Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

What does the CISO say? A Tweetchat roundup

On 18th April 2019, @ATTCyber gathered a panel of CISOs (and recovering CISOs) for a tweetchat to discuss some of the questions that we’ve always wanted to put to senior security folk. The virtual panel consisted of Thom Langford, Quentyn Taylor, James Gosnold, Andy Rose and Raj Goel; with participation from many others. Below I’ve summed up some of the key discussion points around each questions.

With Great Freedom Comes Great Cloud Responsibility

Modern digital & cloud technology underpins the shift that enables businesses to implement new processes, scale quickly and serve customers in a whole new way. Historically, organisations would invest in their own IT infrastructure to support their business objectives, and the IT department’s role would be focused on keeping the ‘lights on.’ To minimize the chance of failure of the equipment, engineers traditionally introduced an element of redundancy in the architecture.

7 Ways to Make your Workforce More Productive

The US Department of Labor states that most people work an average of eight hours a day, but the question is, how many of those hours are productive? Employee productivity has been getting a lot of attention lately, and some studies show that workers spend only three hours per day on work tasks. Even if that figure is somewhat exaggerated, the point is that your employees may be busy with unproductive activities while they are on the job.

Continuous Auditing vs Continuous Monitoring

Monitoring is an established component of the information security process which goes hand in hand with auditing. Auditing is used to document an organization’s compliance activities. Where monitoring protects the data by responding to threats, Auditing provides proof of a continued compliance effort. By taking a “security-first” approach, companies can use continuous auditing and monitoring to provide evidence of their cybersecurity protections.

Don't focus 100% on security

In recent months, I have met many people who are interested in working in Cybersecurity. This is wonderful, especially given the amount of available employment opportunities in this field. Like any ambitious person, the people who approach me to ask about getting into the field want to fully immerse themselves in “all things security”. This is admirable, but I often advise them to slow down a bit, and not quit their day job.

What Is DevOps Maturity, and How Does It Relate to DevOps Security?

By now, many organizations have turned to DevOps as part of their ongoing digital transformations. This process has not been the same for any two companies. Indeed, organizations have embraced DevOps at their own place, and they’ve invested varying levels of time and budget into their nascent deployments.

FedRAMP Pentesting Requirements

If you’re doing business in the cloud, odds are you know a thing or two about compliance maintenance. This article highlights The Federal Risk and Authorization Management Program (FedRAMP) and explains how this certification stands out from the rest by not being another just another check here for compliance standard. So, what is FedRAMP?

Cyber Security + Compliance Controls: What Does It All Mean, Rick?

Throughout my career, I have worked with hundreds of organizations. Regardless of the vertical or size of the organization, I have found that many executives and security professionals feel like the interviewer in the Rickie Fowler commercial when it comes to their organization’s digital security. They don’t know where to start, for instance, nor are they aware of where and how today’s ever-evolving risks and threats affect the respective organization.