A recent study showed that even though 82% of cybersecurity professionals are familiar with the MITRE ATT&CK framework, only 8% said they used it regularly. This led to development of the new MITRE ATT&CK Defender training and certification. Rick Gordon of MITRE Engenuity explains.
Manish Dave of LafargeHolcim has been part of the manufacturing industry all his professional life. He heads the IT security and internal controls for the APAC region and aims to have a false positive rate of zero.
If anyone ever doubted the importance of thinking strategically about cybersecurity, laying the groundwork for expected future requirements, then the coronavirus pandemic will have made that clear, says Kerissa Varma, group CISO of Old Mutual Ltd., who offers lessons learned for being "truly resilient."
As a retired Air Force general and the former federal CISO of the United States, Gregory Touhill is well-versed in critical infrastructure protection and resiliency. Now, as the new director of CMU SEI's CERT division, he has the opportunity to help foster new levels of education and collaboration.
The past year has taught us much about resilience. But how do we update our tools and skills for the future? Vasu Jakkal, corporate vice president at Microsoft, discusses new, fundamental cybersecurity shifts and how our strategies for acquring skills and diversity must reflect them.
He's been a police officer, a Secret Service agent, a CIO and a CISO. And it all comes together. Don Cox, currently a chief technology evangelist at CIBR, discusses his career path and how his police background assists him in leading cybersecurity organizations.
The mass migration to cloud has only added to the global cybersecurity gap, and John Yeoh, global vice president of research at the Cloud Security Alliance is among those calling for greater "diversity by design" as enterprises look to fill these roles.
Flavio Aggio of the World Health Organization says that just like technology, humans also require an OS upgrade. Key to this understanding what risks you're taking and then using multiple layers of defense to manage them.
Could the theme of this year's RSA Conference be anything other than resiliency? In a world still being transformed by the coronavirus pandemic, RSA CEO Rohit Ghai launched this year's conference by celebrating the "first responders" - medical, but also cybersecurity - that have helped society respond and adapt.
Welcome to RSA Conference 2021. By virtue of being virtual, we've brought our entire global team to bear on gathering the very latest cybersecurity trends, technologies and takeaways from our industry's leading thinkers via ISMG's largest and most diverse set of video interviews to date.
No one needs more stats about the skills gap in cybersecurity; many organizations are obviously facing challenges in recruiting, skilling, and retaining security professionals. We haven’t written this cheat sheet to tell you what you already know. Instead, we will outline a realistic strategy for workforce-wide...
In order to keep pace with hackers, you need to learn like hackers. That’s why when it comes to guidance on building detection and response programs, MITRE ATT&CK® – which has a strong adversarial focus – trumps traditional frameworks such as the Diamond Model (which lacks technical depth), and Lockheed...
Cyber crisis response and preparedness is on everyone’s lips, yet organizations’ efforts are failing to adapt to modern threats. While table top exercises have long been considered an essential tool in preparing organizations to face cyber crises, they’re now rapidly falling into obsolescence.
So what’s the...
'Mega breaches' might sound dystopian, but they're becoming an all too familiar feature of the modern cyber crisis. Yet organizations are still relying on traditional techniques to prepare and exercise their workforces' cyber crisis response. Enter micro-drilling: the modern alternative to tabletop exercising.
Cybersecurity training: from dry-as-dust videos to cutesy animations of hapless office workers to streams of green code on a black screen. The variety out there is staggering, and it’s hard to know where to start – or what's really going to work.
Luckily, the most effective forms of training – for all teams,...