The History of Hacking Part 2

So, we are at the second part of the history of hacking. If you missed the first part, you can find the article right here on Cybersecurity Magazine. Last time we looked at the Legion of Doom (LoD) and we’ll stick with them here at the start, because in the early nineties what became known as the hacker wars were raging! These wars were fought between members of the LoD and members of the Masters of Deception(MoD). This time it is about the story from the ’90s until 2010.

Read more...

Hackers History: Part 1

erm “hacker” was used as a term of honour for someone who was able to come up with creative solutions to programming problems. The term hacker changes from something positive to something negative during this period. This happens when a journalist gets the term changed after an interview. When exactly this happens, there is a lot of disagreement about, therefore I will refrain from giving a precise year. This is also the period when you start hearing the name Kevin Mitnick for the first time. He has been described far and wide in many places, including in a movie.

Read more...

OT/ICS Security Training

This article is inspired by a recent article on the Computerworld site for Denmark, where one of the CISO’s for a big energy company lamented the lack of formal skills in the cybersecurity community on the security requirements for Operational Technology (OT) and Industrial Control Systems (ICS). This triggered light research from me on the options out there for relevant trainings and certifications.

Read more...

Ethics of the 0-day trade

This is an opinion piece, and an opinion that I am fully aware of, can be controversial in some sectors of the cybersecurity industry. Still, selling the state of the cybersecurity of customers, that most of us are doing our outmost to protect from the nefarious underbelly of the Internet, is actively undermining the security. And yes, I feel that it is actively undermining the security, to sell 0-days to brokers, on the darknet or companies on the Internet, instead of disclosing them to the vendors for patching.

Read more...

Identity Is the New Black

Identity is a concept that has existed since the dawn of the computer, but identity and its protection is becoming ever more important. Historically the identities we use have been stored and managed in on-premises environments. With cloud computing and the new normal of working from home, identity is now the only parameter that companies and organizations can use to exert control over systems and accesses.
The cloud has made the security of identities an on-going issue for the past 10 years, but increased working from home has made this issue a business critical one.

Read more...

The Importance of Cloud Security Governance

Cloud security, and in particular cloud security governance, is becoming an increasingly important area for security professionals to pay attention to. Cloud security has been on our radar since the inception of the whole cloud concept, but with the increase in the number of different cloud environments available, some special and some general, and the move to cloud-first deployments for companies around the world, having governance in place for the security of these clouds is becoming a business-critical issue.

Read more...

CSA – Cloud Security Framework

A few weeks ago, an article on the new CIS 18 framework was published on this site. CIS is one of the go to frameworks for security assessments, but the cloud has its own set of controls and a framework developed by the Cloud Security Alliance (CSA). They have recently released a new version of their framework as well. This article will introduce the CSA and its security framework.

Read more...