Showing Blog Posts: 1–10 of 1570

  • Seen and Heard: Notes on Diversity, Equity & Inclusion in Cybersecurity from the RSA 2019 Conference

    by Karen Worstell on April 25, 2019

    For the last several months, I’ve collaborated with a team of people to produce articles for the RSA Conference blog. A key member of that effort is Lisa Rothstein who was gracious enough to join us at RSA Conference and use her sketchnoting talents to document several sessions. So many people were blown away by her ability to capture hours of content in a very readable and visual format that we…

  • National Supply Chain Integrity Month: Understanding Third-Party Cyber Risk

    by Bob Maley on April 23, 2019

    The National Counterintelligence and Security Center (NCSC) named April “National Supply Chain Integrity Month.” Along with its federal partners, including the Department of Homeland Security, NCSC kicked off this campaign to raise awareness about “growing threats to the supply chains of both the private sector and U.S. Government agencies,” and to provide resources to help mitigate these risks. …

  • Facebook's Ongoing Security Challenges Are a Cautionary Statement for All Companies

    by Tony Kontzer on April 22, 2019

    For a company that actively sought the more than 2 billion people that use its platform, Facebook sure is having a hard time staying on top of all of that personal data. With the company still reeling from the Cambridge Analytica fiasco that brought attention to just how little regard it had for its users' data privacy, Facebook's data security practices—or lack of them—have continued to find the…

  • Companies Must Develop More Precise Cybersecurity Road Maps and Strategies

    by Robert Ackerman Jr. on April 19, 2019

    Given all the years that companies and federal and state governments have been investing aggressively to improve cybersecurity, you might think by now they would have a well-executed cyber architecture and security strategies firmly in place. The sad fact, however, is that many organizations have yet to accomplish this -- or they have temporarily but subsequently fail to keep pace with change and…

  • Cloud Security Architectures: Lifting the Fog from the Cloud

    by Salvatore J. Stolfo on April 17, 2019

    A growing body of technical knowledge has been codified and broadly taught to computer science students on how to properly architect a large-scale application or system to meet functional and performance goals. A similar body of security engineering knowledge needs to be developed to architect a corresponding security architecture. A fundamental principle of this knowledge body should be to…

  • Ben's Book Review: "The Linux Command Line: A Complete Introduction"

    by Ben Rothke on April 12, 2019

    An interesting observation William Shotts makes at the beginning of the 2 nd edition of The Linux Command Line: A Complete Introduction (No Starch Press 978-1593279523), is that in all of the hacking movies, one never sees the hacker using a mouse. From The Matrix to Takedown, the hackers are invariably busy at the command line. He writes that we as human beings instinctively know that the only way…

  • Understanding the Past to Prepare for the Future: What Cybersecurity Can Learn From Captain Marvel

    by RSAC Editorial Team on April 10, 2019

    *Warning this post or embedded links may contain spoilers* Following last year’s blog series spotlighting Star Wars Episode VIII: The Last Jedi and the film’s connection with cybersecurity, we’d be remiss not to do the same with this year’s biggest action blockbuster to date, Captain Marvel. The film is centered around the exploits of Carol Danvers, aka Captain Marvel, who is not only smashing and…

  • The Cybersecurity Workforce Shortage Is a Big Problem. You Can Help Girl Scouts Solve It.

    by Sylvia Acevedo on April 5, 2019

    As CEO of Girl Scouts of the USA, I know the importance of having a cybersecurity workforce that protects our personal information, the systems that we depend on, and our national defense. This workforce must have the technical skills and a spirit of civic responsibility to be the STEM visionaries our society needs. The stats on the cybersecurity workforce shortage are well known. By 2021, there…

  • Effective Steps to Reduce Third-Party Risk

    by Phil Won on April 2, 2019

    To start rolling out your third-party risk mitigation strategy, let’s begin by taking a step back to the definition of what risk actually is and ask which assets are most valuable in your organization, and what is the potential fallout if they are compromised? Taking stock of your internal assets may be a simpler exercise than attempting to account for each and every third-party connection out of…

  • Ben's Book of the Month: Review of "Secure Cloud Transformation: The CIO'S Journey"

    by Ben Rothke on March 31, 2019

    In 2009, the Cloud Security Alliance (CSA) was announced and version 1.0 of their Security Guidance for Critical Areas of Focus for Cloud Computing best practices guidance was published. Full disclosure - I was a founding member of the CSA. Ten years ago, many executives and technical people were not sold on the idea of cloud computing. Many were quite suspicious of the security capabilities of…

View All


Are you interested in contributing to the RSA Conference blog? Download our 2018 & 2019 Editorial Calendars for more info. 

This document was retrieved from on Thu, 25 Apr 2019 16:18:53 -0400.