Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Zero Trust is an information security model that does not implicitly trust anything inside or outside its network perimeter. Instead, it requires authentication or verification before granting access to sensitive data or protected resources. Zero Trust was coined by John Kindervag at Forrester Research in 2009. Zero Trust security provides visibility and security controls needed to secure, manage, and monitor every device, user, app, and network.

We have seen great strides in improving security tooling and processes over the past ten years. Via constantly maturing security models, security teams have become increasingly dependent upon an ever-more complex toolchain of products and services. But what happens when these systems fail. How much effort are we putting into planning and maintaining our security solutions to ensure they’re available when issues occur?

2020 is predicted to be an exciting year with more organizations adopting Kubernetes than ever before. As critical workloads with sensitive data migrate to the cloud, we can expect to encounter various Advanced Persistent Threats (APT) targeting that environment.

With more and more endpoints accessing your network remotely, you should expect rapid increases in VPN connections and usage, as well as exponential usage of cloud-based services. There are numerous Splunk apps that can help you increase the monitoring of remote endpoints but let’s showcase Splunk Security Essentials (SSE).

Right, so now the vast majority of your workforce works remotely. Clearly managing all these inbound VPN connections is on top of mind, but what about other vulnerabilities you should be monitoring for? In addition to the ever increasing number of inbound VPN connections, organizations can expect an increase in the use of SaaS-based collaborative software such as Slack, Dropbox, G Suite, and Trello.

As I read Angela Duckworth's GRIT, where she explains that the secret to outstanding achievement is not talent but a unique blend of passion and persistence she calls "grit," I was able to relate the need for this power of passion and perseverance to be a successful cybersecurity professional and more importantly a trusted cybersecurity consultant. It takes a combination of skills, education, and years of work experience.

Every week, dozens of data breaches are reported with some reaching into the tens, or even hundreds of millions of individuals impacted. Customers and regulators alike are increasingly concerned about the information security programs of organizations and how they plan to prevent security incidents and safeguard sensitive data.

There’s an interesting trend that I have personally noticed over the past few years: organizations are starting to take cybersecurity more seriously. With the multitude of high-profile data breaches, organizations are starting to realize that cybersecurity is a significant risk to the business. This allows CISOs and other similar titles with leadership responsibilities to have a larger budget for people, process improvements, and supporting technologies.

Security isn’t a simple matter of caring or spending time reading manuals or being told what you can or can’t do. Security is understanding how to view the world from a different perspective. It’s a skill that people build over time, and it’s completely appropriate to start out small. If you can do nothing else, consider the access to your accounts, professional, banking, and social media. Consider how hard a malicious actor needs to work to gain access to these.

Forensic computing has been around for quite some time. Have you ever wondered what it exactly is? If so, keep reading! Forensic computing (also known as the computer forensics or cyber forensics) refers to the practice of investigation and analysis in order to gain knowledge from a specific computing device regarding a legal case.