Occasionally, I will come across an article or blog that I feel is valuable enough to archive. It may be on a new approach to something, a piece that provides a fundamental understanding of a topic, or just some article that I think is critical reading for some reason or another. The Reading Room will be such a collection of articles.


Protect Your Enterprise From BGP Route Hijacking

{JJM} Yet another… we need to do the basics right… Share!

To Scan or Not to Scan? Why Frequency Matters for DevSecOps

{JJM}There are strong cases to be made that by empowering developers to scan their code as often as they want, the number of vulnerabilites drops

How To Fix ‘The Site Ahead Contains Malware’ Error On A WordPress Site?

{JJM} A useful primer for those who are dealing with the rash of Magecart attacks. Share!

Overcoming crypto assessment challenges to improve quantum readiness

{JJM} I’ve been beating the drum about this for a while. As an industry, we need to consider how long it takes for us to

A Few Leadership Work-From-Home Tips

With so many people now being asked to work-from-home as part of the evolving COVAD-19 precautions, I figured it was worthwhile to put together a

Opportunity in Cybersecurity Report 2020

{JJM} Great report by Tessian on the economic benefits of diversity in the cyber-workforce. Share!

Threat Research Report: The State of Cryptomining

A fantastic detailed write-up of the State of Cryptomining.  – JJM Share!

In the Market for a MSSP? Ask These Questions First

Not all managed security service providers are created equal. These questions can reveal whether you are hiring the right people to help secure your business.

Reasons Behind the Cybersecurity Skills Gap

There have been a lot of studies this year examining the cybersecurity workforce and skills shortage, but the (ISC)2 Cybersecurity Workforce Study 2019 has taken

How to Secure Critical Infrastructure When Patching Isn’t Possible

Mission-critical systems can’t just be switched off to apply security updates — so patching can take weeks if not years. Share!

Linux users warned to update libarchive to beat flaw

The bug is identified as CVE-2019-18408, a high-priority ‘use-after-free’ bug when dealing with a failed archive. Share!

To Prove Cybersecurity’s Worth, Create a Cyber Balance Sheet

How tying and measuring security investments to business impacts can elevate executives’ understanding and commitment to cyber-risk reduction. Share!

Spear phishing is now the main attack vector for cybercriminals, says Europol

Spear phishing is the number one cyber-threat to organizations in the European Union, according to the European Cybercrime Centre (EC3), a group of cybersecurity experts

PPT Template: Build Your 2020 Security Plan

The end of the year is coming, and it’s time for security decision-makers to make plans for 2020 and get management approval. Typically, this entails

The truth about Google’s “Quantum supremacy”

A video Q&A with Andreas Antonopoulos dealing with Google’s recent comments on Quantum supremacy and the impact to Bitcoin and legacy encryption.  Share!

Black Hat USA 2019, Rebecca Lynch ‘s ‘Woke Hiring Won’t Save Us: An Actionable Approach To Diversity Hiring And Retention’

Thanks to Black Hat for publishing the Black Hat 2019 tremendous conference videos on their YouTube Channel Permalink The post Black Hat USA 2019, Rebecca

5G and IoT: How to Approach the Security Implications

Experts from Nokia, iboss and Sectigo talk 5G mobile security for internet of things (IoT) devices in this webinar YouTube video (transcript included). Share!

The Definitive RFP Templates for EDR/EPP and APT Protection

Advanced Persistent Threats groups were once considered a problem that concerns Fortune 100 companies only. However, the threat landscape of the recent years tells otherwise—in

Information Security Professional Degeneration

By Ian Trump If you ask mid-and-advanced-career information security professionals about their jobs in information security, most of them may not express the kindest sentiments.

Simple Voice-Command SQL Injection Hack into Alexa Application

In fact, now it is easier than ever for hackers to perform such hacks into a variety of applications, just using their voice. Leveraging voice-command …

An important quantum algorithm may actually be a property of nature

Back in 1996, a quantum physicist at Bell Labs in New Jersey published a new recipe for searching through a database of N entries. Computer …

Security BSides London 2019, Olga Zilberberg’s ‘Understanding Stress, Anxiety And Depression And How To Cope’

Many thanks to Security BSides London for publishing their outstanding conference videos on YouTube. Permalink The post Security BSides London 2019, Olga Zilberberg’s ‘Understanding Stress,

The CIO’s guide to quantum computing

Quantum computing technology is shrouded in myth and mystique – which is understandable when you consider the clichés bandied around when … Share!

Challenges and Pitfalls of Privileged Access Management

It’s a reality of the threat landscape today that most attacks rely on or exploit privileged access management in some way. A recent report claims

‘It Takes Restraint’: A Seasoned CISO’s Sage Advice for New CISOs

Todd Fitzgerald wrote the books on being a chief information security officer. Here he offers tips on what to do and what not to do

What is MITRE ATT&CK and how is it useful?

An introduction to the MITRE ATT&CK framework and how it can help organize and classify various types of threats and adversarial behaviors. The post What

IoT Security Challenges in a 5G Era: Expert Advice

Experts from Nokia, iboss and Sectigo talk 5G mobile security for internet of things (IoT) devices in this webinar replay. Share!

Gamification Can Transform Company Cybersecurity Culture

Implementing game mechanics and competition into the mix can incentivize employees to improve their cybersecurity posture. Share!

7 Essential Features of a Perfect Privileged Access Management Solution

By Owais Sultan Privileged accounts have access to the most valuable corporate information, which is why they are often targeted by attackers. This is a

Scientists Build Schrödinger’s Cat on a Quantum Level

Quantum mechanics often has difficulty breaking through to the general public, which is where the importance of “Schrödinger’s Cat” lies. The thought … Share!

Announcing “Gotta Catch ‘Em All: Understanding How IMSI-Catchers Exploit Cell Networks”

Our phones hold a plethora of important, private information about our personal lives, and it’s not just their contents that matter. Share!

Schrödinger’s cat with 20 qubits

Dead or alive, left-spinning or right-spinning—in the quantum world particles such as the famous analogy of Schrödinger’s cat can be all these things at the

The basics of quantum computing—A tutorial

What is quantum computing? Quantum computers shine when solving involves number or data crunching with huge amounts of inputs. They are … Share!

Security & the Infinite Capacity to Rationalize

To improve the security posture of our organizations, we must open our eyes to rationalization and put an end to it with logic. Here’s how.

When Perceived Cybersecurity Risk Outweighs Reality

Teams need to manage perceived risks so they can focus on fighting the real fires. Share!

Network Security: Keys to Adopting Zero-Trust, Micro-segmentation

Adopting zero-trust and micro-segmentation as core design principles can help improve the security posture of your network and attached systems. However, it is important to

How AI Is Improving Threat Protection

Successful cybersecurity attacks can be so severe that they shut down business operations, erode the public’s trust in an organization and require substantial financial resources

Demystifying New FIDO Standards & Innovations

Staying on top of the latest cybersecurity risks and preferred attack methods can feel impossible, but standards like FIDO2 are designed to help relieve the

New Algorithm to Better Understand Quantum-to-Classical Transition

Researchers from Los Alamos National Laboratory have created a new quantum computing algorithm that helps gain better insights into the … Share!

Writing Better Risk Statements

I found this post on my computer. I can’t remember where it originally was posted (if it was at all), but I found it useful

Bypassing Windows User Account Control: Back For More

Privilege escalation in the Windows OS environment has always been somewhat of a trivial matter — as in it’s pretty easy to do. Share!

Did Facebook End The Encryption Debate?

Forbes contributor Kalev Leetaru argues that “the encryption debate is already over — Facebook ended it earlier this year.” The ability of encryption to shield

Why we fight for crypto

This last week, the Attorney General William Barr called for crypto backdoors. His speech is a fair summary of law-enforcement’s side of the argument. In this

The Top Five Web Application Authentication Vulnerabilities We Find

One of the most important parts of a web application is the authentication mechanism, which secures the site and also creates boundaries for each user

Quantum computers mean cryptography needs to change, and soon

Quantum computers, cryptography and encryption are a potent mix, especially because quantum computers could eventually give attackers a practical … Share!

Popular Malware Families Using ‘Process Doppelgänging’ to Evade Detection

The fileless code injection technique called Process Doppelgänging is actively being used by not just one or two but a large number of malware families

5G Infographic

5G is the next generation of wireless networks, building upon existing 4G Long-Term Evolution (LTE) infrastructure and improving the bandwidth, capacity, and reliability of wireless

Are Cyber-Ontologies the Future of Cybersecurity?

The science of cybersecurity is starting to permeate the discussions of thought leaders in the cyber realm. After all, attacks based on APTs (advanced persistent

CISO Pressures: Why the Role Stinks and How to Fix It

CISOs spend much less time in their role than other members of the boardroom. It’s a serious problem that must be addressed. Share!

Implementing Bug Bounty Programs: The Right and Wrong Approaches

Threatpost catches up with David Baker, the chief security officer at Bugcrowd, about the future of bug bounty programs. Share!

Cybersecurity Frameworks — Types, Strategies, Implementation and Benefits

Organizations around the world are wondering how to become immune from cyber attacks which are evolving every day with more sophisticated attack vectors. IT teams

Explainer: What is post-quantum cryptography?

This is the third in a series of explainers on quantum technology. The two others cover quantum computing and quantum communication. Few of us … Share!

In Such Transformative Times, the CISO Is Key to Delivering Digital Trust

For organizations today, staying competitive means undergoing rapid digital transformation, yet few appear to have a solid approach for handling the security and privacy implications