LinkedIn Twitter Facebook Email Estimated Reading Time: 2 minutes NIST Cybersecurity Framework v2.0 As promised, I have updated the CSF tool to reflect the new NIST CSF 2.0 version released on February 26, 2024. While the tool has maintained much of its heritage from prior versions, there have also been some much-needed UI improvements for this release. Readability enhancements – Cleaner fonts, better spacing, and highlighting make the summary page easier to read. Added the number of controls each category contains. Added ‘reasoning’ sections to the scoring page so the justification for th ..read more

LinkedIn Twitter Facebook Email Estimated Reading Time: 5 minutes Last week, after three long years, the Securities & Exchange Commission (SEC) decided to issue a Wells Notice to SolarWinds, informing them of their intent to initiate enforcement proceedings for the 2020 breach that impacted thousands of customers. In their 8-K filing, the company stated that the CFO, CISO, and several other current and former company executives were issued notices. While, over the past several years, it is not uncommon for the SEC to initiate enforcement actions on companies for cybersecurity breaches ..read more

LinkedIn Twitter Facebook Email Estimated Reading Time: 11 minutes Private Equity’s Decade of Growth Over the last 10 years, the private equity market has seen tremendous growth. According to Preqin, private equity assets under management (AUM) have grown from $2.37 trillion in 2010 to $4.56 trillion in 2020. This represents a 92% increase in AUM, or an average growth rate of 8.2% per year. Additionally, private equity fundraising over the past 10 years has seen a compound annual growth rate of 8.8%. In 2020, private equity fundraising reached a record high of $895 billion. The private equi ..read more

LinkedIn Twitter Facebook Email Estimated Reading Time: 3 minutes The Veterans According to the Department of Labor, each year, nearly 200,000 veterans leave active duty for civilian life. While there are many career-focused resources available to assist in the transition, many veterans seem to overlook how well their service time translates to the field of cybersecurity. The battlefield is changing, but the qualities that make an excellent soldier have not – tenacity, problem-solving, risk/threat analysis, and a desire to serve a high purpose are all traits that help you excel in the cyber ..read more

LinkedIn Twitter Facebook Email Estimated Reading Time: < 1 minute An interview I did with Ericka Chickowski of DarkReading on the importance of useability of security products. From the article: Solid detection algorithms and whiz-bang defensive technologies are important in the cat-and-mouse game of cyberdefense. But even the most perfect back-end engines are useless if the tools themselves are clunky and difficult to operate. Usability plays a huge role in the effectiveness of security tooling, and not just when the tool faces the end user. With too many dashboards to handle and mushr ..read more

TechTarget interview around aligning Crisis Management and Business Continuity with the control structures of the organization. All CISOs have responsibilities and pressures that make the job fun, interesting and sometimes a bit terrifying. But consider the world of John Masserini. As CSO at MIAX Options Exchange, he is responsible for information security, physical security, business continuity and privacy for the company. MIAX Options has assembled a team with deep-rooted experience in developing, operating and trading on options exchanges. Its trading platform was developed in-house and de ..read more

An interview with CSOonline around the hiring challenges the security industry continues to face. New U.S. Attorney General Jeff Sessions may disagree about whether there is a shortage of skilled IT workers in America, as he has asserted at hearings over the past two years, but talk to most CISOs and they will confirm that when it comes to cybersecurity talent in particular, the skills shortage is very real. “There’s no doubt about it,” says John Masserini, CISO at equity derivatives market MIAX Options in Princeton, N.J. “We’ve had two positions open for three months now,” a security operati ..read more

The report includes an overview of the technology, staffing implications, recommendations for selling User Behavior Analytics (UBA) to the C-Suite and possible objections. It also features a market assessment based on responses to a Request for Information (RFI) submitted by eight vendors. Developed by CISOs, the RFIs, which are included in the report, highlight the most important technology aspects of the solutions. The value of peer input cannot be overstated. Authored by leading Chief Information Security Officers, CISOs Investigate is an ongoing series that offers first-hand insights to s ..read more

I recently had the honor of participating in an IBM/International Consortium of Minority Cybersecurity Professionals (ICMCP) event in Manhattan. This is coverage of the panel I was on which discussed hiring diversity and the benefits to the entire workplace. For more information on the International Consortium of Minority Cybersecurity Professionals (ICMCP), visit their website at www.ICMCP.org. The benefits of having a diverse cyber workforce were pounded home on October 4 by CISOs, government officials and academics during the IBM/International Consortium of Minority Cyb ..read more

LinkedIn Twitter Facebook Email Estimated Reading Time: 4 minutes The Internet of Things is here.. By now, you’re probably well aware of the fate recently befallen on the Brian Krebs site KrebsOnSecurity.com. A Distributed Denial of Service (DDoS) attack in excess of 620/Gbps caused such a strain on one of the world’s largest DDoS protection services, that Krebs asked that his site fundamentally be black-holed until the storm passed. What you may not have heard of is yet another attack a few days later on OVH hosting, which demonstrated a similar type of attack that reached almost 1/Tbps ..read more