Cyber is Cyber is Cyber

If you’re in the business of safeguarding data and the systems that process it, what do you call your profession? Are you in cybersecurity? Information security? Computer security, perhaps? The words we use, and the way in which the meaning we assign to them evolves, reflects the reality behind our language. If we examine the factors that influence our desire to use one security title over the other, we’ll better understand…

June 2, 2018
Read More >>

Communicating About Cybersecurity in Plain English

When cybersecurity professionals communicate with regular, non-technical people about IT and security, they often use language that virtually guarantees that the message will be ignored or misunderstood. This is often a problem for information security and privacy policies, which are written by subject-matter experts for people who lack the expertise. If you’re creating security documents, take extra care to avoid jargon, wordiness and other issues that plague technical texts. To…

May 21, 2018
Read More >>

Technical Writing Tips for IT Professionals

This cheat sheet offers guidelines for IT professionals seeking to improve technical writing skills. To print it, use the one-page PDF version; you can also customize the Word version of the document. General Recommendations Determine your write-ups objectives and audience. Keep the write-up as short and simple as possible to achieve the objectives. Use terminology and tone appropriate for the audience. Craft your text with the understanding that some readers will…

May 7, 2018
Read More >>

Security Product Management at Large Companies vs. Startups

Is it better to perform product management of information security solutions at a large company or at a startup? Picking the setting that’s right for you isn’t as simple as craving the exuberant energy of a young firm or coveting the resources and brand of an organization that’s been around for a while. Each environment has its challenges and advantages for product managers. The type of innovation, nature of collaboration, sales…

April 9, 2018
Read More >>

Practical Tips for Creating and Managing New Information Technology Products

This cheat sheet offers advice for product managers of new IT solutions at startups and enterprises. To print it, use the one-page PDF version; you can also edit the Word version to customize it for you own needs. Responsibilities of a Product Manager Determine what to build, not how to build it. Envision the future pertaining to product domain. Align product roadmap to business strategy. Define specifications for solution capabilities. Prioritize…

January 22, 2018
Read More >>

Hybrid Analysis Grows Up – Acquired by CrowdStrike

CrowdStrike just acquired Payload Security, the company behind the automated malware analysis sandbox technology Hybrid Analysis. Jan Miller founded Payload Security in 2014. The interview I conducted with Jan in early 2015 captures his mindset at the onset of the journey that led to this milestone. I briefly spoke with Jan again, a few days after the acquisition. He reflected upon his progress over the three years of leading Payload Security…

November 11, 2017
Read More >>

Tips for Reverse-Engineering Malicious Code – A New Cheat Sheet

This cheat sheet outlines tips for reversing malicious Windows executables via static and dynamic code analysis with the help of a debugger and a disassembler. To print it, use the one-page PDF version; you can also edit the Word version to customize it for you own needs. Overview of the Code Analysis Process Examine static properties of the Windows executable for initial assessment and triage. Identify strings and API calls that…

September 7, 2017
Read More >>

A Security Decision – Build or Buy

We are sometimes asked to compare our threat detection and response solutions to those custom assembled by security experts using various open source products. With a wide array of quality point solutions available, it’s natural to consider whether a combination of best-of-breed open source solutions can be a better option for a particular organization, rather than an integrated commercial solution. To start with, RSA is a big fan of open…

August 23, 2017
Read More >>

7 STEPS TO A GRC RISK MANAGEMENT FRAMEWORK—4: EVALUATE RISK TREATMENTS

This week, we continue our journey through the seven steps you can follow to build a risk management framework for information. We’ve already looked at how to identify important information that may be at risk in your organization, where to find the information and how to assess the risk it presents within its business context. If you’ve followed these steps, you know where the risks lie and how big they…

August 22, 2017
Read More >>

My Summer Defending the Digital Universe

In RSA’s quest to build out a deeper pool of future Defenders of the Digital Universe I had the pleasure of having Meghan O’Connor as a summer intern on my team.   During her exit interview I asked her what she didn’t realize about cybersecurity and fraud prevention prior to her internship and what advice she would now give. Didn’t realize… How common phishing attacks are, especially to gain access to…

August 21, 2017
Read More >>