Security Top Stories

RSS

As a young boy, Frank Figliuzzi had a sense of right and wrong, good and bad. He was so interested in criminal justice that at the age of 11, he wrote a letter to the head of the Federal Bureau of Investigation (FBI) asking for advice on a career in the field.

Take a look at CISO of DoorDash Justin Grudzien’s career in data privacy and security from building security teams from the ground up at Orbitz to solidifying best practices at DoorDash. Security talks to Grudzien about how he views security roles within the enterprise, how to avoid burnout, and how other security leaders can earn a seat at the C-Suite table.

The impact of the COVID-19 pandemic has been widespread and unprecedented, creating more lone workers than ever. Organizations in charge of protecting lone workers must fulfill their duty of care, taking all steps reasonably possible to ensure the safety, well-being and physical and mental health of their employees, or else, risk leaving critical employees unprotected and at risk.

Today, open-source code is everywhere. In fact, 99% of all codebases contain open-source code, and anywhere from 85% to 97% of enterprise codebases come from open-source. What does that mean, exactly? It means that the vast majority of our applications consist of code we did not write.

We have previously talked about many aspects of how to advance your security career. This includes having a thorough understanding of both soft and operational skills sought after by organizations. The ability to execute on these attributes is valued when companies look for top talent for senior level security roles.

Last month this column looked at how humor can enhance leadership. Inspired by the book "Plato and a Platypus Walk Into a Bar: Understanding Philosophy Through Jokes," this month’s column explains security leadership through jokes.

Implementing a converged security organization is perhaps one of the most resourceful and beneficial business decisions an organization can make when seeking to enhance security risk management. In this era of heightened consequences and sophisticated security threats, the need for integration between siloed security and risk management teams is imperative. The need for collaboration between those two teams and the business is equally imperative. Let’s look at five more specific benefits:

Securing diverse and distributed IT environments starts with the identity plane. Modern and evolving security threats are best prevented by securing identity through many layers relying on a Zero Trust model. Zero Trust, by which I mean “trust nothing, verify everything,” can serve as a foundation for the evolution of a modern security perimeter, one virtually drawn around each individual user, from anywhere they log on. By following Zero Trust principles and establishing user identity across devices, programs, and networks, modern enterprises can pursue a security program that is adaptive, contextual, and robust enough to defend against modern threats.

The first line of defense in cybersecurity is taking proactive measures to detect and protect the entire IT landscape. It’s critical to have the right security systems and processes in place to  find known and unknown threats before they impact your business. But you also need a bulletproof plan in case your systems are breached. You need to move very quickly to limit damage, so you should have a team experienced in handling these situations ready to jump to action, bringing along tools, procedures, and a proven methodology to stop attacks and to repair and restore whatever you can. Here are five critical factors in preparing for the first 24 hours after an attack:

Implementing a number of technologies within the retail setting can help organizations improve the customer experience, but more importantly, reduce shrink, mitigate fraud and improve security.