6 ways to develop a security culture from top to bottom

Of course, every organization has a security culture. If they say they don’t, they are either lying or afraid to admit they have a bad security culture. The good news is that any security culture can positively change how the organization approaches security. But culture change takes time, so don’t expect your members of your organization to overnight become pen-testing Ninjas that write secure code while they sleep. With the right process and attitude, you’ll get there.

Read Story

Correct answers in our security belt programs

I've been working on Security belt programs for 10+ years. I've had the privilege to help build the Cisco Security Ninja program. I'm also continuing to develop our security belt platform at Security Journey. I've created over 500 pieces of learning content. I've created material and the assessment questions that go with it.

Read Story

A security practitioner's guide to software obsolescence

Unlike wine and cheese, software does not get better with age—in fact, its security strength decreases over time. This is because of software obsolescence.The problem is more significant than any other software security issue because it includes all the other liabilities. Take the OWASP Top 10 as an example. The list contains the most prevalent application security risks, and one (A9) is "using components with known vulnerabilities."And those components can introduce every other risk on the OWASP Top 10, including injection (A1), broken authentication (A2), and sensitive data exposure (A3).

Read Story

A trusted insider's buyers guide to SCA

On this episode, Chris and Robert interviewed Steve Springett about the world of the secure supply chain.In part one of the series, we covered software supply chain risk, the depths of the software composition analysis market, and the current state of commercial and open-source SCA. Read part one first to set the stage on SCA and software supply chain risk.

Read Story

How do you start in cybersecurity?

Here are five things that have impacted me in my career, and helped me to grow both as a security person and a human being.

Read Story

How developers can take the lead on security

On the Internet, detection and reporting of vulnerabilities in software is a daily occurrence. Where do those vulnerabilities originate? Are they introduced into code by artificial intelligence or some advanced machine-learning algorithm? Nope.Human developers create them—mostly not on purpose, but by accident.

Read Story

Never miss a minute.

Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa.
We will never share your email address with third parties.