They say character isn’t gained in a crisis; it’s displayed in one. By the time the disaster hits, the time for preparation has passed. But what if you could go through that earth-shattering event beforehand so when the time came, you’d be ready? Well, in security, you can. And it's not called cheating – it's called Red Teaming.

Kubernetes “crossed the adoption chasm” in 2021 after 5.6 million developers used it to orchestrate their containers, according to the Cloud Native Computing Federation (CNCF). The annual CNCF survey recorded that an impressive 96% of organizations were either contemplating or outright using Kubernetes. However, Kubernetes becomes more appealing to hackers and malefactors as it becomes more popular.

Organizations must constantly adapt to the challenges of maintaining compliance while handling data. Nowhere is that more apparent than cross-border data protection, which allows data to be and remain protected across jurisdictions, states, counties, and countries with the right data security tools. According to the United Nations, 137 of 197 of its members have data and privacy legislation in place.

In the vast realm of digital investigations, there exists a fascinating technique known as recycle bin forensics. Delving into the depths of this captivating field unveils a world where seemingly deleted files can still reveal their secrets, allowing digital detectives to reconstruct user activities and uncover valuable information. So, let's embark on a journey to demystify recycle bin forensics and understand its role in the realm of cybersecurity.

The persistent shortage of skilled cybersecurity professionals which grew by 26.2% over the past year, coupled with the fact that global cyberattacks increased 38% in 2022, means organizations are increasingly looking to security automation to help the cybersecurity teams keep pace. In fact, 98% of respondents to our “2022 State of Cybersecurity Automation Adoption” survey say they have increased their automation budgets.

Two years ago, I explored the idea of linting Rego with Rego on this blog, and how we could use the abstract syntax tree (AST) representation of a Rego policy as JSON input data, allowing us to write a “linter” for Rego using Rego itself. Open Policy Agent (OPA) is well-established for use cases like application authorization, cloud infrastructure and Kubernetes admission control, where we normally talk about policy as guardrails. But who’s guarding the guardrails?

US state and local government agencies continue to contend with a dizzyingly complex IT environment, which includes data silos, tool sprawl, rising cyber threats, and limited availability of cybersecurity experts. In response, many state CISOs are exploring a “whole-of-state” cybersecurity strategy, which aims to bolster their state’s security through centralization and collaboration.

Progress has recently raised concerns about multiple vulnerabilities in their MOVEit Transfer secure managed file transfer solution. These vulnerabilities have been publicly disclosed within the past several weeks, and the most recent one was reported on June 15, 2023. Notably, the latest vulnerability is claimed to be a zero-day SQL injection vulnerability. If exploited by an attacker, these vulnerabilities can lead to unauthorized access to the MOVEit Transfer database.

Granting users with authorization to access sensitive business information means that you rely on them to adopt cybersecurity best practices. This trust is violated when a disgruntled employee acts maliciously and leaks sensitive information. What’s more concerning — the same violation is also possible when users unwittingly fall prey to social engineering attacks, zero-day exploits or vulnerabilities that remain unpatched in your IT networks.

When pursuing success in business or other endeavors, two key concepts play a crucial role: process and practice. While some argue that process and practice are interchangeable, in reality, they're vastly different. But how do we use process and practice to become more efficient and successful? Is one of them more crucial than the other? Can you do one without the other? To answer these questions, we’ll dive deeper into process and practice and how to apply both.