You power on your computer and open your inbox, ready for another day at work. But instead of some unread emails, you see a login screen with an all-too-familiar message: it’s time to update your password. And it can’t just be any password. It needs to be one you haven’t used before, and it must include a number… and a special character… and be 8 characters long…

Ransomware attacks on Colonial Pipeline, JBS Foods and Kronos are just a few recent examples in the rise of cyber-physical attacks that disrupt lives of individuals and have the potential to cause physical harm. This concerning trend is capturing the attention of organizations worldwide, with Gartner predicting that 75% of CEOs will be personally liable for cyber-physical security incidents by 2024.

More than 90% of applications will be cloud-native by 2023. As organizations transition from monolithic, on-premise environments to dynamic cloud-based ones, ensuring access control becomes more critical — and complex. That’s why I co-created Open Policy Agent, also known as OPA. OPA unifies policy enforcement across the cloud-native stack.

Today, we announced our entrance into the Static Application Security Testing (SAST) market. It’s a significant development for WhiteSource, which has until now been solely focused on open source software security. In this post, I explain why we decided to make this move beyond open source into proprietary code security, and the value it will bring to developers, security teams, and their organizations.

We’re excited to announce that our Snyk Business plan will now be available as a free trial. Many developers love Snyk products, but the true power of our platform is displayed when it’s used across an organization. No company wants to navigate a security incident, but ensuring that your entire SDLC is protected can be a challenge. The Snyk Business plan gives your organization access to empowering and easy-to-use tools to ensure nothing slips through the cracks.

In a recent webinar, SecurityScorecard hosted Justin Herring, Executive Deputy Superintendent, Cybersecurity Division of the New York Department of Financial Services (DFS), and Luke Dembosky, Partner and Co-Chair of the Data Strategy & Security practice at Debevoise & Plimpton, to discuss DFS’s top cybersecurity priorities this year, current enforcement and to examine trends, and the regulatory environment around cybersecurity in 2022.

I am excited to share that SecurityScorecard is now formally a member of the Information Technology Sector Coordinating Council (IT-SCC). Established in 2006, the IT SCC is the principal entity for coordinating with the government on a wide range of critical infrastructure protection activities and cybersecurity issues.

One of the greatest challenges in cloud environments today is to ensure rapid development cycles while keeping up with security vulnerabilities. Sysdig and Snyk announced today a partnership to deliver integrated code to container runtime security that eliminates up to 95% of vulnerability alert noise, optimizes remediation, and protects runtime. Developers can be fast with security barriers removed, and yet without sacrificing security.

Ransomware continued to be the most significant cybersecurity threat facing critical infrastructure, healthcare, defense, and other industries, according to a report issued jointly on February 9 by law enforcement and cybersecurity agencies from the United States, United Kingdom, and Australia.

For the past 20 years, I’ve served as CISO for companies across different sectors. In this role, I have shouldered responsibility for protecting each organization from a wide swath of rapidly developing cybersecurity threats. I have also learned firsthand how much stress security leaders face day-to-day. Recent conversations with my peers have shown stress in cybersecurity is an industry-wide problem. The CISO role is one of the most stressful in any organization.