At Nightfall, we believe in the power of learning from those who have done it before. That’s why we created CISO Insider — a podcast interview series that features CISOs and security executives with a broad set of backgrounds, from hyper-growth startups to established enterprises. Through these interviews, we’ll learn how industry experts overcame obstacles, navigated their infosec careers, and created an impact in their organizations.

We’re really excited to announce that Open Policy Agent (OPA) is now a graduated project in the Cloud Native Computing Foundation (CNCF)! OPA joins projects like Kubernetes, Envoy, Prometheus, Fluentd (and ten others) that the CNCF recognizes for achieving broad adoption by the cloud-native community and maturity in its development processes. As the creators of OPA, we couldn’t be prouder!

PCI is an information security standard for organisations that handle credit card transactions. It includes any entity that processes, stores or transmits credit card information. This standard is mandated by major credit card companies – Visa, Mastercard, and American Express – and administered by Payment Card Industry Security Standards Council (PCI SSC).

Security researchers at Google have claimed that a quarter of all zero-day software exploits could have been avoided if more effort had been made by vendors when creating patches for vulnerabilities in their software.

According to research by Spanning Cloud, a lack of expertise is one of the most significant issues with the company's Office 365 security and compliance strategy. When referring to Microsoft Office 365 security pain points, it is necessary to understand that the lack of security features in Office 365 is not the issue. The learning curve that follows with these features, is.

The goal of every cybersecurity strategy is to stop cyberthreats before they have a material impact. This has resulted in many organizations seeking to be more proactive in their response to potential threats by employing solutions to detect and prevent specific types of cyberattacks by monitoring for the earliest indicators of attacks found within network traffic.

Believed active since 2004, if not much earlier, Turla is a high sophistication Russian-nexus threat group with espionage and intelligence gathering motivations targeting organizations worldwide. We have wrote about them in the past here. Known by many security vendor assigned names over the years including Turla Team, Uroburos and Venomous Bear, this bulletin provides an overview of Turla-attributed threats as observed over the past six months.

When it comes to productivity, agility, and efficiency - continuous integration/continuous delivery (CI/CD) pipelines are great. When it comes to ensuring cybersecurity, they leave a lot to be desired. In fact, and especially given the popularity of CI/CD pipelines now, securing continuous environments might turn into the most important security challenge of the next decade.