Blogs

This episode of Women in Cybersecurity features Barbie Bigelow, a veteran CIO, cybersecurity executive, board member, advisor, and investor. She is currently CEO of Emerald Growth Partners, LLC, (formerly Better Technology Partners, LLC), which she founded to help clients develop and execute strategic moves while leveraging technology to accelerate growth and increase margins. Clients have included Fortune 500 companies, startup ventures, and non-profits, and she is passionate about sharing her knowledge and increasing the number of women in leadership and board member roles.

Barbie said she got into cybersecurity out of operational necessity; after all, if there is a cybersecurity incident, it affects operations. In her first CIO role at an electronics company, she created a cyber incident response team (CIRT). Since then, she's held roles and advised companies on how to approach cybersecurity in ways to support technological innovation and business needs.

Don't miss her video below, and be sure to check out the full audio interview to learn about her story and her commitments to helping increase the number of women in leadership roles in cybersecurity. 

In this episode of Women in Cybersecurity, I was delighted to interview Helen Patton, an experienced CISO who literally wrote the book on Navigating the Cybersecurity Career Path and is currently CISO for the Cisco Security Business Group. I'm also a longtime follower of hers on twitter where she shares information and resources for security leaders. 

Like many of us, her path to cybersecurity wasn't exactly direct or planned; she says, it was "a series of accidents and unexpected opportunities," where she moved from IT support, to disaster recovery, to cybersecurity. As someone who is passionate about her role and helping others, she is generous in sharing information and advice for other CISOs, as well as bringing more people into our field and helping them thrive. 

Don't miss her video below, and be sure to check out the full audio interview.

Two recent high-profile breaches—Intercontinental Hotels Group and Uber—demonstrate the criticality of securing your identities. Both of these attacks started with a social engineering attack. One started with traditional business email compromise (BEC), and the other started with MFA push bombing. The next stage of both attacks compromised the password/secrets vault.

Organizations are increasingly moving applications to the cloud to better serve their customers, partners, and employees. The ability to quickly deploy applications to the cloud so employees, partners, and customers can connect to companies for business transactions and services gives organizations a competitive advantage. This makes maintaining security posture more important than ever, as  increasing the availability of products and services connected to company and customer data increases exposure to attacks. Cloud security posture management (CSPM) is key to mitigating security risk while enabling the use of innovative cloud technologies that drive better business results.

There are many different cybersecurity categories, and it seems that a new category is created every minute. If you're paying attention to cloud security, you may have seen or heard about DSPM—data security posture management. 

This episode of Women in Cybersecurity features Wendy Thomas, President and CEO of Secureworks, a leading cybersecurity company that helps its global customers build effective cybersecurity programs with innovative technology and professional services. With a mathematical background in economics and finance, she found that the field of cybersecurity provides a rewarding trifecta: the opportunity to work globally across cultures and geographies, intellectually stimulating work using innovative technology; and the ability to make a positive impact.

Her leadership includes diversity and inclusion initiatives to reflect the global markets Secureworks serves, and she is an advocate for childhood cyber literacy, starting as early as elementary schools.

Don't miss her video below, and be sure to check out the full audio interview.

My colleague John Grady completed a new research report on Trends in Modern Application Protection. It covers how organizations are modernizing their application architectures and the challenges they are seeing in web application and API protection platforms. In this video, we discuss some of his findings on API security. Watch the video below to learn about:

• The growth of APIs
• Challenges and methods to secure them
• API incidents that organizations have experienced and their impacts
• Methods of remediating API coding errors and their effectiveness
• What to look for in an API protection platform

As ransomware actors have gained in experience and sophistication, they've adopted new tactics. Before encrypting your data, they exfiltrate it. This way, they can make you pay twice--first for an encryption key, and second, an extortion fee to prevent the attacker from publishing your sensitive data.

Data security encompasses the principles and practice of ensuring legitimate access and preventing unauthorized access to data to preserve the cybersecurity triad of confidentiality, integrity, and access (CIA). A data security platform that enables you to discover, classify, and protect your sensitive data can stop a ransomware attacker from data exfiltration and limit your exposure to extortion.

Easy-to-remember passwords are easy to crack. Strong passwords are hard to remember,
leading to password reuse and the risk of password compromise that causes multiple account takeovers. Passwords are risky business.

Multifactor authentication (MFA) is a way to combat the inherent weaknesses of passwords. Yet MFA is also susceptible to compromise. Passwordless authentication based on the FIDO standards and public key encryption is the new archetype for authentication, and is phishing- and compromise-resistant. 

first met Laurie when we worked together at Qualys, where she was a superstar sales leader who had a technical background. She got her start in tech support, moving into network engineering, and then into cybersecurity roles at VeriSign and SecureWorks. Then she worked at CVS doing vulnerability management before moving to Qualys, where she spent nearly nine years, including serving as Executive VP of Worldwide Field Operations. Now she heads up strategic alliances for Veracode. With her technical background and her understanding of customer needs, she is passionate about helping them solve their biggest cybersecurity challenges with effective solutions. 

Don't miss her video below, and be sure to check out the full audio interview.