Several years into your role as a security leader at a company, you’ll reach a point when you ask yourself, “What’s next for me?” This article discusses three ways to proceed if you choose to stay at your current organization. (It was co-authored by Yael Nagler and Lenny Zeltser.) At this point in your CISO tenure, you know your way around the company, you’re familiar with the cadence and patterns of the organization, you know what’s expected, and you understand your trajectory. Consider three paths available to you if you decide not to switch employers­­. Each path comes with the b ..read more

The notion that security is everyone’s responsibility in computer systems dates back to at least the early 1980s when it was included in a US Navy training manual and hearings in the US House of Representatives. Behind the pithy slogan is the idea that every person in the organization contributes to its security program. Even if the company has employees with “security” in their title, they cannot safeguard information assets on their own. After all, people outside the security team are the ones who deliver services, build products, or otherwise engage in business activities that require maki ..read more

As the CISO at a tech company, my responsibilities include empowering our software engineering teams to maintain a strong security posture of our products. While everyone agrees that security is important, the different incentives of security and engineering teams can make it harder to collaborate. Here's some advice on weaving security into the software development cycle based on my experience as a security leader (now, at Axonius) and a product manager (prior to my current role). Understand the Teams' Motivations To collaborate with software teams, first understand their worldview. What mot ..read more

Preparing for cybersecurity and data privacy incidents involves creating checklists and documented plans to enable the response team to do their best during the incident. Preparation also includes creating a template that the team can use as the basis for the incident report, which is critical to ensuring that the incident is handled well. We created such an incident report template when we developed our incident response procedures at Axonius. I’m happy to share the public version of this template with the community in this blog post. Incident responders are welcome to use it to strengthen t ..read more

As companies seek to optimize operations and constrain expenses, cybersecurity leaders worry about funding the projects we consider essential. Fortunately, in such an economic climate, we can achieve an outcome that benefits the organization from cybersecurity as well as financial perspectives. Here’s how. Start by critically reviewing how you’ll spend the security funds; this involves broadening your perspective beyond security. Next, partner with other departments to identify opportunities for them to save money in a way that also decreases the company’s attack surface. You’ll help reduce r ..read more

Today’s CISOs are more than technologists—we strive to make ourselves well-rounded business leaders. This involves aligning our efforts with business objectives and collaborating with colleagues who are not experts in IT or security. In fact, Gartner’s research found that top-performing CISOs regularly meet with three times as many non-IT stakeholders as they do with IT personnel. The research highlighted the need for security leaders to establish partnerships with top executives in sales, finance, and marketing. Building and maintaining these relationships requires situational awareness, bus ..read more

No matter the years of experience in cybersecurity, security professionals are often in situations where crucial details are missing. Yet, we often hesitate to ask questions because we don't want to appear ignorant or don't know what to ask. I captured my perspective on asking questions in a constructive way in a three-post series. Read the posts to learn how to use questions to succeed with the following cybersecurity activities: Planning: Preparing for tactical and strategic projects to strength the security program. Discovery: Assessing security, understanding requirements, investigating ..read more

Malware analysis sits at the intersection of incident response, forensics, system and network administration, security monitoring, and software engineering. You can get into this field by building upon your existing skills in any of these disciplines. As someone who’s helped thousands of security professionals learn how to analyze malware at SANS Institute, I have a few tips for how you can get started. Understand Where You Currently Fit Into the Malware Analysis Process There are several ways to describe the skills you to analyze malicious software. I like grouping them in 4 categories, whic ..read more

REMnux® offers a curated collection of free tools for reverse-engineering or otherwise analyzing malicious software. How to find the right tool for the job, given how many useful utilities come as part of the distro? To guide you through the process of examining malware, REMnux documentation lists the installed tools by category. Each grouping, which you’ll find in the Discover the Tools section of the documentation site, represents the type of actions the analysts might need to take: Examine static properties of a suspicious file: General, PE files, ELF files, deobfuscation Statically analy ..read more

10 years after the initial release of REMnux, I’m thrilled to announce that REMnux version 7 is now available. This Linux distribution for malware analysis includes hundreds of new and classic tools for examining executables, documents, scripts, and other forms of malicious code. To start using REMnux v7, you can: Download REMnux as a virtual appliance Set up a dedicated REMnux system from scratch Add REMnux to an existing Ubuntu 18.04 host Run REMnux distro as a Docker container What’s New? What’s new in REMnux v7? Almost everything! All the tools have been refreshed, some have been retire ..read more