EU GDPR Spotlight: Pseudonymization as an Alternative to Encryption


Have I mentioned lately that the EU General Data Protection Regulation (GDPR) is a complicated law? Sure, there are some underlying principles, such as Privacy by Design (PbD) and other ideas, that once you understand, the whole thing makes more sense. But there are plenty of surprises when you delve into the legalese. For example, […]

Continue Reading →

A Guide to PCI DSS 3.2 Compliance: A Dos and Don’ts Checklist


Before you begin, download the PCI Compliance Checklist PDF and follow along! Table of Contents Overview 3.2 updates – What You Need to Know New Compliance Deadlines Multi-factor Authentication PAN Masking and Visibility Stricter Reporting for Service Providers PCI’s 12 Step Program Made Simple Defend Your Cardholder Data Defend Against External Threats Defend Against Internal […]

Continue Reading →

Podcast Episode #11 – Everything You Need To Know About Passwords


The latest string of mega breaches that compromised approximately 642 million passwords has shown us how vulnerable we still are. Yes, passwords are obsolete, and we should at least use two-factor authentication. But the fact remains, unless we find a password solution to really shake up how to think, use, and manage passwords on apps […]

Continue Reading →

The Cyber Kill Chain or: how I learned to stop worrying and love data breaches


Pulling off a heist is no easy feat – and in order to prevent theft, you best understand the plan of attack. Like any good ol’ traditional heist, there are multiple stages to consider in a cyber-attack. To help prevent and detect cyber-attacks and security breaches, we look to the cyber kill chain. Lockheed Martin […]

Continue Reading →

Cyber Espionage: Could Russian and Korean Hackers Have Been Stopped (With UBA)?


Once upon a time, breaking into the Democratic National Committee required non-virtual thieves picking real door locks and going through file cabinets. And stealing the design secrets of a fighter jet was considered a “black bag” job that utilized the talents of a spy who knew how to work a tiny spy camera. Then, that […]

Continue Reading →

The Differences Between DLP, IAM, SIEM, and Varonis Solutions


You can’t always do it all alone and sometimes you need help from your friends. It’s good life advice, and as it turns out, good advice for a security solution. A multi-pronged security program that uses a mix of technologies and approaches is the best way to reduce risk and to protect you organization’s most […]

Continue Reading →

Podcast Episode #10 – Recent Cybersecurity Warnings from the FBI


Rob Sobers, Mike Buckbee and Kilian Englert joined me for an interesting conversation as we discussed recent cybersecurity warnings from the FBI. Here’s the best of what you might have missed: Keystroke loggers disguised as USB phone chargers Cindy: Let first define keystroke logging Mike: A keystroke logger is anything that’s recording the keystrokes and often […]

Continue Reading →

EU GDPR Spotlight: Protection by Design and Default


Privacy by Design (PbD) is a well-intentioned set of principles – see our cheat sheet – to get the C-suite to take consumer data privacy and security more seriously. Overall, PbD is a good idea and you should try to abide by it. But with the General Data Protection Regulation (GDPR), it’s more than that: […]

Continue Reading →

Podcast Episode #9 – Why The Greatest Danger To The Financial System Is Cybersecurity


According to the chair of the SEC, the greatest danger to the world financial system is cybersecurity. And it made me wonder, at what point, while the financial transactions are happening that money is vulnerable? Mike Buckbee and Kilian Englert joined me for an interesting conversation as I inquired about shopping online, using wearables and […]

Continue Reading →

Next-Gen Ransomware (Ransomworm!) Gets Deadlier


Ransomware developers have been busy adding more deadly functions to their evil creations. First we heard about DDOS capabilities appearing in modified versions of Cerber.  Now Microsoft reports that a new ransomware variant has the power to spread like a worm. Known as ZCryptor, it infects other users by dropping an autorun.inf file into removable […]

Continue Reading →