W-2 Phishing Scams: What You Need to Know to Stay Secure

The IRS recently issued a warning that W-2 phishing scams are on the rise. In fact, 29,000 victims have already been claimed in 2017 to date! The attacks this year have started earlier than in previous years and are targeting a broader range of businesses. It’s time we learned how to better protect ourselves against this rampant form of fraud. Read more “W-2 Phishing Scams: What You Need to Know to Stay Secure”

Why Banks are Moving to the Cloud — And Why You Should Too

A major shift is taking place in banking right now. It’s a shift many banks have been pretty hush-hush about until now, and that naysayers said would never happen.

Banks are rapidly testing and moving to the cloud.

What happened in the past two years that changed how the banking industry approaches the cloud? Two words: Capital One. In October 2015, Capital One’s CIO, Rob Alexander, revealed that the bank was all-in on AWS. They were one of the very first U.S. banks to not only commit to the cloud in a big way, but also to announce it loudly and proudly. Read more “Why Banks are Moving to the Cloud — And Why You Should Too”

What Insurance Companies Need to Know About Cloud Security in 2017

Few understand the concept of mitigating risk better than the insurance industry. The insurance industry faces a unique set of challenges when it comes to cloud adoption and security. In this post, we’ll walk through some of the reasons why moving to the cloud is an excellent idea for insurance companies and provide some guidance on how they can overcome the most common hurdles. Read more “What Insurance Companies Need to Know About Cloud Security in 2017”

3 Ways Businesses Can Address IoT Security Failures

I watched a Twilight Zone marathon over the New Year’s weekend, and it got me wondering about today’s Internet of Things (IoT). Are “Things” really taking over our world, and if so, how can we peacefully coexist with them or even prosper together?

The IoT is really just a fancy way of saying that technology is becoming more pervasive in everything we use, from sensors to thermostats to our trusty office gadgets. But with such pervasiveness, where does security come in, if at all?

Read more “3 Ways Businesses Can Address IoT Security Failures”

Where to Find Security Talent & How to Keep Them Happy

It’s no secret that there’s a huge talent shortage in the security space today. With a low supply and high demand, salaries have surged, increasing 6.4% from 2015 to 2016. (That’s an even higher salary growth than software engineers are seeing.) And there is no end in sight. For companies that recognize how important it is to keep information and systems secure in today’s business climate, it’s important to find workable strategies for hiring and retaining security talent in spite of this shortage.

While most organizations would benefit by developing a full-fledged, multi-faceted recruiting and retention strategy, we want to share a few more tactical ways to help bridge the talent gap in the shorter term.

Read more “Where to Find Security Talent & How to Keep Them Happy”

5 Factors to Consider When Building Your Security Budget

I have worked in finance roles in the tech industry for much of my career, but since joining Threat Stack I’ve had my eyes opened wide to the world of security. I have learned just how vital an effective security strategy is to the health of any modern business — and as a corollary, how critical a carefully planned security budget is.

Building a security budget can be a complex and sometimes fraught process, so I wanted to share some insights from my viewpoint as the CFO of a cloud security company. Below are five things I urge you to consider when you put together your own organization’s security budget.

Read more “5 Factors to Consider When Building Your Security Budget”

How to Conduct a Blameless Security Post-Mortem

When someone in your company clicks on a bad link, it can spell bad news. But you know what’s worse? Them never telling you.

When employees are afraid to come forward about a mistake they’ve made (or think they’ve made), it makes security responders’ jobs that much more difficult.

Unfortunately, this kind of negative atmosphere is a reality at many companies. The good news is the culture can be improved, and one way of doing this is by conducting blameless security post-mortems. I spoke about this in my DevOpsDays Austin talk in May, 2015. Threat Stack partners VictorOps  and PagerDuty have also written on the topic. You need your whole team to be security ambassadors (not roadblocks), and blameless security post-mortems can help enable this.

Below, we’ll explore what a blameless post-mortem is and how it applies to your future security incident response.

Read more “How to Conduct a Blameless Security Post-Mortem”

IoT Botnets and DDoS: A New Reality With New Responsibilities

Last Friday, multiple massive distributed denial ofservice (DDoS) attacks hit Dyn, an internet performance management company headquartered in New Hampshire. Dyn is a managed DNS provider to many of the large companies on the internet such as Twitter, Reddit, GitHub, Paypal, Spotify, Heroku, SoundCloud, Crunchbase, Netflix, Amazon, and others.

News surfaced over the following weekend that the Mirai IoT (internet of things) botnet was at least partially responsible for the attack, and according to Dyn, was generating traffic from “10s of millions of discrete IP addresses.”

Instead of rehashing details of how this could have occurred, we want to discuss botnet attacks as part of the new reality in our connected world, and as such, how device manufacturers and device users need to respond. We also want to take a look at the role that governments can or cannot play.

Read more “IoT Botnets and DDoS: A New Reality With New Responsibilities”

Myth Busting 3 Objections to Buying Cloud Security Solutions!

I was sitting with my Sales Team last Friday, listening to their experiences with prospects. They had some great stories about wins and interesting stories about losses. When I asked them about their biggest frustrations, they turned the tables and put me on the spot.

My biggest frustration? It comes in the form of three objections that can surface during the sales cycle. Let me explain.

Read more “Myth Busting 3 Objections to Buying Cloud Security Solutions!”