Application & Cyber Security Blog

Today’s CISO: The Three Personality Types - Technical, Business, and Strategic

2012-05-15T11:00:00-04:00

In my previous blog posts, I talked about who the CISO typically reports to today, and my thought that personality should drive where the CISO position resides. In this blog, I’m going to talk about the three major CISO personality types. While no CISO can be described purely one type,...

Today’s CISO: Personality Should Dictate Where the Position Resides

2012-05-08T11:00:00-04:00

In one of my previous blog posts, I talked about where the CISO typically reports to today and presented the notion that organizations need to match the different CISO personality types with corporate security objectives. When you are introduced to a doctor, you would probably naturally ask “What type of...

Boeing Paying Hackers to Break into Their Systems

2012-05-03T11:00:00-04:00

Great Idea - but they’ll need a lot more than TWO! Boeing’s systems need to be capable of staving off hackers, and for more than two years, the company has been employed two cyber security specialists (“hackers”) to test the security of its computer systems. I like it, but there’s...

Want to Reduce Application Security Risk? Build more Secure Software

2012-05-01T11:00:00-04:00

Our customers are interested in reducing application security risk. Over the years we’ve seen a variety of approaches to this problem and have help many customers on their path toward more secure applications and reduced risk. It’s interesting that you can categorize most approaches into these three areas Find and...

Today’s CISO: Where do They Report and Can They be Successful There?

2012-04-26T11:00:00-04:00

As a CISO myself, I have a vested interest in this question that at first glance, appears to be quite simple. After all, there seems to be little debate as to where other C-officers should report. While there has been some discussion about certain C level offices such as the...

EU to potentially punish publishers of cyber attack tools

2012-04-24T11:15:00-04:00

There is a draft law by the EU that would make attacks on IT systems a criminal offense and punishable by at least two years in prison. Additionally, possessing or distributing hacking software and tools would be an offense. I understand the potential motive here: reduce the number of attacks...

Effective Application Security Testing: The Evil Streak

2012-04-17T10:50:00-04:00

We've made it to the last part of my four part series on what makes a great security tester or hacker. Even though this fourth piece is what I consider to be the most important and exciting quality of a hacker, I do recommend you go back and read the...

Effective Application Security Testing: A Great Security Tester has a Great Imagination

2012-04-10T11:07:00-04:00

In my previous posts I talked about an overview of what makes a great security tester, and in-depth about what it means to have complete knowledge of the system. If you haven’t read those yet, I suggest you do so now, that’ll help set the stage for the following post....

GOP version of CyberSecurity Bill introduced

2012-04-03T11:00:00-04:00

one step forward, two steps back A Republican bill was introduced in the House of Representatives this week (ref: http://thehill.com/blogs/hillicon-valley/technology/218421-secure-it-act-introduced-in-the-house) similar to the cleverly-named but ill-conceived SECURE IT bill GOP Senators introduced last month. A major difference between this bill and the Lieberman-Collins bill (as well as the Langevin bill...

Where Can We Harness AppSec Talent? In College, that’s Where.

2012-03-28T10:00:00-04:00

Yesterday, Security Innovation and the University of Central Florida launched a seriously groundbreaking certification program through UCF’s division of Continuing Education: the Secure Software Development Certificate Program. (SSD) Why is this so cool? Well, for one, UCF (which happens to be the second-largest university in the US) selected our TeamProfessor...