To keep up with the pace of the modern world, organizations are constantly looking for ways to release software faster than their competitors. This “need for speed” has led many organizations to adopt DevSecOps. With DevSecOps, security is moved earlier in the software lifecycle, into the realm of developers. As a result of the changing development landscape, application security testing has also been evolving.

As Marcus Hutchins was on his way home to the UK after attending Def Con and Black Hat in Las Vegas, NV, the FBI arrested him. This event sparked immediate internet outcry, especially among the cybersecurity community, as Hutchins was better known as MalwareTech and had just made cybersecurity fame by stopping the WannaCry ransomware outbreak a few months prior. So, why did the FBI arrest a newly famous cybersecurity expert?

Ransomware today is a billion-dollar industry. It’s crippled industries like healthcare. In 2017, for instance, WannaCry brought much of the United Kingdom’s National Health Service to its knees using the EternalBlue exploit. It was just a few weeks later when the NotPetya ransomware strain leveraged that same vulnerability to attack lots of industries.

The NIST 800-53 standard offers solid guidance for how organizations should select and maintain customized security and privacy controls for their information systems. NIST SP 800-53 Revision 5 is one of many compliance documents you need to familiarize yourself with if you are working with information technology. This post breaks it down for you into digestible pieces that emphasize the standard’s practical meaning and application.