• Digital innovation creates competitive advantage and value for every type of business. Three things are common among corporate software engineering teams: They seek faster innovation They seek improved security They utilize a massive volume of open source libraries   Faster innovation does not mean that developers need to reinvent the wheel. Instead, faster innovation demands efficient reuse of code, which has led to a growing dependence on open source and third-party software libraries. Developers are using artifacts into public software repositories (npm, Maven Central, PyPI, NuGet Gallery, RubyGems, etc.) as reusable building blocks. This is the definition of the modern software supply chain. According to a recent report by Sonatype, in 2020, developers around the world is projected to request

    Sep 13,
  • By Juan Asenjo, Ph.D., CISSP   If you grew up in the 80s, you will remember the line: “Are you the keymaster?” from the original Ghostbusters movie. In the film, a malevolent force takes hold of Louis Tully - played by none other than Rick Moranis - to turn him into the keymaster that enables evil spirits to overtake numerous sites in New York. Fast-forward to the real world in 2021, and while we have not seen ghosts overrun our cities, what we have seen is a rapid proliferation of bad actors trying to besiege the defenses of virtual machines (VMs) that perform critical functions across modern computing infrastructures. Widespread use of VM clusters processing sensitive information requires data at

    Sep 10,
  • The migration of business services, apps and data in the cloud has blurred traditional corporate perimeter. Legacy security solutions, based on securing the perimeter, are no longer adequate to address cloud security challenges and risks. Businesses need to evolve their traditional identity and access management (IAM) program to safeguard the access to their cloud-based assets and data. Digital identities are the foundation of modern IAM and organizations need to establish strong authentication methods to protect these identities. Weak IAM policies result in identities and credentials being vulnerable and compromised. Attackers are leveraging these stolen and compromised credentials to infiltrate corporate networks and move laterally. Cloud security professionals need to establish robust IAM programs for identity provisioning, centralized directory services, privileged

    Sep 09,
  • Hardly a day goes by without some sort of cybersecurity news. Often, it’s bad news – an organization somewhere has been breached and the information of thousands of users has been compromised. For those who work in cybersecurity, keeping current on cybersecurity news and developments is essential. You can learn something from each new threat and attack. Threat intelligence is collected and disseminated continuously to help cybersecurity teams manage risk and prepare incident response strategies. If you’re trying to break into the industry, the requirement to stay up to date on cybersecurity developments starts now. You need to be aware of current and evolving threats, attack methods, popular targets, the origin of attacks, the costs of breaches, as well as

    Sep 08,
  • The Certified Information Systems Security Professional (CISSP) certification is considered to be the gold standard in information security. This is so because of all the doors that certification opens to a CISSP professional. Those doors lead to many different types of positions and opportunities, thus making the information security community dynamic and multifaceted. In support of this, (ISC)² has launched a series of interviews to explore where CISSP certification has led security professionals. In our last interview, we met Jason Lau. In this installment, we meet James Wright. He is a cybersecurity technologist with The Walt Disney Company. He is also a U.S. Air Force veteran and graduate of the University of Denver holding a Master of Science degree in Information

    Sep 08,