Pixar had very similar cultural issues that face security organizations today
Ayman Elsawah9 days ago
This is a deep dive not just into all the things that went “wrong” but more importantly, all the things you and your organization can do to prevent such an attack. I think if we can’t learn from our and others' mistakes, then we’re just being lazy.
Ayman Elsawah16 days ago
Below is a condensed summary of all the action items from the Deep Dive article.
Lessons learned from the latest Okta compromise and steps to improve your own posture.
Ayman Elsawaha month ago
As we witnessed in the MGM attack recently, you may have MFA setup correctly, but it may not be effective as you think in securing your account.
2 months ago
A simple phone call, globally available Okta login, and pervasive IAM permissions possibly made this attack extremely pervasive.
3 months ago
Startups don't really care about security. They're just looking to survive and grow. With cybersecurity scrutiny coming from everywhere now, they can no longer avoid it.
SO MUCH happened (and didn't happen!) this year at #DEFCON31. Here's a snippet of what you may have missed.
CISO's are under fire and are scared. Oppenheimer was a brilliant scientist, but not a politician. Lessons learned from his security hearing.
4 months ago
DEF CON is an experience, not a conference. With 30+k attendees, it's HUGE and can be overwhelming. Here's a guide to help you navigate.
Every once and awhile we get a message from a number that we don't recognize. How do we authenticate them? How do we authenticate our users?
How to Stay Calm and Handle Cybersecurity Threats Like a Pro
5 months ago
How to Shift from Mom Mode to Friend Mode in Cybersecurity
6 months ago
A quick and dirty guide to getting started in appsec from scratch
Someone asked me recently what kind of conference was BSidesSF... so this is what my answer would be in 10 minutes...
7 months ago
Once upon a time ago... there was a startup, and they wanted to get SOC 2.
8 months ago
Please stop creating more VPNs... This is NOT the way.
A friend told me this weekend… “You don’t know someone until they’re angry”. This is so true. The same can apply when working with a team in an incident response scenario.
One of my favorite sections from this year’s CISO Mindmap by Rafeeq Rehman, and something I think many non-CISO struggle with is the “branding” of security at the organization...
Everyday tech teams face frustrations working with their internal security teams. Here are some ways you can achieve an optimal outcome.
9 months ago
Is your company prepared for a disaster? Here are some thought provoking questions to ask your technology and leadership teams.
The White House just released a 35+ page document on improving our cybersecurity posture... here is what you need to know.
Building for the enterprise is a completely different beast than for the consumer market. It’s a windy road, but if you have the map, you decrease roadbumps along the way.
Are you still stuck managing IP Allow/Deny lists? If so, it's 2023, and this is for you.
10 months ago
This is a multi-part series on building secure products, geared for B2B SaaS companies who want to sell to the enterprise.