Building North Star Metrics for Security Teams | Mona Salvi (Senior Director, HubSpot)

Here are some highlights of the conversation between Mona Salvi (Senior Director - Product Security, HubSpot) and Venky (Founder, Indusface). She talks to Venky about building a unified organization structure and North Star metrics to drive security-related initiatives in a cohesive working environment. She also shares how to manage three pillars - platform security + trust & safety + payments fraud together under a single leadership umbrella.

A Guide to ISO 22301: Business Continuity Management Systems

The International Standardization Organization (ISO) introduced the latest version of ISO 22301 in 2019. This framework includes strategies, standards, and requirements organizations can use to implement a business continuity management system (BCMS). To appeal to and assist the most comprehensive array of organizations, ISO 22301 includes generic regulatory requirements that organizations can implement to improve organizational resilience in various contexts.

Mockbin and the Art of Deception: Tracing Adversaries, Going Headless and Mocking APIs

On September 4, 2023, CERT-UA revealed a meticulously planned cyberattack targeting Ukraine's critical energy infrastructure. The attack's modus operandi was distinct; it utilized deceptive emails containing bait links, luring victims into downloading a seemingly innocuous ZIP archive. This archive, however, harbored malicious files designed to hijack the victim's computer, redirecting data flows and exfiltrating sensitive information using services like mockbin.org and mocky.io.

Protecting from Threats Caused by OpenAI and LLM Tools | Mona Salvi (Senior Director, HubSpot)

Here are some highlights of the conversation between Mona Salvi (Senior Director - Product Security, HubSpot) and Venky (Founder, Indusface). She talks to Venky about building a unified organization structure and North Star metrics to drive security-related initiatives in a cohesive working environment. She also shares how to manage three pillars - platform security + trust & safety + payments fraud together under a single leadership umbrella.

The Best And Easiest Ways To Secure The Data In Your Company

The business world has changed drastically in the last 20 years. Almost all of the important data is now online. This can be pretty useful, but it can also be dangerous. Why? Well, as the business landscape changed, so did the business espionage. Malicious people online are trying their very best to steal sensitive and confidential data and sell it on the market.

EP 36 - The Evolution of an Ethical Hacker

Our guest today is Phillip Wylie, an offensive security professional and evangelist, author and podcast host who recently added director of services and training at Scythe to his extensive CV. Wylie talks with host David Puner about the critical need for ethical hacking in cybersecurity, identity security revelations from years of penetration testing, and his fascinating career arc, which began in professional wrestling. Considering a cybersecurity career?

Beyond the firewall: Navigating SaaS security challenges

In today's digital age, businesses have witnessed a profound shift in how they operate. Software-as-a-Service (SaaS) solutions have become the backbone of many organizations, offering flexibility and scalability. While firewalls remain an essential part of cybersecurity, securing your digital assets in the SaaS realm is a multifaceted challenge.

What is the 'Zenbleed' Exploit and 7 Ways to Prevent it Now

In 2018, the discovery of the Meltdown and Spectre CPU vulnerabilities sent shockwaves through the tech industry. These hardware flaws allowed attackers to steal sensitive data like passwords and encryption keys from computers, smartphones, and cloud servers. Now, in 2023, history is unfortunately repeating itself. A new exploit called Zenbleed has emerged, taking advantage of similar speculative execution processes in AMD’s Zen architecture chips.

Vanishing Act: The Secret Weapon Cybercriminals Use in Your Inbox

Researchers at Barracuda describe how attackers use legitimate email inbox rules to control compromised accounts and evade detection. “In order to create malicious email rules, the attackers need to have compromised a target account, for example, through a successful phishing email or by using stolen credentials seized in an earlier breach,” the researchers write.