The Role of Cognitive Security in Addressing the Incident Response Speed Gap

“The number one challenge for security leaders today is reducing average incident response and resolution times.” — IBM IBV Cognitive Security Report

In November, IBM’s Institute for Business Value (IBV) released a report titled “Cybersecurity in the Cognitive Era: Priming Your Digital Immune System.” The report provides insights gleaned from a study of over 700 security leaders from across the globe and seeks to uncover the security challenges organizations face, all while shedding light on how to address them. The study also evaluated the impact of cognitive security solutions and gauged the industry’s current level of readiness for the oncoming cognitive era. Continue reading at

Top 5 most-read articles of 2016

1.The CISO Job Market in 2016: Time to Jump Ship? 2.Cyber Risks: Three Areas of Concern for 2016 3.Five Signs the CISO Who Got You Here Isn’t the Best One to Get You There 4.Is Your CISO Out of Place? 5.Highlights From the World Economic Forum’s Global Risks Report 2016

Thanks to all of those who have found value in my articles and for your comments. Of course, thank you for sharing the articles you have liked with your network. Look for an uptick in activity in the coming months. Continue reading “Top 5 most-read articles of 2016”

The Emerging Trend of Gamification in Cybersecurity

Most companies are learning the hard way that what they thought was secure is really not. Data breaches are an epidemic and every year of intrusion reports outpace the previous year. As a result of procrastination on cyber threats, corporate leadership has been playing catch up by procuring IT security technologies, educating their boards of liability issues, and hiring cybersecurity talent.

For many years the defense and intelligence communities have relied upon a concept called gamification to test concepts, strategies, and potential outcomes in various scenarios via computer simulation. They have found that gamification heightens interest of the players involved and serves as a stimulus for creativity and interchange of ideas which is vital for keeping an edge. As computers have become faster and more capable and data gathering abilities have has exponentially grown, gamification has become a “go to” process for many involved in the security community. Continue reading “The Emerging Trend of Gamification in Cybersecurity”

Has Information Gone Rogue?

Taking advantage of these feelings and sentiments are at the core of Psychological Warfare (PSYWAR) and Psychological Operations (PSYOPS) and in an era of liberalized information, traditional media sources need to be more responsible, otherwise they are only contributing to the problem. Yes, an open and free press is essential to the Western way of life; but an open and free press also has the responsibility to protect the Western way of life, not expose it to vulnerability.

So I am back because the second trailer of Rogue One was released a few days ago and because of that other cyber security related thing some of you may have heard of: #WikiLeaks.

I have been extremely reluctant to make any comments on the #Podesta e-mails; there has been plenty of commentary and punditry on the issue and how it will affect the campaign of #HillaryClinton, therefore one more opinion would not necessarily add to the body of knowledge. But, I do have this open question: why is anybody surprised a breach of this magnitude could occur?

Moving on, this article has a very different intent, namely: broad issues related to Information Warfare (IW) and Information Operations (IO). Continue reading “Has Information Gone Rogue?”

Emerging focus on cyberthreats to energy infrastructure

Much of our grid still relies on antiquated technologies, and more investment in defenses are needed. As technology exponentially advances and as threat actors (including cyber mercenaries) gain tools via the dark web, that number of potential state-sponsored adversaries could expand in the near future.

Last week, the Kentucky Office of Homeland Security hosted an exercise simulating attacks on the power grid and government computer networks. Participants included law enforcement, first responders, and private sector representatives engaged in health and security.

The exercise centered on how the state would react if hackers were able to take down Kentucky’s energy grid while simultaneously engaged in the exfiltration of information from government computer networks. The goal was to provide a gap model and develop best practices that can be utilized by other states and by the federal Department of Homeland Security (DHS). Continue reading “Emerging focus on cyberthreats to energy infrastructure”

Safeguarding Patients and Data In The Evolving Healthcare Cybersecurity Landscape

The reality is that hospitals are a logical hacker target for several reasons. They are susceptible to phishing attacks and insider threats because of the large data flows throughout various systems. They are many points of vulnerability for malware/ransomware extortion because their systems are networked with multiple stations and devices. In addition, most workers in medical facilities are not trained in basic cybersecurity hygiene.

Healthcare cybersecurity is in a state of transformation. As medical care becomes more networked and interconnected via computers and devices, the digital landscape of health administrators, hospitals, and patients, has become increasingly vulnerable.

The cybersecurity healthcare landscape has many facets. These include the information security networks of medical facilities and hospitals, medical equipment and devices, and protection of the privacy of patients. Technologies, processes and people are the cornerstones of the healthcare cybersecurity transformation. Continue reading “Safeguarding Patients and Data In The Evolving Healthcare Cybersecurity Landscape”

Technology Foraging for Cybersecurity Solutions

In government, there is an extensive infrastructure of agencies geared toward facilitating technology foraging. For specifically enhancing cybersecurity capabilities, there are dedicated research and development efforts being conducted at (among other agencies) the Department of Homeland Security (DHS), the Department of Defense (DOD), the Department of Energy/National Labs (DOE), and in the Intelligence Community (IC).

Technology foraging, or searching for smart ideas and technologies, is a key element of research and development both in the public and private sectors. It serves as a basis for discoveries of new products, applications, and processes brought to the marketplace. There are many hidden treasures yet to be discovered, commercialized, licensed and integrated into technology solutions. Foraging can impact all innovations across the emerging technology spectrum, including in cybersecurity areas. Continue reading “Technology Foraging for Cybersecurity Solutions”

The Gender Gap in Cybersecurity Can, and Should Be, Closed

The challenge at hand, to ameliorate the shortage of cybersecurity professionals and close the gender gap, is to educate, train, and facilitate women to fill the pipeline for a qualified information security workforce.

There are huge, growing demands for a modern cybersecurity workforce in both the private and public sectors; there is also a significant shortage of skilled professionals. There is an especially wide gender gap in cybersecurity and in many technology jobs as well. But this is a gap that can, and should, be closed. Continue reading “The Gender Gap in Cybersecurity Can, and Should Be, Closed”

Grading Global Boards of Directors on Cybersecurity

Despite apparently being way ahead of their contemporaries in the E.U. countries surveyed, US and UK directors and executives clearly have work to do. One cybersecurity executive aptly noted: “Cyber security is ‘no longer a dark art but an everyday business practice that must pervade every level of the organization.’”

On April 1, 2016 NASDAQ, along with Tanium (a leading-edge cybersecurity consultant), released a detailed survey of nonexecutive (independent) directors and C-suite executives in multiple countries (e.g., the US, UK, Japan, Germany, Denmark, and the Nordic countries) concerning cybersecurity accountability. [1] NASDAQ and Tanium wished to obtain answers to three basic questions: (1) how these executives assessed their company’s vulnerabilities to cybersecurity threat vectors; (2) how they evaluated their company’s readiness to address these vulnerabilities; and (3) who within the company was held “accountable” for addressing these cybersecurity vulnerabilities. Continue reading “Grading Global Boards of Directors on Cybersecurity”

Navigating the Cybersecurity Storm in 2016

“Our nation is being challenged as never before to defend its interests and values in cyberspace. Adversaries increasingly seek to magnify their impact and extend their reach through cyber exploitation, disruption and destruction.”

—Admiral Mike Rogers, Head of US Cyber Command September 9, 2015

A very recent article in the UK publication The Guardian, entitled “Stuxnet-style code signing of malware becomes darknet cottage industry,” [1] raises the specter of bad actors purchasing digital code signatures, enabling their malicious code to be viewed as “trusted” by most operating systems and computers. Two recent high profile hacks utilized false or stolen signatures: Stuxnet, the code used to sabotage the Iranian nuclear program, allegedly jointly developed by America and Israel, and the Sony hack which was allegedly perpetrated by the government of North Korea. Both of these instances involve sovereign states, with effectively unlimited resources. Continue reading “Navigating the Cybersecurity Storm in 2016”