If you follow me on Medium or Twitter, you may already be aware. Still, if you don’t (I assure you that you’re missing out), I have been researching several technologies in preparation for an OPSEC/Anti-OSINT tool that I am crafting. I am using this tool as a means to push myself harder to learn something new that I can apply professionally. I am also doing this to be able to make a positive difference in the world.

As a result of this ever-increasing volume and sophistication, SOC’s and SIEM’s using traditional, reactive measures are overwhelmed. More and more organizations are turning to detection and response solutions which combine threat intelligence and cyber expertise, to uncover and remediate threats as early as possible, and also to mitigate risk of future attacks.

Vendor risk management is hard. And it's getting harder. But it doesn't have to be. Business units are outsourcing more of their operations to third-party suppliers. In turn, these suppliers outsource to their own service providers. It's undeniable, the average organization's exposure to third-party risk and fourth-party risk has never been higher.

Requesting that a SaaS company answer a Vendor Security request has become a regular thing for companies who work in the cloud. But have you thought about how the reverse works, that is, when your customer has a VSA process focusing on you?

As a security consultant, I’m not going into an environment to design and build an organization’s network from the ground up in most situations. For the majority of the time, I’m working with legacy environments where some old technologies might be phasing out and newer ones joining the mix of solutions.

The life sciences industry is undergoing major transitions. Pharma, biotech, and medical device companies generate more data than ever and require higher processing power for clinical trials, gene sequencing and more. Many life sciences organizations are transitioning legacy technology stacks to the cloud, which promises the ability to accelerate processes, mobile collaboration, and strong security. To further complicate matters, there is increasing pressure to maintain regulatory compliance.

What's a gateway? It is an entry point. Things go in. People, traffic, requests. If you've spent any time with microservices, you may have come across the term "API gateway". While not unique to microservices, the API gateway's popularity has grown in the time since their rise. So what exactly is an API gateway?

The New York Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) or Senate Bill 5575, was enacted on July 25, 2019 as an amendment to the New York State Information Security Breach and Notification Act. The law goes into effect on March 21, 2020. The motivation behind the SHIELD Act is to update New York's data breach notification law to keep pace with current technology.

Today’s banks and financial institutions closely cooperate with various third-party vendors. While such cooperation brings a lot of benefits, it also raises some significant concerns regarding the security of the data and resources these vendors have access to. In fact, according to Verizon’s 2019 Data Breach Investigations Report, the financial sector is among the most targeted, accounting for about 10% of all data breaches across all industries in 2018.

Like the previous years, 2019 also witnessed the surge in data breaches and cyber-attacks. However, organizations having SIEM or/and SOAR system in place were better than those using traditional security tools. The cyber-attacks in 2019 were mostly related to financial crimes, supply chain attacks, phishing exploits, state-sponsored attacks, Grid attacks, health sector attacks, and attacks on IoT devices. Cybersecurity skills shortage was also one of the major concerns in 2019.