Commentary Archives | Chronicles of a CISO

My Daily Cybersecurity Reading List

Jul 22, 2019John Masserini4 CommentsCommentary

Overwhelmingly, there is one question about cybersecurity I am asked far more than any other. What’s the best solution I’ve used? Nope. What’s my favorite conference to attend? Negative. How did I get started in Information Security? Nahh.. Without question, the one thing I am asked most these days is.. What do you read every…

When Security Metrics Miss The Point

May 9, 2019John Masserini2 CommentsCommentaryManagement, Metrics

After countless years of presenting to boards, executives, and colleagues, I’ve found that I’ve developed almost a split-personality when I’m asked about what metrics to track.

Two-factor Authentication Is Not Dead

Apr 1, 2019John Masserini3 CommentsCommentary2FA, Authentication, IAM, Identity, MFA

I’ve had just about enough of the fear mongering and lazy ‘reporting’ that’s been in the press recently around how two-factor authentication is broken. I’m not sure about you, but the way the doomsday preachers in mass media have torn apart two-factor authentication lately really has me wondering about the state of journalism anymore. I…

Free NIST CSF Maturity Tool

Jan 28, 2019John Masserini5 CommentsCommentaryManagement, Maturity, NIST

In my previous post, ‘My Three Wishes for 2019’, I had wished that we all find a way to give back to the industry, even a little bit. In an effort to fulfill that desire, I wanted to share a simple, but effective tool I’ve used, in various forms, for many years. The NIST CSF…

My Three Wishes for 2019

Dec 31, 2018John Masserini1 CommentCommentaryDiversity, Quantum, STEM

It’s the end of the year and like all of you, my news feed has been filled with ‘Predictions for 2019’ to such a point that I basically ignore them. And while I admit that I did indeed write one of those a few years back, I’ve about had more than my fill at this…

The Identity Maturity Calculator

Dec 19, 2018John MasseriniCommentaryIAM, Identity, Management

Since writing The Identity Catechism a few months back, I’ve had a number of requests for advice or suggestions on how to measure the maturity of an enterprise identity program. In an effort to help, I’ve put together the Identity Maturity Calculator as sort of a guide to provide some insight as to where you may…

Fahrenheit 451 – Security Research Edition

Nov 12, 2018John MasseriniCommentaryLaw, Research

In 1998, the US passed The Digital Millennium Copyright Act (DMCA) in an effort to enact several of the requirements of World Intellectual Property Organization (WIPO). DMCA makes it a crime to publicize technologies which are developed to bypass measures that control access to copyrighted works. DMCA also makes it a criminal act to subvert…

The Identity Catechism: Fifteen questions every CISO should ask about their Identity program

Oct 16, 2018John MasseriniCommentaryBiometrics, IAM, Identity, PAM, Password, Strategy

The evolution is underway. Our infrastructures are borderless, our critical data is cloud based, and our users work from anyplace on the globe – or 36,000 feet above it. Our legacy controls are as outdated as the conceptual hardened perimeter and our users are still human; and will still succumb to the (not so) well…

A Contrarian View of the NIST Digital ID Standards

Jul 19, 2018John MasseriniCommentaryIAM, Identity, NIST, Password

Recently, while attending a conference in DC, I was part of a discussion around the new NIST Digital Identity Guidelines (SP 800-63) and how “…it turned the password world upside down”. Soon we were discussing the studies that were cited, and the logic behind the new recommendations, and how this would help CISO’s “look like…

Why Diversity Matters in Leadership

Jun 24, 2018John MasseriniCommentaryDiversity, Management

Diversity di·ver·si·ty | \də-ˈvər-sə-tē, dī-\ Definition of diversity 1 : the condition of having or being composed of differing elements : the inclusion of different types of people (such as people of different races or cultures) in a group or organization» programs intended to promote diversity in schools 2 : an instance of being composed…

John MasseriniFollow

Opinionated security geek trying to make a difference. Dealing with InfoSec since early 90's - way before it was 'cool'

John Masserini @John_Masserini·

11 Oct

Today’s Daily News | Chronicles of a CISO
~Human Rights Activist Targeted With NSO Malware
~ESET discovers Attor, a spy platform
~Attackers Hide Behind Trusted Domains, HTTPS
~No-Nonsense Guide to SOC Metrics

#InformationSecurity #Quantum #Cybersecurity

https://johnmasserini.com/daily-news/

Reply on Twitter 1182632117269860358 Retweet on Twitter 11826321172698603582 Like on Twitter 11826321172698603582 Twitter 1182632117269860358

John Masserini @John_Masserini·

10 Oct

Today’s Daily News | Chronicles of a CISO
~Programmer releases ransomware decryption keys
~MasterMana evasion with URL shorteners
~Critical RCE fixed in iTerm
~Hackers Target ERP, SAP and Oracle
~More

#InformationSecurity #Quantum #Cybersecurity

https://johnmasserini.com/daily-news/

Reply on Twitter 1182281225467240450 Retweet on Twitter 11822812254672404501 Like on Twitter 11822812254672404503 Twitter 1182281225467240450

John Masserini @John_Masserini·

9 Oct

Today’s Daily News | Chronicles of a CISO
~Cybersecurity M&A Due Diligence Checklist
~7 Considerations Before Adopting Security Standards
~BEC Attacks Spike 269%
~How Will 5G Deployment Impact Smart Cities?

#InformationSecurity #Quantum #Cybersecurity

https://johnmasserini.com/daily-news/

Reply on Twitter 1181907469670518785 Retweet on Twitter 11819074696705187851 Like on Twitter 1181907469670518785 Twitter 1181907469670518785

John Masserini @John_Masserini·

8 Oct

Today’s Daily News | Chronicles of a CISO
~Hackers use survey as pretext
~D-Link Routers Open to Remote Takeover
~FBI Warns Of Attacks That Bypass MFA
~Why Zero Trust Is Critical to Productivity
~more..

https://lnkd.in/eiDmmWN

#InformationSecurity #Quantum #Cybersecurity

Reply on Twitter 1181554739336695808 Retweet on Twitter 11815547393366958082 Like on Twitter 11815547393366958082 Twitter 1181554739336695808

John Masserini @John_Masserini·

7 Oct

Today’s Daily News | Chronicles of a CISO
~New Android 0-day
~100’s Of Data-Race Conditions In Linux
~Numerous VPN Vulnerabilities Under Exploit
~Military warns of hackers targeting American troops
~more..

#InformationSecurity #Quantum #Cybersecurity

https://johnmasserini.com/daily-news/

Reply on Twitter 1181180873699287041 Retweet on Twitter 11811808736992870414 Like on Twitter 11811808736992870412 Twitter 1181180873699287041

John Masserini @John_Masserini·

4 Oct

Today’s Daily News | Chronicles of a CISO
~FISMA and Firmware Security
~Buffer overflows in libpcap & tcpdump
~Police Take Down DDoS Botnets
~Researchers Link Magecart Group 4 to Cobalt Group
~ Plus 14 more..

#InformationSecurity #Quantum #Cybersecurity

https://johnmasserini.com/daily-news/

Reply on Twitter 1180093961890869249 Retweet on Twitter 11800939618908692491 Like on Twitter 11800939618908692491 Twitter 1180093961890869249

John Masserini @John_Masserini·

3 Oct

Today’s Daily News | Chronicles of a CISO
~New Attack Puts Spin on BEC
~Quantum-Safe Cryptography : Prepare Now
~Android users install 335m MalApps last month
~Terrible OpSec Reveals Hacking Group
~more..

#InformationSecurity #Quantum #Cybersecurity

https://johnmasserini.com/daily-news/

Reply on Twitter 1179731573899268096 Retweet on Twitter 11797315738992680962 Like on Twitter 11797315738992680961 Twitter 1179731573899268096

John Masserini @John_Masserini·

1 Oct

Today’s Daily News | Chronicles of a CISO
~New Critical Exim Flaw
~8 Microsegmentation Pitfalls
~Harvesting Attacks and the Quantum Revolution
~Cyber Threats to Medical Imaging Systems
~ Plus 6 more..

#InformationSecurity #Quantum #Cybersecurity

https://johnmasserini.com/daily-news/

Reply on Twitter 1179008308092526593 Retweet on Twitter 1179008308092526593 Like on Twitter 1179008308092526593 Twitter 1179008308092526593

John Masserini @John_Masserini·

30 Sep

Today’s Daily News | Chronicles of a CISO
~Woke Hiring Won’t Save Us
~5G and IoT
~Researcher Drops phpMyAdmin 0Day
~Google’s DNS-Over-TLS Plans Scrutinized
~exe2powershell – Convert EXE to BAT Files
~ more..

#InformationSecurity #Quantum #Cybersecurity

https://johnmasserini.com/daily-news/

Reply on Twitter 1178644410289909762 Retweet on Twitter 117864441028990976213 Like on Twitter 11786444102899097626 Twitter 1178644410289909762

John Masserini @John_Masserini·

12 Sep

Today’s Daily News | Chronicles of a CISO
~Firmware:Attack Vector Needs Leadership
~198 Million Car-Buyer Records Exposed
~Kaspersky Ban Made Permanent
~Payroll Provider Collapses, Banks Drain Accounts

#InformationSecurity #Quantum #Cybersecurity

https://johnmasserini.com/daily-news/

Reply on Twitter 1172135228560875520 Retweet on Twitter 11721352285608755202 Like on Twitter 1172135228560875520 Twitter 1172135228560875520