Featured Blog Posts (149)

What Google Is To Most Internet Users, Shodan Is To Hackers

What Google is to most internet users, Shodan (http://www.shodan.io) is to hackers. It is a search engine for hackers to look for open or vulnerable digital assets. Shodan scans the entire internet and stores the open ports along with services running on all accessible ip addresses. It also provides a lot of information about such exposed ip addresses, devices and ports. Such devices can be computers, laptops, webcams, traffic signals, and various IOT…


Added by Allan Gray on January 14, 2020 at 2:00pm — No Comments

Zero Trust Model Presentation

Zero trust model presentation

  1. 1. #RSAC SESSION ID: Zero Trust Security Gowdhaman…

Added by Gowdhaman Jothilingam on January 7, 2020 at 3:30pm — No Comments


Call for Comments

1. Need for NCSS 2020 India was one of the first few countries to propound a futuristic …

Added by CISO Platform on December 30, 2019 at 12:00pm — No Comments

Banks are Developing Digital Currencies and Opening Themselves to Cyber Risk

Cybersecurity will be hard pressed to take on the new challenges of bank managed digital currencies.

Banks are developing their own digital currencies.  The introduction of Central Bank Digital Currencies (CBDC) is the beginning of an interesting trend that will change the cybersecurity dynamic for banking as it opens up an entirely new threat…


Added by Matthew Rosenquist on December 31, 2019 at 1:00pm — No Comments

9 Critical Capabilities For Digital Risk Protection Program

Digital Risk Protection ( DRP ) is a term possibly popularized or coined by Forrester to describe the market of tools and technologies to protect from the risks posed by externally facing digital assets. As per Forrester: “Most buyers (77%) are purchasing DRP tools as net-new solutions for their organizations (as opposed to replacing an existing capability). They’re adding DRP to their existing security technology stacks to better tackle digital risk activities — namely, to improve…


Added by CISO Platform on October 24, 2019 at 12:41pm — No Comments

The 7 Most Dangerous Digital Technology Trends

As our world embraces a digital transformation, innovative technologies bring greater opportunities, cost efficiencies, abilities to scale globally, and entirely new service capabilities to enrich the lives of people globally.  But there is a catch.  For every opportunity, there is a risk.  The more dependent and entrenched we become with technology…


Added by Matthew Rosenquist on December 27, 2019 at 4:58am — No Comments

A Dive into CEH

How do you prepare for CEH ?

The first question that you should ask yourself is why CEH over other certs ?

Apart from CEH being a highly recognized Cert, CEH gets you strong with you basics in the security domain,

this branches out into different paths such as:

# Penetration testing (VAPT)

# Management Level roles 

# Audit level roles / Forensics 



Added by Prasanna V Balaji on December 13, 2019 at 4:21pm — No Comments

What to Look for in a Bug Tracking Tool

Issue tracking can often be a tedious and annoying task. With several bugs happening at the same time, it becomes important to use bug tracking tools for your teams. This has become even more important in today’s era when there is fierce competition for high-quality products. While developers are well-equipped to deal with bugs, there is no easy way to keep track of them. This is where bug tracking tools come in. The primary purpose of these tools is to manage…


Added by Ray Parker on December 10, 2019 at 4:19pm — No Comments

Dear Security Community, are we doing it right?

Compliance Vs Security:

Compliance does not always mean you are secure, totally agree. But does not mean Compliance, Standards and Processes are useless, it is not as glamorous, but it works silently in the background. Compliance covers all the areas equally while performing risk assessments and improves overall security baseline. E.g. periodic checks for access control and least privileges go a long way not only in…


Added by Santosh C on December 9, 2019 at 11:29am — 1 Comment

Becoming a Cloud Security Architect - my personal experience

A couple of weeks ago I was asked by my colleague to give him some clues and tips on how to become a Cloud Security Architect, as that's the venture he wants to follow and he knows I've been in architect-alike roles for a while.

Knowing how much fulfillment one can get from a good career and work-life, I've had decided to sit down and write down some tips right-away. I did share it with him, but then I've had looked at it myself and I've come to realize that instead of a few tips, I…


Added by Dawid Bałut on December 23, 2019 at 8:06pm — No Comments

How to create an SPF TXT record?

Step 1: Collect all IP addresses that are used to send email

The Sender Policy Framework (SPF) gives the ability to authenticate your email and to specify which IP addresses are allowed to send email on behalf of the specific domain.

In order to successfully implement SPF you first need to identify which mail servers are used to send email for your domain. These mail servers can be any sending organization, you should think of your Email Service Provider,…


Added by Priyank Sheth on December 17, 2019 at 4:00pm — No Comments

Progress Report & Volunteers - Kids Cyber Safety 2019

Our Mission

Children are amongst the most vulnerable in the Cyber world and we believe It is time for us to do something for our next generation.

At CISO Platform community, we have taken on a mission to help the kids. We are creating "Kid's Cyber Safety Week" on June 4 -10 to help train kids and their parents.

We need you to help to realize our vision. It would be…


Added by pritha on November 26, 2019 at 8:30pm — No Comments

Lean Information Security Team for a Product Organization

Generally, security team size would always lean for any type, kind or size of the organization :-), however, we are seeing a change in the trend, thanks to high-profile and increasingly sophisticated data breaches every other day and new privacy regulations being enforced across the world. I will try to summarize the key roles and responsibilities of the security team specifically for a cloud-based product organization.



Added by Santosh C on November 26, 2019 at 10:02am — 1 Comment

How mature is your Application Security Program?

Business applications are vital for the successful functioning of any organization. Therefore, managing their information security risks are just as important as the business itself. If I ask about different measures you take to ensure security of your applications, you might reply with few initiatives such as periodic secure code reviews, external scans, vulnerability assessments & penetration testings and perhaps audits etc. But what If I asked how…


Added by Pushkal Mishra on August 30, 2019 at 7:00pm — No Comments

Learn More About the Key Use Cases Of Network ATP Technology

Advanced Threat Protection (ATP) is used to protect against sophisticated, highly skilled, well funded and motivated threat actor . The solution uncovers advance threats across Endpoints, Network, Email and Cloud. These solutions are used to detect advanced persistent threats that existing controls are not able to detect or are simply not capable of doing it.

Advance threat protection is not about a single security solution, It is about a combination of security…


Added by CISO Platform on September 4, 2019 at 12:37pm — No Comments

How to choose your Security / Penetration Testing Vendor?

A common question is why should we get a third party penetration testing company? Why not choose a team from your current technical group to handle the network security test? For one, security audits like traditional financial audits are better done by outside companies with no bias and partiality to anyone or anything within your organization. Another reason to hire a security testing company is that one may find it difficult to hire and retain Penetration Testers.…


Added by CISO Platform on September 3, 2019 at 9:30am — No Comments

Top 10 SIEM Log Sources in Real Life?

[cross-post from Anton on Security blog]…


Added by Dr. Anton Chuvakin on August 27, 2019 at 4:00am — No Comments

[Security Operations Analysis] Chapter 2: Information Security Incident Response

Hi CISO This is the Chapter 2 Information Security Incident Response.


Identifying and responding to data security incidents is at the center of security activities. The group appointed to security operations is relied upon to monitor the organization's advantages inside extension and respond to security events and incidents, including the identification and examination of what might be considered…


Added by Mohamed marrouchi on August 23, 2019 at 6:30pm — No Comments

How to Manage Security & Third Party/Open Source Code in the SDLC


It has been suggested that any new development will include less than 1% original code. If this isn’t presently true, it will likely be as time progresses.

With any security program, the goal is to identify the vulnerabilities, the related risks, mitigations or compensating controls that can be implemented. With the volume of development including libraries and binaries from third-party/open source repositories like: Git-Hub,…


Added by Drew Brown on August 15, 2019 at 7:30pm — No Comments

The Legal Case for Capital One AWS Security Breach + A Short Synopsys

Capital One data breach affected over 106 million people, 140,000 Social Security numbers, 80,000 bank account numbers,1,000,000 Social Insurance Numbers ... The breach had taken place about 4 months back however it took some time before the breach was realised, in-fact it took an external tip for Capital One to realise something had happened.

The legal case built was quite interesting. Before I share the legal case link heres a short summary just in-case you dont know…


Added by CISO Platform on August 6, 2019 at 12:30pm — No Comments

© 2020   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service