Most of the time, threat actors in the cybersecurity landscape don’t employ advanced techniques and tools to intrude and establish a foothold within networks. Often, they disguise malicious operations by mimicking the activities of legitimate users, leaving behind little to no footprint. Blending malicious actions with day-to-day IT activities helps attackers maintain a low profile and remain undetected for a longer period.

The question of cybersecurity certifications comes up very frequently on discussion boards. What is the best certificate to get? Is a college degree better for getting a cybersecurity role? What education or skills are needed for various cybersecurity roles? And many, many more. In this post, I'll try to clarify some of these questions and more.

One unexpected consequence of the global pandemic is the acceleration of digital transformation across organizations of all sizes. With so many employees working from home, organizations realized they needed to upgrade to a cloud infrastructure to support everyone working remotely. As applications moved from on-premises to the cloud to support these new remote users, organizations needed to think about the APIs and microservices that connected users to essential applications.

Most security breaches are the result of one thing: sloppy password practices. Too many people make the mistake of choosing weak passwords, or reusing passwords that they have used elsewhere on the internet – making life too easy for malicious hackers trying to gain unauthorised access.

At Nightfall, we believe in the power of learning from those who have done it before. That’s why we created CISO Insider — a podcast interview series that features CISOs and security executives with a broad set of backgrounds, from hyper-growth startups to established enterprises. Through these interviews, we’ll learn how industry experts overcame obstacles, navigated their infosec careers, and created an impact in their organizations.

The ROI of software security is difficult to calculate when the goal is to avoid a breach. Learn where to look for ROI in an AppSec program to maximize your investment. A common declaration at security conferences is that if organizations invest in software security, it will pay dividends. Indeed, “investment” implies a dividend.

If the pandemic, catastrophic wildfires, record-setting hurricane season, and “murder hornets” of 2020 have taught us anything, it’s to be prepared for any situation. In business, the motto is “hope for the best, plan for the worst.” Should some sort of disaster – cyber or otherwise – strike, organizations need to be prepared to maintain business as usual with a strong disaster recovery plan in place.

Every organization that uses AWS has a set of user accounts that grant access to resources and data. The Identity and Access Management (IAM) service is the part of AWS that keeps track of all the users, groups, roles and policies that provide that access. Because it controls permissions for all other services, IAM is probably the single most important service in AWS to focus on from a security perspective.

Once again, to mark Data Privacy Day (or Data Protection Day in Europe), we have released a new update to the Data Privacy Periodic Table – our industry-renowned open project to create a regularly-updated digestible guide to the confusing world of data privacy. You can download the latest version of The Data Privacy Periodic Table, here. This is its sixth update, and roughly three and a half years after its launch in September 2018, what have we learned?

A new administration in the most influential economy in the world triggers news hopes and expectations in every industry. But if major change were to be on the agenda, what would be the most beneficial, transformative, impactful or prudent new data privacy initiatives that the new US administration ought to introduce? Here’s my top three: The obvious – and trickiest – first area for the new administration is a federal privacy law.