If you’re in the business of safeguarding data and the systems that process it, what do you call your profession? Are you in cybersecurity? Information security? Computer security, perhaps? The words we use, and the way in which the meaning we assign to them evolves, reflects the reality behind our language. If we examine the factors that influence our desire to use one security title over the other, we’ll better understand…
When cybersecurity professionals communicate with regular, non-technical people about IT and security, they often use language that virtually guarantees that the message will be ignored or misunderstood. This is often a problem for information security and privacy policies, which are written by subject-matter experts for people who lack the expertise. If you’re creating security documents, take extra care to avoid jargon, wordiness and other issues that plague technical texts. To…
This cheat sheet offers guidelines for IT professionals seeking to improve technical writing skills. To print it, use the one-page PDF version; you can also customize the Word version of the document. General Recommendations Determine your write-ups objectives and audience. Keep the write-up as short and simple as possible to achieve the objectives. Use terminology and tone appropriate for the audience. Craft your text with the understanding that some readers will…
Is it better to perform product management of information security solutions at a large company or at a startup? Picking the setting that’s right for you isn’t as simple as craving the exuberant energy of a young firm or coveting the resources and brand of an organization that’s been around for a while. Each environment has its challenges and advantages for product managers. The type of innovation, nature of collaboration, sales…
This cheat sheet offers advice for product managers of new IT solutions at startups and enterprises. To print it, use the one-page PDF version; you can also edit the Word version to customize it for you own needs. Responsibilities of a Product Manager Determine what to build, not how to build it. Envision the future pertaining to product domain. Align product roadmap to business strategy. Define specifications for solution capabilities. Prioritize…
CrowdStrike just acquired Payload Security, the company behind the automated malware analysis sandbox technology Hybrid Analysis. Jan Miller founded Payload Security in 2014. The interview I conducted with Jan in early 2015 captures his mindset at the onset of the journey that led to this milestone. I briefly spoke with Jan again, a few days after the acquisition. He reflected upon his progress over the three years of leading Payload Security…
This cheat sheet outlines tips for reversing malicious Windows executables via static and dynamic code analysis with the help of a debugger and a disassembler. To print it, use the one-page PDF version; you can also edit the Word version to customize it for you own needs. Overview of the Code Analysis Process Examine static properties of the Windows executable for initial assessment and triage. Identify strings and API calls that…
We are sometimes asked to compare our threat detection and response solutions to those custom assembled by security experts using various open source products. With a wide array of quality point solutions available, it’s natural to consider whether a combination of best-of-breed open source solutions can be a better option for a particular organization, rather than an integrated commercial solution. To start with, RSA is a big fan of open…
This week, we continue our journey through the seven steps you can follow to build a risk management framework for information. We’ve already looked at how to identify important information that may be at risk in your organization, where to find the information and how to assess the risk it presents within its business context. If you’ve followed these steps, you know where the risks lie and how big they…
In RSA’s quest to build out a deeper pool of future Defenders of the Digital Universe I had the pleasure of having Meghan O’Connor as a summer intern on my team. During her exit interview I asked her what she didn’t realize about cybersecurity and fraud prevention prior to her internship and what advice she would now give. Didn’t realize… How common phishing attacks are, especially to gain access to…