Please note, MISTI is in the process of changing our payment details. Please contact us for further details and on ways to pay at misti@misti.com or +44 (0) 203 819 0800. We are sorry for any inconvenience.
MIS|TI EMEA
USA EMEA / APAC
  • LinkedIn
  • Twitter
  • About MISTI
    • Overview
    • FAQs
    • Contact Us
    • Instructor Bios
    • Management
  • Contact

Questions? Call +44 (0)20 3819 0800

  • LinkedIn
  • Twitter
USA EMEA / APAC

Event Search

  • About MISTI
    • Overview
    • FAQs
    • Contact Us
    • Instructor Bios
    • Management
  • Contact

Questions? Call +44 (0)20 3819 0800

  • Training
    • Public Training Courses
    • Combined Training
    • E-Learning
    • Virtual Classroom Training
  • In-House Training
  • Events
    • Training Weeks
    • Audit, Risk & Governance Symposium
    • Bespoke Events
  • Course Evaluation
  • News & Articles
    • Internal Audit Insights
    • Resource Centre
  • Event Search
  • Training
    • Public Training Courses
    • Combined Training
    • E-Learning
    • Virtual Classroom Training
  • In-House Training
  • Events
    • Training Weeks
    • Audit, Risk & Governance Symposium
    • Bespoke Events
  • Course Evaluation
  • News & Articles
    • Internal Audit Insights
    • Resource Centre
  • Event Search

  2. Home
  3. Infosec Insider

Infosec Insider

ft: f: 2000-01-01t: 3000-01-02c: 2020-04-08
asdf
Featured Article:

Code Signing: A Security Control that Isn’t Secured

By Marcos Colon
July 30, 2019
Are you familiar with code signing? If not, in this full video interview Venafi's Senior Threat Intelligence Researcher Jing Xie provides us with a breakdown.

Cloud Security and Privacy Audits: A 360 Degree Crash Course

By Marcos Colon
July 23, 2019
Doug Barbin, principal at Schellman and Company, discusses the challenges that security professionals face when it comes to security and privacy assessments, but also provides tips on which assessments bring in the most return on investment.

Relentless Resilience Through Renovated Risk Management

By Marcos Colon
July 09, 2019
Updating your risk management program is a critical component of becoming a successful security leader. InfoSec Insider caught up with Argo AI's CSO Summer Craze Fowler who shared her thoughts on the topic, as well as some proven tips.

Simplicity is Cybersecurity Awareness Training

By
July 02, 2019
Trend Micro's Vice President of Infrastructure Strategies William Malik shares his take on what simplicity looks like when it comes to cybersecurity awareness training in the business.

Untangling Mobile Security Challenges in the Business

By Marcos Colon
June 25, 2019
SyncDog CRO Brian Egenrieder discusses the current challenges that security leaders face when it comes to mobility in the enterprise and shares some important steps they can take to overcome them.  

DeMISITIfying Security-Recruiting and Retaining Cyber Talent (Part 2)

By Marcos Colon
June 18, 2019
Security experts Raef Meeuwisse and Ed Moyle provide a breakdown of tips you up-and-coming security leaders can leverage to have a successful start in the cybersecurity field.

Phishing in 2019: What’s Changed and What’s Still Working

By Marcos Colon
June 11, 2019
In the full video interview below, Tonia Dudley, security solutions advisor at Cofense, provides us with a glimpse into the state of phishing attacks in 2019, and more importantly, what security professionals should be doing about it.

DeMISTIfying Security: Recruiting and Retaining Cyber Talent (Part 1)

By Ed Moyle and Raef Meeuwisse
June 04, 2019
DeMISTIfying Security experts Ed Moyle and Raef Meeuwisse discuss recruitment and retention challenges in cybersecurity and offer up some advice for security leaders on the topic.

How Security Leaders Should Approach Application Security

By Marcos Colon
May 28, 2019
In the full video interview below, Ted Harrington, keynote speaker and executive partner at Independent Security Evaluators, provides his take on application security and shares tips on the subject with up-and-coming security leaders. 

The Holistic CISO: How to Increase Organisational Effectiveness

By Marcos Colon
May 14, 2019
The modern-day CISO faces a multitude of challenges they must face head-on to build a sense of leadership and vision within the security and risk department. InfoSec Insider caught up with CISO Spotlight's Todd Fitzgerald, who offered up concrete tips up-and-coming security leaders can leverage when it comes to achieving organisational effectiveness.

A Guide to Purchasing Cybersecurity Solutions

By Josue Ledesma
May 07, 2019
Knowing how to approach buying cybersecurity vendors is a difficult task. There’s a lot to manage internally (budget, needs, fit) and it’s hard to know what kind of vendors or solutions would serve your organization best. The fear, uncertainty, and doubt (FUD) experienced by cybersecurity vendors are especially troubling.

Election Trouble Ahead: Voter Machine Issues

By Marcos Colon
May 02, 2019
Rapid7’s Director of Research Tod Beardsley highlights what you should know about voting machine security and what more needs to be done for the approaching 2020 elections.

DeMISTIfying Security: How to Boost Your Cyber Budget

By Ed Moyle and Raef Meeuwisse
April 30, 2019
In this follow-up episode, the DeMISTIfying Security experts provide you with proven tips that you can leverage to boost the cybersecurity budget within the business. Don't miss out on this episode.

Cybersecurity Leadership Today: Why It's Failing and What Can Be Done to Fix It

By Marcos Colon
April 23, 2019
InfoSec Insider caught up with Cylance's Chief Security and Trust Officer, Malcolm Harkins, who shared why he believes leadership in information security today is sorely lacking, but more importantly, what needs to be done in order for today's security leaders to create an "ideal state" for their departments.

Threat Profiling in the ICS World: What You Need to Know

By Marcos Colon
April 18, 2019
There are a slew of threats aimed at industrial control systems, and security warriors in that space need to constantly be on their toes. We caught up with Sergio Caltagirone, vice president of threat intelligence at Dragos, who shared how infosec pros in the ICS world can get started with threat profiling.

Should You Be Paying Attention to Airborne Attacks?

By Josue Ledesma
April 16, 2019
It’s no mystery that the world of cybersecurity constantly faces a massive challenge. It has to pre-empt attacks, predict how hackers will use new attack vectors, and defend their environment against all existing attacks and attacks that may not even exist yet. In this feature, we go over one of the more obscure, but dangerous and difficult attacks to defense against—airborne attacks.

Who Watches the Watchers?: A Discussion on Who Can Be Trusted Today

By Marcos Colon
April 11, 2019
Security departments have evolved tremendously over the years, but so have cyber threats. As organizations become more aware that nearly no one can be trusted, whose job is it to watch the watchers? At this year’s RSA Conference in San Francisco, InfoSec Insider caught up with Forcepoint's Dr. Richard Ford who dives into the topic.

DeMISTIfying Security: Is the Board to Blame When There's Cyber Shame?

By Ed Moyle and Raef Meeuwisse
April 09, 2019
In the latest edition of InfoSec Insider’s DeMISTIfying Security series, veteran experts Ed Moyle and Raef Meeuwisse discuss the state of cybersecurity as it relates to executive support within the business.

Cybercrime Extortion: 2019 Trends and Insights

By Marcos Colon
April 04, 2019
Cyber swindlers are continually looking to reinvent themselves, and their methods are becoming savvier. InfoSec Insider caught up with Digital Shadows CISO Rick Holland on the recent research that his team has conducted on cybercrime extortion, and how security practitioners can secure their organisations don't fall prey to these attacks.

The Threat Posed by Overprivileged Identities

By Marcos Colon
April 02, 2019
Organisations have struggled to gain control over privileged identity management—a challenge that has tripped up many security and risk departments and has caused major cyber incidents. If the title of this article caught your eye, chances are you’re grappling with this issue and are looking for some insights that will make your life a little easier.

Must You Rely on Cybersecurity Vendors to Be Secure? Is Do-It-Yourself Cybersecurity a Viable Option?

By Jim Romeo
March 28, 2019
Cybersecurity remains a persistent challenge in information technology, and for IT security professionals, AI and other tools are valuable for organically managing cybersecurity without depending on vendors that might have more sophisticated tools and experience using them.

Your Weak Physical Security Could Be A Hacker’s Easiest Target

By Brent White & Tim Roberts, Senior Security Consultants, Threat Services, NTT Security
March 28, 2019
While having strong IT security in place to secure sensitive data on devices and networks is critical, ensuring your organisation practices strong physical security is equally important. Organisations need to prevent attackers from being able to walk in and walking out with data, systems, physical documents, or worse – a new connection to your network as a persistent threat.

The Basic Cyber Law Concepts Every Security Professional Needs to Know

By Steve Black, Professor of Law, Texas Tech University
March 26, 2019
Cyber law is focused on bringing more clarity to privacy questions that new technology introduce. It’s important for all security professionals to have a basic understanding of current and potential future cyber law concepts in order to stay compliant and ensure sensitive data stays safe.

The State of Passwords in 2019: Will They Ever Go Away?

By Josue Ledesma
March 21, 2019
Password security has undergone a significant transformation over the last few years. As a reaction to the insecure form of identity verification that is logging in with a password, technologies such as two-factor authentication (2FA), multi-factor authentication (MFA), and hardware keys. This begs the question—where does that leave passwords in 2019?

DeMISTIfying Security: The Impacts of Security Assumptions

By Ed Moyle and Raef Meeuwisse
March 19, 2019
In this follow-up video, the DeMISTIfying Security experts discuss two recent containerisation-related issues and how the modern-day security warrior can venture into the unknown to effectively tackle challenges such as this.

Are Medical Devices Securely Managed Yet?

By Jim Romeo
March 14, 2019
Recent incidents illustrate the risks that healthcare networks are subject to in today's ever-expanding cybersecurity threat landscape. In particular, securing networked medical devices in this environment can be challenging. 

Managing Your Infosec Budget: How to Choose the Right Vendors and Solutions

By Josue Ledesma
March 12, 2019
So many vendors, so little budget. Security departments are constantly tasked to know how to properly allocate funds to staffing, resources, tools, solutions, software, vendors, third-party contractors, and more. Even an unlimited budget wouldn’t help as security departments can find themselves bloated with software or vendors, leading to an inefficiently run department.

How Moving Away From Traditional Academia Has Changed Cybersecurity Education

By Paul Rohmeyer, Program Director MS Information Systems, Stevens Institute of Technology
March 12, 2019
Today, there are highly specialized training options offered both in-person and online in the form of meetups, webinars, formal courses, and in-house and external conferences. The attractiveness (cost, convenience, and specialty) of these alternative options has driven cybersecurity talent to steer towards education avenues outside of traditional academia.

Why Your Cybersecurity Comms Need to Evolve

By Dawn Papandrea
March 07, 2019
When you’re talking information security among your peers, it sounds like a totally different language than the rest of your organization speaks. This puts infosec professionals in a bind. On the one hand, security vulnerabilities exist throughout the company. Yet you, alone, are carrying the burden of knowing just how serious it can get. That’s why it’s up to you to create an information security communication strategy.

DeMISTIfying Security: The Top 3 Dangerous Security Assumptions

By Ed Moyle and Raef Meeuwisse
March 05, 2019
From steering clear of marketing buzz to the impact of misinformation, DeMISTIfying Security hosts Ed Moyle and Raef Meeuwisse point out the security assumptions that could be catastrophic to any security practitioner’s role.

How to Manage Employee Mobile Device Risk in Your Organisation

By Josue Ledesma
February 28, 2019
In this article, we’ll go over what devices infosec departments should have an eye on and how to tackle the challenge of BYOD head-on. For an expert’s perspective, we spoke to Georgia Weidman, founder of Shevirah, a mobile and IoT testing company.

How to Turbocharge Your Cybersecurity Awareness Training

By Jim Romeo
February 26, 2019
Cybersecurity awareness training is a critical component to your security hygiene. The most effective training programs are offered frequently and use available frameworks, focus points, tools, and tactics to build a culture where cybersecurity is embraced, not avoided or shunned.

Confused on How to Implement Cybersecurity Policy Based on the NIST Security Framework? Read On.

By Jim Romeo
February 20, 2019
We understand that some security professionals may not have the easiest time implementing the NIST Security Framework. That’s why we’ve created the “missing manual” on getting it right in this latest InfoSec Insider post.

DeMISTIfying Security: Getting a Jump on Zero Trust in Your Environment

By Ed Moyle
February 19, 2019
Last week the DeMISTIfying Security hosts explored the Zero Trust model. This follow-up segment takes things one step further as security veteran Ed Moyle explains how you can get a jump on kickstarting Zero Trust within your organization.

How to Get Started with Secrets Management

By Ed Moyle
February 14, 2019
The only thing worse than having a huge problem is having a huge problem and not realising it. Believe it or not, many organisations are in the latter boat right now. Specifically, many organisations are undergoing a proliferation of secrets at a scale and scope that eclipses the ability of mechanisms and controls they may have in place to keep them protected.

2019 Cybersecurity Threat Trends: What Should Be on Your Radar (Part 2)

By Josue Ledesma
February 11, 2019
Last week we shared the first part of this two-part series on cyber threats in 2019. This week we wrap up the remainder of the insights we shared thanks to our conversation with subject matter expert Adrian Sanabria, VP of strategy and product at NopSec.

Glimpsing Inside the Trojan Horse: An Insider Analysis of Emotet

By Max Heinemeyer
February 11, 2019
Emotet is a highly sophisticated malware with a modular architecture, installing its main component first before delivering additional payloads. In this contributed article, Darktrace's Max Heinemeyer, director of threat hunting, breaks down the threat.

DeMISTIfying Security: Exploring the Zero Trust Model

By Ed Moyle and Raef Meeuwisse
February 05, 2019
In the latest edition of MISTI’s DeMISTIfying Security, Ed and Raef dissect the zero trust model. From the pros and cons, to the obstacles you may face rolling out this philosophical approach to security, this week’s segment will shed new light on this topic.

2019 Cybersecurity Threat Trends: What Should Be on Your Radar

By Josue Ledesma
January 31, 2019
InfoSec Insider caught up with one SME that helped us put together a list of the looming threats your company should keep an eye on and how organisations can defend themselves accordingly. Here's a look at what you should have on your radar.

The Thrill of the Hunt (Threat Hunting, That Is)

By Jim Romeo
January 29, 2019
The term threat hunting has been tossed around a lot, but what does it actually mean and can your cybersecurity playbook benefit from it? Many organisations are tapping into its benefits, so we've decided to provide you with a breakdown in this feature article.

Lessons Learned: How to Defend Your Organisation Against Social Engineering

By Josue Ledesma
January 24, 2019
Social engineering is unique in the cybersecurity world as its scope of influence can vary widely on the software, hardware, and even psychological level. In this article, we’ll cover social engineering attacks and help you learn from recent developments in the space.

DeMISTIfying Security: To 2019 and Beyond!

By Ed Moyle and Raef Meeuwisse
January 22, 2019
In last week's segment, Ed and Raef discussed some of the major developments in infosec in 2018. This week, they take out their crystal ball and look into 2019, sharing their thoughts on what many practitioners could expect.

The State of Artificial Intelligence in 2019

By Marcos Colón
January 17, 2019
Artificial intelligence is found in homes across the globe, and it's also being leveraged by troves of organisations across the country. But how mature is the technology and how open should you be to adopting it as part of your security strategy? In this exclusive interview, we catch up with one expert who breaks it down for us.

DeMISTIfying Security: 2018 Year in Review

By Ed Moyle and Raef Meeuwisse
January 14, 2019
In the latest installment of InfoSec Insider’s DeMISTIfying Security series, security experts Ed Moyle and Raef Meeuwisse return to review the major breaches, developments, and takeaways that you can get from information security events in 2018.

How to Prepare for the Digital Transformation Era

By Marcos Colón
January 10, 2019
Like it or not, the digital transformation era is here. But what does that actually mean--and more importantly--what does that mean to you? We caught up with Zscaler's Business Value Consulting Leader, Jason Georgi, who broke it down for InfoSec Insider.

How AI Can Prevent Dangerous Email Mistakes

By Marcos Colón
January 08, 2019
What's the state of artificial intelligence in the enterprise today? More importantly, how can the security and risk department benefit from its benefits to measurably reduce risk within the business? InfoSec Insider caught up with Neil Larkins, CTO at Egress Software, who breaks it down for us.

Cloud Security in 2019: What InfoSec Leaders Can Expect

By Marcos Colón
January 03, 2019
InfoSec Insider catches up with the Cloud Security Alliance's Jim Reavis, who shares what security leaders should be focusing on when it comes to cloud security in 2019. You'll want to take note of these insights and predictions.

InfoSec Insider Top 10 in 2018

By Marcos Colón
January 01, 2019
As 2018 wraps up, InfoSec Insider looks back at some of the most popular articles we've produced for our loyal audience. From communicating security metrics to the board and making sense of attack patterns, to key areas that you should focus your cybersecurity strategy on, here's a list of the top 10 articles.

The Cloud Security Dos and Donts Explained

By Marcos Colón
December 21, 2018
Security practitioners that are looking to migrate their business to the cloud in a successful manner have to consider quite a lot. That's why InfoSec Insider caught up with security leader and industry veteran Mark Arnold during this video interview where he quickly breaks down what you should and shouldn't be doing when it comes to the topic.

Know Your Inventory: A CISOs Guide to Asset Management

By Josue Ledesma
December 21, 2018
A CISO’s list of responsibilities are vast. They need to protect, defend, and identify any risks and potential attacks that may hit their company’s environment. However, knowing what needs protection is its own challenge.

Are You Using These Best Practices to Build a Vendor Risk Management Program?

By Jim Romeo
December 18, 2018
Today's IT playing field implores a higher state of alertness, not only within your enterprise but also outside of it. However, when it comes security, not all vendors are created equal. Some very likely have inferior security hygiene and practices that can affect you big time. 

The Blockchain Revealed: How InfoSec Can Benefit from the Protocol

By Marcos Colón
December 13, 2018
InfoSec Insider catches up with Debbie Hoffman, CEO of Symmetry Blockchain Advisors at the CSA Congress event, who clarifies what blockchain means to security leaders today, and any privacy implications they should be aware of.

Leveraging Collaboration and SOAR to Secure Our Digital Future

By Cody Cornell
December 11, 2018
The idea behind collaborative security is to change the security and threat landscape from the daunting “one vs. many” to “many vs. many,” embracing the power of knowledge and collaboration to protect valuable data.

Cybersecurity 101: How to Get Started in the Business (Part 2)

By Ed Moyle and Raef Meeuwisse
December 06, 2018
In this walkthrough, InfoSec Insider experts Ed Moyle and Raef Meeuwisse demonstrate one useful exercise that can aid security practitioners in getting a lay of the land in their organisation, serving as the perfect first step in ultimately measuring and reducing information security risks.

Considerations for Cloud Service Providers on the Path to FedRAMP Accreditation

By Baan Alsinawi
December 04, 2018
The government has urged the private sector to offer agencies secure cloud solutions through the FedRAMP accreditation, which establishes baseline standards for security assessment, authorization, and continuous monitoring. Here, we provide six key considerations to help guide FedRAMP accreditation efforts.

Cybersecurity 101: A Discussion on the Basics and Fundamentals

By Ed Moyle and Raef Meeuwisse
December 04, 2018
InfoSec Insider SMEs Ed Moyle and Raef Meeuwisse are back, but this time they're talking fundamentals. If you're an up-and-coming security warrior, you'll definitely want to heed this advice from the two infosec experts.

An Open Source Intelligence (OSINT) Revolution, You Say?

By Jim Romeo
November 27, 2018
As a security practitioner, we're sure you've heard of the benefits that open source intelligence (OSINT). But what exactly is it and how can you leverage it as it relates to your current security strategy? This article answers that question and more.

Do you really need a penetration test?

By Ed Moyle
November 19, 2018
This will probably be a contentious point for some, but there are situations where a penetration test isn’t the best use of an organization’s resources. Here, we examine what is (and isn't) a pentest, and what its goals should be depending on your organization's needs.

How to Communicate Threat Intelligence to the Board

By Marcos Colón
November 15, 2018
Cyber threats are top of mind for board members, but communicating cyber threat intelligence may not be the easiest task for security leaders. In this recent interview with Tim Callahan, senior vice president and global security officer at Aflac provides some helpful tips that could go a long way.

How to Train Your Team (and Organisation) to Effectively Use Threat Intelligence

By Josue Ledesma
November 13, 2018
Threat intelligence has transformed the information security world for the better but it’s not always leveraged in the best way possible by organisations and departments. InfoSec Insider spoke to threat intel expert Karl Sigler to get a sense of how organisations can maximize threat intelligence for their organisation.

What’s Next for IoT Security?

By Marcos Colón
November 08, 2018
InfoSec Insider catches up with Armis co-founders Yevgeny Dibrov and Nadir Izrael who discuss the current climate as it relates to IoT security, and offer up some dos and don’ts when it comes to connected devices within the enterprise.

4 Things to Know About Penetration Testing & AI

By Min Pyo Hong, CEO and Founder, SEWORKS
November 05, 2018
Conducting penetration testing via simulated attacks on your organisation's network is the best way to help your business evaluate the strength of your network security protocols and identify any backdoors, weaknesses, and gaps between different security tools, and prioritise risk. This contributed article explains why.

Common Application Vulnerabilities You Should Know About

By Marcos Colón
November 01, 2018
While patching vulnerabilities seems like a “low-hanging fruit” task for many security practitioners, it seems as though many still fail to do so. In this interview with application security expert Chris Eng, he highlights the common blind spots associated with vulnerability management.

So, How Strong Are Your Organisation's Passwords?

By Marcos Colón
October 25, 2018
Ntrepid Corporation’s Chief Scientist Lance Cottrell chats with InfoSec Insider and offers up the major dos and don’ts tied to password management, as well as pinpoints the significant weaknesses in some of the systems we’ve come to rely on heavily.

Are You Investing in the Right Cybersecurity Tools?

By Marcos Colón
October 23, 2018
NSS Labs CEO Vikram Phatak speaks with InfoSec Insider and offers up tips to up-and-coming security professionals on how to make smart and effective cybersecurity solution purchasing decisions. From blocking out buzzwords and marketing jargon to building a great team, here’s what you need to know.

Why Data Privacy and Policy Training Matters

By Josue Ledesma
October 23, 2018
Data privacy and protection is an often underappreciated aspect of information security, but in many ways, it provides the foundational groundwork for a well-established security environment that offers internal and external reassurance. Here's why and how you should train up your team.

The New Regulatory Wrinkles for Data Protection You Should Know About

By Aaron Turner
October 16, 2018
We’ve seen the rules for data security change from relatively simple policies, such as simple access controls, to much more complex policy requirements with the implementation of GDPR. This article’s intended to cover three new perspectives that will influence data protection controls in the coming years.

Cryptocurrency Mining Malware and Cryptojacking: What to Know and How to Protect Your Organization (Part 2)

By Ed Moyle
October 10, 2018
On Tuesday InfoSec Insider kicked off a how-to video series that focuses on topics surrounding the challenges that our readers face on a daily basis. In this companion video, security expert Ed Moyle provides a deep dive on how you can protect your organization from cryptocurrency mining malware and cryptojacking.

Need a Concise Guide to Pen Testing? Here It Is.

By Jim Romeo
October 08, 2018
What's the best way to detect network risks and other vulnerabilities from cyber threats? If you guessed a pen test, then you're right. In this feature article, we've created a no-nonsense that answers pertinent questions about penetration testing.

Cryptocurrency Mining Malware and Cryptojacking: What to Know and How to Protect Your Organisation

By Ed Moyle and Raef Meeuwisse
October 08, 2018
Security experts Ed Moyle and Raef Meeuwisse dissect the topic of cryptocurrency mining malware and cryptojacking; what it means to you as a security professional and how you can protect the enterprise from it.

Security Automation is Here. Now What?

By Marcos Colón
October 02, 2018
What's the best way to detect network risks and other vulnerabilities from cyber threats? If you guessed a pen test, then you're right. In this feature article, we've created a no-nonsense that answers pertinent questions about penetration testing.

Creating the Perfect Incident Response Playbook

By Marcos Colón
October 01, 2018
Arctic Wolf’s Sam McLane sits with InfoSec Insider at Black Hat, a security conference in the US, to discuss the major dos and don’ts when it comes to incident response, in addition to some misconceptions that some security practitioners may have on the topic

Social Mapper: The What, Why, and How

By Marcos Colón
September 30, 2018
InfoSec Insider catches up with Trustwave SpiderLabs Threat Intelligence Manager Karl Sigler on the company’s latest open source tool which enables penetration testers and red teasers to scrape social media data.

A Discussion on Dark Web Threats in 2018

By Marcos Colón
September 20, 2018
InfoSec Insider catches up with Digital Shadows CISO Rick Holland, who discusses the latest dark web threats this year, and what security practitioners should have on their radar.

A Look at the Windy City’s Newest Cyber Command Center

By Marcos Colón
September 18, 2018
InfoSec Insider takes a first-hand look at Trustwave’s new SpiderLabs Fusion Center in Chicago and speaks with Chris Schueler, senior vice president of managed security services, on the purpose behind its creation.

Election Security in 2018: What’s Next?

By Marcos Colón
September 14, 2018
Forcepoint’s Dr. Richard Ford discusses the impact that the 2016 election meddling had on the cybersecurity community, and the lessons learned that security practitioners should take note of, but most importantly, act on.

Disable PowerShell? How about control it instead?

By Ed Moyle
September 11, 2018
At the end of the day, PowerShell is an enormously flexible, valuable, and helpful tool in any enterprise administrator’s toolbox, so “turning it off” isn’t really a viable option for most shops. In this informative feature, subject matter expert Ed Moyle explains why.

Back to the Basics: The State of Cyber Hygiene in 2018

By Marcos Colón
September 06, 2018
Tripwire's Tim Erlin chats with InfoSec Insider on the state of cyber hygiene in 2018, where we are, why we're there, and highlights different areas that security practitioners are failing to cover as it relates to securing the business.

Push Authentication: Bringing the Most Secure Method of 2FA Mainstream

By Simon Thorpe
September 04, 2018
For consumers looking for an easier-to-use login experience, there is a solution: push authentication. This approach is a vast improvement over sending a one-time passcode via SMS and is truly the most secure method of 2FA.

More Humans Needed: Closing the Cybersecurity Talent Gap

By Marcos Colón
August 30, 2018
Cybrary COO Kathie Miley pinpoints the real issues organizations face when it comes to the cybersecurity talent shortage, why employers are doing a good job of finding the right talent only in certain circumstances, and the impact the cybersecurity solutions market is having on the talent shortage.

The Evolved Perimeter: IoT Identity and Integrity

By Jackson Shaw, VP of Product Strategy, One Identity
August 28, 2018
The rise of IoT has introduced new challenges to security in the enterprise. Like most security challenges, protecting against threats is the basic work of good IT hygiene. Organizations can adopt existing identity management best practices to meet this new challenge.

The State of Mobile Payments Security

By Aaron Turner
August 23, 2018
What is the bottom line from a security perspective when it comes to mobile payments? In the current state of the ecosystem, mobile security expert Aaron Turner offers up his take and advice on the topic.

Understanding Zero Trust: A New Strategy for Cyber Defense

By Pravin Kothari, CEO, CipherCloud
August 21, 2018
The idea that all internal networks should be considered trusted while external networks should be trusted was fundamentally wrong. This featured article describes why the move to the cloud has also accelerated the movement to Zero Trust.

Intelligent Context Monitoring for Security Operations

By Vijay Dheap
August 16, 2018
The context around security events is essential to qualify if those events are false positives or worthy of a security response. However, today security operations are predominantly focused on event monitoring and rely on security analysts to reconstruct context.

GDPR is Here...So What's Next?

By Heather Dean Bennington
August 14, 2018
GDPR was a major focus for many organizations this year. Whether it has been extensive business process mapping, understanding the purposes of personal data, or defining its scope. But now that it's here, what should security professionals focus on next?

How Infosec Can Put More “Intelligence” into Operationalizing Threat Intelligence

By Marcos Colón
August 09, 2018
Threat intelligence expert Dave Ockwell-Jenner discusses how organizations have changed the way they approach threat intelligence, and provides the primary Dos and Don’ts associated with developing a successful threat intelligence program.

Blockchain: What It Is and What It Means for InfoSec

By Josue Ledesma
August 07, 2018
Blockchain has become the new buzzword of choice across a wide spectrum of industries, such as finance, tech, and the information security industry. However, what blockchain is and what its applications are still seem to be unclear. This article sets the record straight.

Phishing Scams: Fact or Fiction?

By Karl Sigler
August 06, 2018
Phishing attacks aren't going anywhere any time soon. In fact, these scams have only grown in popularity among attackers. This helpful article dispels the four common phishing myths to help employees and outside partners be even more adept at identifying these crimes.

Mobile Privacy & Infosec Tips for Frequent Travelers

By Aaron Turner
August 03, 2018
Summer will be over before you know it and for many of you, it might be time to hit the road again for business travel. Before you pack up all of your devices, you might want to keep some of this advice in mind to ensure your data is secure.

Tips on Creating Your Own Bug Bounty Program

By Marcos Colón
August 02, 2018
Bugcrowd Founder Case Ellis discusses the evolution of bug bounty programs and their impact on information security, in addition to providing tips on the key areas to focus on when it comes to developing a bug bounty program at your organization.

How to Build Practical Cross-Training in Infosec

By Ed Moyle
July 31, 2018
Given the skills gap in information security, it's important for cybersecurity managers to diversify and expand the skill base of their team members. Here, we highlight how they can do it from a practical point of view.

The Cyber Threat Alliance: Making Cybersecurity Collaboration Work

By Marcos Colón
July 26, 2018
The Cyber Threat Alliance’s Chief Analytic Officer Neil Jenkins provides update on the state of information sharing in 2018 and provides some insight on the steps security practitioners can take if they’re interested in sharing their threat data.

Mobile Privacy & Infosec Tips for Frequent Travelers

By Aaron Turner
July 24, 2018
Summer will be over before you know it and for many of you, it might be time to hit the road again for business travel. Before you pack up all of your devices, you might want to keep some of this advice in mind to ensure your data is secure.

Analyzing Your Government Contract Cybersecurity Compliance

By Robert Jones
July 20, 2018
If you're a government contractor or a government entity hiring contractors, you need to know the ins and outs of the new FAR and DAR Councils' cybersecurity rules for government contractors.

When Is It Time to Share Your Secret Sauce?

By Marcos Colón
July 19, 2018
When is it time for your organization to share cybersecurity information with its competitors and how much should you be sharing? We interview two industry experts that provided us with their take on the topic in this featured video interview.

Are Security Professionals Doing Enough?

By Marcos Colón
July 12, 2018
Cybereason’s Israel Barak discusses the approach that far too many businesses take when it comes to their security strategy and highlights the steps that security professionals should be seeking to rethink the programs and challenges they face tied to measurably reducing risk within the business.

First-Hand Experience in Developing a Threat Hunting Program

By Jessa Gramenz
July 10, 2018
Developing a threat hunting program may be challenging, but it doesn’t have to be. In this feature article, one subject matter expert provides us with a glimpse into her experience on the topic and what you can expect. 

How Hacked Elections Impacted the Security Industry

By Marcos Colón
July 05, 2018
CA Veracode’s Chris Wysopal discusses how the 2016 presidential election hack broadened the horizon on how security warriors think about defending their data and offers up advice on what they should consider when it comes to protecting sensitive information.

Looking to Benefit from AI? Build Something!

By Marcos Colón
June 28, 2018
Cylance’s Colt Blackmore discusses why leveraging AI isn’t limited to purchasing an out-of-the-box solution and details the critical steps that security practitioners should take to successfully utilizing the technology to their organization’s advantage.

A Primer on Breach and Attack Simulations

By Adrian Sanabria
June 26, 2018
In this age of vendors offering simple solutions to complex problems, defenders need the ability to see past the glamour of marketing. That's where attack simulation technology can help, enabling use cases in the market that help answer pressing questions in enterprise security.

Cover Your Bases: Areas to Focus on in Your Information Security Strategy

By Marcos Colón
June 21, 2018
Trustwave’s Karl Sigler discusses the state of cyber threats in 2018 and suggests what areas of your security strategy you should focus on to take proactive steps in measurably reducing risk within the business.

Imagine If Security Solutions Understood Our Language?

By Vijay Dheap
June 19, 2018
It's up to security professionals to infer security significance of all the events security solutions report. The first step to arriving at an answer to this intractable problem is teaching our security tools to understand us. Advancements in Natural Language Processing could help.

Have Point Solutions Reached End of Life?

By Katherine Teitler
June 18, 2018
The infosec tools market can be overwhelming with its abundance of options. How do you choose the best tool for your environment? This informative article will help point you in the right direction.

The CISO of Yesterday, Today, and Tomorrow

By Marcos Colón
June 14, 2018
SAP CSO Justin Somaini discusses how the role of the CISO has evolved into what it is today, and what up and coming security leaders should prepare for once they take charge of a security program at a major organization.

The Dark Web: What You Should Know and Why You Should Care

By Josue Ledesma
June 12, 2018
The dark web is one of those elusive subjects that can often get misinterpreted. We spoke to Reclamere's Connie Mastovich to get her expert take on what the dark web is, what risk it poses to companies, and how to protect yourself from it.

Why is DNS Underutilized as a Security Tool?

By Marcos Colón
June 07, 2018
Farsight CTO Merike Kaeo discusses why DNS is still be underutilized as a security tool today, shares some examples of lessons-learned that could apply to you, and provides steps you can take to ensure you’re taking advantage of your DNS infrastructure.

How to Make Sense of Attack Patterns

By Josue Ledesma
June 05, 2018
In this featured post, we speak to TrustedSec Founder Dave Kennedy who offers up advice on how you can set up your security department’s defenses to respond and defend against common attacks.

Third-Party Vendor Relationships are Risky Business

By Katherine Teitler
May 25, 2018
While third-party vendor relationships can provide tremendous benefits, partnering does not relieve the primary organization of its security and compliance obligations.

Artificial Threat Intelligence: Using Data Science to Augment Analysis

By Lance James
May 25, 2018
Data science can help analysts make more informed threat intelligence decisions...but only if it's integrated correctly.

From Trapping to Hunting: Intelligently Analyzing Anomalies to Detect Network Compromises

By Giovanni Vigna
May 24, 2018
Is your organization adequately equipped to identify anomalous patterns across the network? If you're doubtful, it may be time to try out alternative models that will help you detect previously unknown attacks.

How to Speak the Business of Security Effectively

By Marcos Colón
May 24, 2018
Cisco's Edna Conway shares her insight on what infosec leaders can do to ensure that security becomes an active discussion about the way you operate within the business, rather than an added bolt-on feature.

What is Attack Driven Development?

By Marcos Colón
May 17, 2018
Bugcrowd’s Keith Hoodlet outlines the importance of attack driven development and offers up the key steps security practitioners should take for this approach to have a positive impact on their overall security strategy.

Crisis Communications in a Headline-Driven World

By Katherine Teitler
May 15, 2018
Media communication in the face of a cybersecurity incident often gets the shaft in favor of incident handling, but what you don't handle can come back to haunt you.

How Security Leaders Can Get Proactive with Their Comms Departments

By Marcos Colón
May 10, 2018
Uber’s Melanie Ensign discusses the relationship between the communications function and infosec teams and offers up some uncommon communication tips for security leaders that may have a skewed view of the communications department within their organization.

A Look at the Current State of Mobile Security

By Aaron Turner
May 08, 2018
Enterprise security practitioners can greatly improve their network security posture, if only they would take the time to right-size mobile security policies.

How the 'Fog of More' Bogs Down Infosec Pros

By Marcos Colón
May 03, 2018
Given the troves of education information, training, and technology available to security professionals, you’d think they’d be a step ahead of malicious actors. But this overabundance of information may actually be causing more harm than good. Here’s what one expert had to say about the “fog of more.”

ISACA Workforce Development Report Highlights Need for More & More Qualified Security Employees

By Katherine Teitler
May 01, 2018
Cybersecurity staffing requires more than simply finding enough people to accomplish tasks.

Selling Security Metrics to the Board of Directors

By Katherine Teitler
April 30, 2018
For security metrics to be relevant to the board of directors, security teams must tell the story of how those metrics are supporting business goals. How to accomplish this is no easy task.

Are You Taking the Right Approach to Threat Intelligence?

By Marcos Colón
April 26, 2018
Are you taking the right approach when it comes to threat intelligence? We caught up with one subject matter expert that provides some uncommon tips on developing a successful threat intelligence program.

How to Manage Your Security Post-Conference Inbox

By Katherine Teitler
April 24, 2018
Cybersecurity conferences often lead to inbox overload, but they don't have to if the onsite experience is managed correctly.

Are You Over- or Under-Investing in Cybersecurity?

By Marcos Colón
April 19, 2018
We caught up with one CISO that shares his advice on what security leaders can do to ensure they're taking the right approach to budgeting as it relates to their overall security strategy.

Cybersecurity Executives Misalign Concerns with Actions

By Katherine Teitler
April 17, 2018
Cybersecurity teams seem to understand their biggest areas of challenge, yet the action to put effort behind remediating those problems falls short.

How to Proactively Hunt for Cyber Threats

By Marcos Colón
April 12, 2018
InfoSec Insider catches up with one threat expert who discusses why security professionals should consider a proactive threat hunting model, and outlines how they can take that approach.

Cloudy With a Chance of Shared Security Responsibility

By Katherine Teitler
April 10, 2018
 Today, most reputable cloud service providers are security conscious, yet users remain responsible over many—but varying—aspects of information security. Here, we take a look at the three most common public cloud models that should be on your radar.

How to Avoid Becoming the Security Scapegoat

By Katherine Teitler
April 09, 2018
When a company falls victim to a cyber incident, security personnel are often in the line fire--especially when they've focused only on the technical side of the job. Here we provide some tips that can lessen the chances that any one person will bear the absolute blame.

Five Cyber Risks Your Organization is Likely to Encounter

By Katherine Teitler
April 03, 2018
Today's threat landscape is like a tentacled sea monster that security practitioners have to battle on a daily basis. In this feature story, we highlight the top five most likely cyber risks to organizations today.

5 Ways to Make Your IR Plan Actionable

By Katherine Teitler
April 02, 2018
If you're looking to ensure that your cyber incident response plan doesn't turn into shelfware, here are five ways to make it actionable. 

NIST Addresses IoT Security Concerns as Lawmakers Float Certification

By Katherine Teitler
March 27, 2018
With more everyday products being built with internet connectivity capabilities, cybersecurity practitioners have become concerned about the security and privacy of those devices. The state of IoT security is pretty grim, but will proposed guidance and regulations improve processes?

Privileged Identities: Who's Watching the Watchers?

By Katherine Teitler
March 08, 2018
Jonathan Sander addresses why security teams fail at controlling privileged identities, and what they should be doing that won't upset the apple cart.

Key Questions to Ask Your Cybersecurity Recruiter

By Katherine Teitler
March 01, 2018
There is no question that the cybersecurity job market is hot, but not any old recruiter is suited to help you with your hiring needs.

Lessons Learned from Running Which Also Apply to a Career in IT

By Jeremy Finke
February 02, 2018
What do running and your career in information technology/information security have in common? At first glance, not a whole lot. But with a couple of quick examples, I think we will find some similarities.

Be Mindful of the Password-Storing Mechanism You Choose

By Katherine Teitler
January 18, 2018
Browser password-saving tools are convenient and may allow account holders to apply stronger passwords, but they're not security tools.

The Art of Aligning Security Goals with Business Goals

By Katherine Teitler
January 16, 2018
To help security leaders find new ways to better align with business colleagues, we turned to two experts to find out how they’re constantly maneuvering between technical requirements and fueling business priorities.

Psyber Intelligence Part 2: Hacking Social Intelligence

By Lance James
January 11, 2018
Given today’s content-driven society, it benefits cybersecurity and threat intelligence practitioners to gain some understanding of the psychological strategies and exploitation techniques within the intelligence and counterintelligence tradecraft.

The Rise of the Virtual Cyber Security Leader

By Dominic Vogel
November 27, 2017
Learn why the virtual CISO is quickly becoming an attractive option for enterprises.

Psyber Intelligence Part 1: Understanding the Human at the End of the Keyboard

By Lance James
May 31, 2017
The information security professional's guide to human intelligence collection.

CPE imageMIS Training Institute is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.nasbaregistry.org.  

Copyright ©2018 MIS Training Institute Holdings, Inc. All rights reserved.  
Contact Us | Privacy | Terms and Conditions | Cookie Policy | Site Map