Ciara lists 10 ways to make your software pipelines more transparent and observable to gain insights, identify unusual behavior and possibly prevent a software supply chain attack.

A SIEM (Security Information Event Management) platform, along with several other tools that make you crave Alphabet Soup (XDR, UBA, NDR, etc), is a critical component of any organization’s security infrastructure. Between a constantly growing volume of logs, increasing attacks and breaches, and challenges finding qualified staff, many organizations may consider a SIEM migration. There could be several reasons for this.

We’ve entered a time when hard drives are becoming less important than data speeds, syncing, and remote storage. More and more end-users are saving their files in the cloud for convenience, safety, and cost savings. That said, some people still have concerns about cloud computing -- namely around security. How safe are files that are stored hundreds or thousands of miles away, on some other organization’s hardware?

Yes. Privacy is (mostly) dead. Not to be all doom and gloom, but the state of online privacy is far from ideal. Many of us can agree that some semblance of privacy is indeed an excellent thing. We all wish for more privacy and more control over where our data ends up, what it's being used for, and who profits from it. While the fight for digital rights still rages, the right to privacy has been completely obliterated over the past decade or so.

Ransomware is the gift that keeps on giving. Old as it is (33 years) ransomware is constantly morphing into new exploits. The reason is simple. Ransomware works and too often cybercriminals walk away with bags of money (or piles of Bitcoin, anyway). “Following the World Health Organization's AIDS conference in 1989, Joseph L. Popp, a Harvard-educated biologist, mailed 20,000 floppy disks to event attendees.

“Why is it so bad right now? Why does it seem like we’re fighting this up-hill battle?” The internet, it seems, is having a mid-life crisis. As industries progress through their life cycle, they are expected to reach a quasi-steady state of maturity, but the internet hasn’t gotten that message. In fact, it seems to be stuck in the growth phase, expanding exponentially with no end in sight, and securing it just feels so hard. Let’s dive into my Black Hat recap.

It is essential to work in teams to strengthen organizations' security. Regarding cybersecurity, in particular, this job is best done from a red team vs. blue team perspective. Red teaming implies mimicking the role of an attacker by trying to find vulnerabilities and avoiding cybersecurity defenses within the network. On the other hand, a blue team has a defensive approach: they take precautions and respond to incidents once they have occurred.

InfoSec, like any other aspect of IT, is a matter of three factors coming together: people, process and technology. All of these factors cost time and money in some way. The truth is, there are very few organizations out there who can supply their own security programs, staff, technology, processes and everything needed for InfoSec to an efficient degree. Everyone has to compromise in some way.