Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Authentication vs. Authorization: Why we need authorization standards

I witnessed the transition from bespoke authentication to standards-based authentication. It’s time to do the same for authorization. Twenty years ago, almost everything in the IT world was on-premises: hardware and software, including the tools you used to verify who your users were and what they could do in your systems.

Netskope Joins with Crowdstrike, Okta, and Proofpoint to Secure Remote Work Any Time, Anywhere, at Scale

Netskope, CrowdStrike, Okta, and Proofpoint are joining together to help better safeguard organizations by delivering an integrated, Zero Trust security strategy that is designed to protect today’s dynamic and remote working environments at scale.

How OIDC Authentication Works

Did you know that in the United States, the Social Security Number was never intended to become the defacto method for physical identification? On its surface, this may come as a shock given how ubiquitously SSNs are used for this exact reason, but looking beneath the surface, we find that SSNs are terrible forms of identification. Ignoring the security concerns of a nine digit numeric code, an SSN is not for universal identification.

Live from Black Hat: Healthscare - An Insider's Biopsy of Healthcare Application Security with Seth Fogie

Healthcare providers heavily leverage technology. In his talk, Seth Fogie, information security director at Penn Medicine takes apart different vendor systems at the “fictitious” Black Hat Clinic. Fogie gives a lot of examples and drives home the point that you shouldn’t just look at network security … you have to dig deep into the applications to ensure the security of your data.

Live from Black Hat: Practical Defenses Against Adversarial Machine Learning with Ariel Herbert-Voss

Adversarial machine learning (ML) is a hot new topic that I now understand much better thanks to this talk at Black Hat USA 2020. Ariel Herbert-Voss, Senior Research Scientist at OpenAI, walked us through the current attack landscape. Her talk clearly outlined how current attacks work and how you can mitigate against them. She skipped right over some of the more theoretical approaches that don’t really work in real life and went straight to real-life examples. ​

The Center for Internet Security (CIS) Use Cases and Cost Justification

Vince Lombardi, the famous football coach, used to start his training camp each season with a talk about doing the basics. He’d tell the players that they start with the basics, then he’d take a football and hold it up and tell them, “This is a football.” In football, as in life and IT Security, starting with the basics is the most important step you can take. Don’t assume anything. So, let us begin with the basics. CIS is the Center for Internet Security.

How Data Governance Reduces SharePoint Content Sprawl

Chaos is never good for business, but the reality is that it’s the state in which many companies live on a daily basis. The global pandemic shut down offices and dispersed workforces to employees’ homes and other socially-distanced locations. Without data governance plans to support remote workers, employees scavenged for, and used, tools and processes that helped them get their jobs done, often with little regard for long-time implications or risk to the company.