Blog

A new report from Palo Alto Networks’ Unit 42 threat intelligence team titled “Cloudy With a Chance of Entropy” reports that there are at least 34 million vulnerabilities across some of the largest cloud platforms, including Amazon Web Services, Google Compute Engine and Microsoft Azure.    Notably, the threats were not found to be the result of cloud providers themselves, but rather the applications customers deploy on cloud infrastructure. As the report states, “cloud service providers maintained their sterling reputation for platform security . . . however, consumers of infrastructure- and platform-as-a-service (IaaS and PaaS) cloud offerings continue to struggle with getting the basics of security right.” The surging adoption of cloud container systems such as Docker and Kubernetes is

by Dr. Chris Veltsos, CISSP, member of (ISC)² Advisory Council of North America  We’ve all been there, staring at the blank page or the blank screen, frustrated that the words aren’t flowing anymore, if they ever were. For the fortunate, this feeling can be fleeting, quickly replaced by a geyser of ideas and sentences that flow onto the page. For the rest of us, the momentary blockage can take a more serious turn, resulting in days or weeks of “challenged writing” in which you have no choice but to plow through the slow drip-drip of words and ideas. In extreme cases, one might even begin to think that they are experiencing writer’s block, followed by the realization that the thud

By Mike Wills, CISSP, SSCP Let’s face it: Opportunity goes to the well-prepared. And living in dangerous and dynamic times, each of us needs to be so much better prepared to face tomorrow than we were today. We’re all at risk. Everything we value, everyone we hold dear are held hostage to the badly misinformed decisions of the well-intended; are targets of opportunities to those with malice at heart. Those people, the “bad guys,” the black hats, are already outspending most legitimate businesses and organizations when it comes to investing in their knowledge, skills and abilities to attack. The right certification, earned at the right time in your journey, is part of being prepared. Ninety-nine percent of the headline-grabbing data

Cybersecurity concerns remain top of mind for global CEOs as they weigh the challenges their organizations will face in the next five to 10 years. A new report by global management consultancy EY reveals that cybersecurity tops the list of concerns for CEOs, along with income inequality and job loss caused by technology advances. The findings in EY’s 2019 CEO Imperative Study confirm earlier research showing that chief executives view cybersecurity threats as one of their most daunting challenges. Adding to the problem, the EY study reveals that CEOs lack confidence in the C-suite’s ability to address these challenges. Only about one-third of respondents (34%) said they believe the current C-suite model is “well-suited to the demands and opportunities of

With half the year already in the rearview, it’s a great time to reflect on your goals. Is achieving the CISSP, CCSP, SSCP or another elite (ISC)² certification part of your plans? If so, do you have a winning strategy in place? Here are three tips to help you get – and stay – on track as you pursue next steps. Set an exam date. Registering now can keep you motivated and focused on your certification goals. And the sooner you pass the exam, the sooner you’ll prove your cybersecurity expertise to employers and peers! Develop a study plan. Work backward from your exam date to create a study plan, setting a routine with time dedicated to studying each day.

Small businesses have a real hunger for new cybersecurity technologies, but they don’t always know what they need, according to a new (ISC)² study. When asked what they would invest in if they had the budget for it, some respondents alluded to “better” and “new” solutions but weren’t exactly sure what they would be. (ISC)²’s Securing the Partner Ecosystem report reveals a concern among small businesses about running outdated technology. A comment from one respondent about what the company needs puts it all in perspective: “Phishing attack awareness, and more malware services that are up to date and cutting edge.” While somewhat unsettling, this concern is also a good sign. It indicates small businesses recognize the need to keep their