Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Defense-in-depth is the best strategy for reducing cybersecurity risk. Just like how a medieval castle uses layered defenses for its physical security, modern organizations implement layered security controls to protect the confidentiality, integrity, and availability of their information. The specific security controls implemented by an organization should be informed by its own risk appetite, regulatory requirements, and operational capabilities. This article covers different kinds of security controls organizations should consider adopting to protect their information assets.

Are you conducting regular penetration testing on your organization's security measures? If so, you might be missing out on a crucial step that could make you even stronger. In this video, cybersecurity expert Megan Brown shares her insights on why it's essential to proactively seek out and address any potential gaps in your security measures. As Megan explains, knowing where the bodies are - where the bones are buried - can help you identify areas of weakness and take action before they become a major issue. So why wait until it's too late?

APIs have emerged as the leading attack vector and attack surface most targeted by cybercriminals. That's why it's important to understand the tactics and techniques used by attackers while they're targeting APIs. In this video, we help you achieve this level of understanding by mapping the MITRE ATT&CK framework to API security attacks.

CISO Global's Security Operations Center Manager Kerry McQuarrie talks about her experience being a woman in the cybersecurity industry.

Quick video on the addition of the --interpreter flag for the Console run command.

Want to know how Teleport's Access Platform technology replaces VPNs, shared credentials, and legacy privileged access management technologies, improving security and engineering productivity? Watch this session from Phil and Alex to learn more about Teleport's Certificate Authority and Access Platform for your infrastructure.

Jonathan Care shares a cautionary tale for those considering making a name for themselves by infiltrating criminal gangs on the dark web. While it may seem like an exciting and thrilling adventure, it's crucial to understand the real dangers involved. These are not just disaffected teenagers having a laugh together - these are serious and organized criminals with monetary intent.

Join us for a weekly chat about all things fuzzing, live demos, Q&A's, and more.

SOX and SOC are regulatory and compliance standards that people often get confused about. They are designed and developed with different purposes and goals. Explaining the two in detail, VISTA InfoSec recently conducted a live webinar on “SOX & SOC- Mapping the Differences”. The webinar maps the similarities and differences between SOX and SOC. In addition to this, the webinar provides information on how your organization can leverage the key overlaps between the two to attain compliance with both the regulation and compliance standards.

CISO Global's SOC Director Jess Dinsmore gives his perspective on protecting non-profits from cyber attacks.