By Tunde Ogunkoya, Consulting Partner, Africa, at DeltaGRiC Consulting (Pty) ltd. Tunde will be hosting the session Open Source; Pathway to Being or Not Being the VulN Victim at (ISC)² SecureJohannesburg 2017 on 5th October, 2017. The use of Open Source Software (OSS) has come a long way from when developers and organisations tried to avoid it. Today Open Source has become a go-to saving grace within most DevOps teams under pressure to roll out new functionality and features ahead of competition. Unfortunately, levels of vulnerability have grown with the trend as DevOps remain largely unaware of the risks or rely on inadequate testing regimes.   Legacy Applications written in languages such as Fortran or Cobol are being phased out for

Pardon our absence on the blog this past week. Hurricane Irma had plans of her own, but we’re back in business and ready to break down the top security headlines for the week of September 11, 2017: The fear of foreign hacking is not just related to elections or national security. England is worried about World Cup information. The silver lining of Equifax is that cybersecurity stocks are up. So I guess that’s a win? Password123 is still not a good idea, but could relaxing password policy increase security? The Hill has questions about the Equifax hack. Still waiting on those answers… Has the answer been in front of us all the time? Could IT be the answer to filling

(ISC)² webcasts are a great source for insight into all areas of security. From the Internet of Things to malware and compliance, the topics vary. Here are the top 10 (ISC)² webcasts for 2017 so far as ranked by cybersecurity professionals:   Part 1: Future of SIEM - Why Static Correlation Fails Insider Threat Detection Hackers stealing credentials and operating in your corporate network…disgruntled employees collecting customer lists and design materials for a competitor...malware sending identity information back to random domains…these common threats have been with us for years and are only getting worse. Most organizations have invested large amounts in security intelligence, yet these solutions have fallen short. Simply put, security intelligence and management, in the form of legacy

Name: Mark A. SingerTitle: Principal Software EngineerEmployer: DoD Sub-ContractorLocation: Indianapolis, INEducation: Business ManagementYears in IT: 19Years in cybersecurity: 12Cybersecurity certifications: CISSP   How did you decide upon a career in cybersecurity? Evolution. I stumbled into computers when I served in the U.S. Navy from 1985 to 1989 when PCs with 8086 processors were common. When I got out of the service, I was able to get a job working for Naval Avionics in Indianapolis and was placed in a role where I was doing local computer support on tempest computers (386, 486, & 486DX processors). When Naval Avionics was identified on the Base Closure list, I accepted a position in the Security Department as ISSM in 1997 with Hughes which

WannaCry and NotPetya aftermath means payouts and panic. Here are the top security headlines for the week of August 7, 2017: Big money, no whammies! It seems like the hackers behind WannaCry have cashed out their bitcoin into Monero, a harder to track cryptocurrency. Mo money means mo malware. The success – can we call it that? – of WannaCry and NotPetya means ransomware is not going away any time soon, because… well, people and businesses pay the ransom. What’s that definition of insanity? Oh yeah, doing the same thing and expecting a different result… Tripwire research indicates that two-thirds of security pros don’t think their organization has made the necessary improvements since this summer’s ransomware attacks.   Your route