Optiv Blog

Six Key Alignments for CISO's on Cloud Security

· By John Turner · 0 Comments

Many CISO's and security teams are struggling with developing and executing an effective cloud security strategy, especially one that can keep up with the new technologies being deployed every day. Security leaders must take a foothold in the cloud to achieve positive outcomes, but first they must understand the fundamental difference cloud brings to the market.

Continue reading 0 Shares

The Need for Augmented Intelligence

· By Ken Dunham · 0 Comments

Cyber threat intelligence can be a lot harder than you think. As a regular speaker at various conferences, I’m constantly asked the question about how to get started in the world of cyber threat intelligence. The answer lies in assessing your own maturity and readiness before you consider cyber threat intelligence.

Continue reading 0 Shares

The Cyber Security Mega Cycle Aftermath

· By Dave DeWalt, General (Ret.) David Petraeus · 0 Comments

During the past decade, we have witnessed a virtual explosion in the cyber security world. While serving as CEO of McAfee and FireEye, and a U.S. Army commander and CIA director, respectively, we have lived through and witnessed first-hand exponential growth in: threats, threat actors, reported breaches, security vendors, investments in security companies and probably most significantly, private and public sector security spending.

Continue reading 0 Shares

Top 20 CIS Critical Security Controls (CSC) Through the Eyes of a Hacker – CSC 20

· By Joshua Platz · 0 Comments

Test the overall strength of an organization’s defenses (the technology, the process and the people) by simulating the objectives and actions of an attacker.

Continue reading 0 Shares

What Changes will EO 13800 Bring to Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure?

· By Russell Pierce · 0 Comments

Anyone who has held the position of CIO or CISO in a government agency or bureau can tell you implementing an effective information risk management program has been more of a journey then a destination; and anyone who is surprised that we as a nation have struggled to protect our applications, data and infrastructure hasn’t been following the news.

Continue reading 0 Shares

Implementing an Identity Centric Approach

· By Bryan Wiese · 0 Comments

With the latest Verizon Data Breach Incident Report finding that 81 percent of hacking related breaches leveraged either stolen and/or weak passwords, our clients are consistently asking us, are we really immune to a breach?

Continue reading 0 Shares

Having an Identity Crisis? CISO’s Need to Own IAM

· By Richard Bird · 0 Comments

Within any company, we can find owners for every key function throughout the enterprise. If we ask, “who is in charge of human resources?” we know the name of the SVP or director of human resources will surface. If we ask, “who ultimately owns the uptime of our technology infrastructure?” our chief technology officer will raise her hand. If we want to know the strategic plan for product development, we can clearly articulate the rings of the organizational tree that represent every single leadership role supporting this function.

Continue reading 0 Shares

Top 20 CIS Critical Security Controls (CSC) Through the Eyes of a Hacker – CSC 19

· By Dan Kottmann · 0 Comments

Protect the organization’s information, as well as its reputation, by developing and implementing an incident response infrastructure (e.g. plans, defined roles, training, communications, management oversight) for quickly discovering an attack and then effectively containing the damage, eradicating the attacker’s presence and restoring the integrity of the network and systems.

Continue reading 0 Shares

Ransomware Kill Chain and Controls - Part 2: Once the Crying is Over, the Controls Must Kick In

· By James Robinson, Nick Hyatt · 0 Comments

In the first part of the blog series, we alluded to the impending danger of ransomware campaigns. It appears the concerns were justified, given the size of the most recent cyber attack that hit countries worldwide on May 12. The WannaCry ransomware program, also called WannaCrypt, WanaCrypt0r and Wanna Decryptor, was launched by a group of cyber criminals causing computers in more than 100 countries to lock up and be held for ransom.

Continue reading 0 Shares

Secure SDLC Lessons Learned: #5 Personnel

· By Shawn Asmus · 0 Comments

t’s no secret that finding and retaining dependable, well-trained application security professionals is a serious challenge, and has been for years. Part of the problem is that the breadth and depth of AppSec knowledge is rather astronomical; one could argue that it’s exponentially wider than network security and grows at a much faster rate. Based on what I’ve seen, teams tend to be perpetually short-staffed and undertrained.

Continue reading 0 Shares
(244 Results)