With a shortage of four million cybersecurity workers, we need to get more creative in identifying non-technical skills among potential candidates that can be applied to the cybersecurity realm. One way is to test them for aptitude and personality traits, like the career planning tests I took in college.That’s what the University of Maryland did […]
The introduction of containers and micro-service architectures have changed the way we develop, deploy, and run our applications. Not only has this changed application development, but it’s also created some visibility challenges for application security. Move those applications to the cloud and we only amplify those challenges. How do we architect our cloud services and […]
The MITRE ATT&CK Framework is widely recognized as instrumental in providing a common language and framework for describing attack techniques and effectively sharing information across organizations. However, we’re just starting to see the potential benefits this matrix can provide when integrated directly into security tools. Uptycs recently announced a major release of its product that […]
There are a number of industry analyst reports on application security. Each analyst firm and report takes its own slice of the market to analyze and report on vendors within that market. For example, the Forrester Wave focuses on Static Application Security Testing, the Gartner Magic Quadrant focuses on Application Security Testing as a whole, […]
The Solarwinds Orion SUNBURST attack has been in the news for weeks. We’re starting to get great details into the actual attack, especially after FireEye released the initial set of indicators of compromise. But the question I want answered is why didn’t anyone discover this attack before the breach. What defenses are we missing to […]
Last fall we discussed what security data do I really need to collect and analyze. We know we don’t need it all, but this was only the sensor part of the discussion. Now that we have that data identified and those sensors in place, what brain do I need to collect and analyze it? There […]