Are Bug Bounties a True Safe Harbor?

Security vulnerabilities are becoming the new oil, and the bug bounty economy is booming. As news of cyberattacks and data breaches continue to consume the press, never before has the market for vulnerabilities been so dynamic. “Bug bounty programs”, frameworks where security researchers legally trade previously undiscovered vulnerabilities for monetary and reputational rewards by ethically […]… Read More

The post Are Bug Bounties a True Safe Harbor? appeared first on The State of Security.

from Are Bug Bounties a True Safe Harbor?

Destructive Malware and Interstate Rivalries: The Evolution of Digital Weapons and Geopolitical Conflict

When the details of Crash Override emerged earlier this summer, many argued it would be the wake-up call to finally forewarn of potential digital threats to critical infrastructure. However, when placing last December’s attack on the Ukrainian power grid in a broader context, it quickly becomes apparent that this will likely neither be a wake-up […]… Read More

The post Destructive Malware and Interstate Rivalries: The Evolution of Digital Weapons and Geopolitical Conflict appeared first on The State of Security.

from Destructive Malware and Interstate Rivalries: The Evolution of Digital Weapons and Geopolitical Conflict

Safer, Sooner, Together. The Cavalry Needs You – Here’s What You Can Do

In previous years at BSidesLV, I talked about the different ways security researchers and pros can be heroes. This year, we’ll focus on getting “Safer, Sooner, Together” where the Cavalry needs you most: on the battlefront; that is, the things we can start doing every day along with the practical opportunities and resources that IATC […]… Read More

The post Safer, Sooner, Together. The Cavalry Needs You – Here’s What You Can Do appeared first on The State of Security.

from Safer, Sooner, Together. The Cavalry Needs You – Here’s What You Can Do

Cyber Security Heroes Part 3: Holly Williams

They say you should never meet your heroes—often they will just disappoint you. But thankfully, there are also exceptions to this rule. In this five-part series, I will be introducing you to five of my key cyber security/infosec heroes. These individuals inspire me to continuously strive for more, with one even motivating me to move […]… Read More

The post Cyber Security Heroes Part 3: Holly Williams appeared first on The State of Security.

from Cyber Security Heroes Part 3: Holly Williams

I Got More Games than Milton Bradley: Incentivize a Positive Change in Your Security Culture

The purpose of awareness is to draw attention to a desired focus. Let’s face it, the current compliance-based approach to security awareness isn’t just ineffective in creating positive change in employee behavior; it does the opposite of what a security awareness program is designed to do in that it repels. Companies continue to implement the […]… Read More

The post I Got More Games than Milton Bradley: Incentivize a Positive Change in Your Security Culture appeared first on The State of Security.

from I Got More Games than Milton Bradley: Incentivize a Positive Change in Your Security Culture

How to Secure Your Information on AWS: 10 Best Practices

The recent Deep Root Analytics incident that exposed sensitive information of 198 million Americans, or almost all registered voters, was yet another reminder of the risks that come with storing data in the cloud. The most alarming part, perhaps, is that this massive leak of 1.1 terabytes of personal data—the “mother lode of all leaks,” […]… Read More

The post How to Secure Your Information on AWS: 10 Best Practices appeared first on The State of Security.

from How to Secure Your Information on AWS: 10 Best Practices

Why Your C-Suite Needs Security Awareness Training

“My C-level doesn’t understand that they’re being directly targeted – help me scare them!” Such was the request aimed at one of my colleagues at a cybersecurity conference not too long ago. Being in the security awareness industry, it’s not uncommon for others to solicit our feedback on how best to educate employees of all […]… Read More

The post Why Your C-Suite Needs Security Awareness Training appeared first on The State of Security.

from Why Your C-Suite Needs Security Awareness Training

Effective Security Metrics: ‘Not Everything that Can Be Counted Counts’

“I don’t know if anyone in risk reads the PDF we send them. I mean, even we don’t understand some of what we’re reporting, so why should they?” “The CFO hates our risk management meetings. They look at these numbers we give them and have no idea if it means we’re better or worse.” “We have […]… Read More

The post Effective Security Metrics: ‘Not Everything that Can Be Counted Counts’ appeared first on The State of Security.

from Effective Security Metrics: ‘Not Everything that Can Be Counted Counts’

The Costs of Three Major Email Security Breaches

Email is integrated into nearly every aspect of our lives, everything from business to banking to health and beyond. As such, our email accounts are some of the most precious digital assets we have. Currently, there are 4.9 billion email addresses worldwide. In just two years, there have been 6,789 email data breaches globally, according […]… Read More

The post The Costs of Three Major Email Security Breaches appeared first on The State of Security.

from The Costs of Three Major Email Security Breaches

Cyber Security Heroes: Dr. Jessica Barker

They say you should never meet your heroes, often they will just disappoint you, but thankfully there’s also exceptions to this rule. In this five part series I will be introducing you to five of my key Cyber Security / InfoSec heroes. These individuals inspire me to continuously strive for more, in one case move […]… Read More

The post Cyber Security Heroes: Dr. Jessica Barker appeared first on The State of Security.

from Cyber Security Heroes: Dr. Jessica Barker