- Malware Understanding Computer Attack and Defense Techniques
Modern attacks combine social engineering to bypass technical defenses, client-side exploits targeting browsers and add-ons, web application vulnerabilities like SQL injection, and persistent...
- Incident Response Insider Threat - A Touchy Security Topic
The insider vs. outsider threat debate may be less relevant as external attackers increasingly compromise employee workstations via social engineering and exploit kits—outsiders become insiders....
- Leadership Return on Investment (ROI) - A Touchy Security Topic
ROI in finance means income-generating return, but security prevents loss rather than creating wealth. Vendors misuse "ROI" to justify expenses as "investments." ROSI calculations rely on annualized...
- Malware Advanced Persistent Threat (APT) - A Touchy Security Topic
APT causes heated debates because it's become a marketing buzzword. Some define it as an attack process with certain characteristics (the "What" group), while Mandiant uses it for specific...
- Communication The Lure of Notoriety for Information Security Experts
If an expert makes a discovery that improves security, can they make a difference if no one hears about it? On-line presence builds professional reputation, but pursuing notoriety diverts attention...
- Training What is a Cybersecurity Expert?
Three types of security experts: specialists with superior performance in domains like forensics or network defense, generalists with extensive business understanding, and architects who piece...