four-step process for deploying a purple team.
SolarWinds spurs investment in threat hunting, supplier vetting
Organizations that boosted security budgets in response to the SolarWinds hack invested the most in threat hunting, according to a new survey.
Interactive hacks went up 400% in the past two years
The numbers provide a needed counterweight to the argument that automated hacking (or defense) can be a tonic for everything in the cyber realm.
Microsoft: web shell attacks have doubled over the past year
While they’re easy for attackers to set up, web shells can be difficult for defenders to detect, since they’re often targeted to specific servers and can hide in the noise of internet traffic, scanning, probing and unsuccessful attacks that most organizations see on a daily basis.
Leverage purple teams to proactively detect, prevent and respond to threats
Walmart has been one of the leading pioneers in developing purple teams. Today’s columnists, Timothy Nary and Clayton Barlow-Wilcox of Booz Allen, offer insight into how purple teams can boost overall security efforts.
New manifesto offers CISOs an agile guide to threat modeling
At the core of the document is this message: a threat model that can’t be understood outside of the security team doesn’t make any company safer.
Ben Seri – Armis Security
Why nomintated: Ben Seri’s work in the IoT space specifically around BlueBorne, the first airborne IoT vulnerabilities impacting more than five billion devices globally, and BLEEDINGBIT, chip- level vulnerabilities used in the fabric of internet infrastructure. Seri has fought against the fast-paced creation and adoption of IoT devices that are created and deployed with security…
Ben Herzberg – Imperva
Why Nominated: Under Ben Herzberg’s leadership, Imperva’s threat research team has uncovered key vulnerabilities in Facebook, Google Photos, Drupal and other online services and platforms. Profile: Herzberg and his Imperva research team are charged with identifying and evaluating software flaws that undermine application and data security. In November 2018, Imperva disclosed a significant Facebook vulnerability that…
Alejandro Hernandez – IOActive
Why Nominated: A top security consultant who has dedicated himself to improving security for over 15 years, Alejandro Hernández was responsible for uncovering major security flaws in stock trading technologies. Profile: Alejandro Hernández, who presented new, ground-breaking research regarding security flaws in stock trading technologies during the 2018 Black Hat conference, also discovered significant stock trading…
Next post in Reboot Leadership Awards 2019
