Author:
Isaiah Chua

Isaiah Chua is a Content Marketing Manager at Horangi who is also the producer of the Ask A CISO podcast. He's an avid reader who can't get by a day without good music and gallons of coffee.
Exploring the Challenges of Application Security
In this episode, we talk about application security with guest Tanya Janca. Hear our discussion on the tension between authentication and authorization, the prevalence of API security flaws, the new OWASP API Security Top 10, and the inadequacy of API security measures.

The Benefits of Threat Modeling
On this week of the Ask A CISO podcast, we sit down with Izar Tarandach and Matthew J. Coles as they discuss their motivations for writing their book, Threat Modeling: A Practical Guide for Development Teams, define what Threat Modeling is, and help us understand how we can benefit from threat modeling and the fundamentals of secure development.

AI & ML in Cybersecurity
Join us on this episode of the Ask A CISO podcast as we discuss AI and ML in cybersecurity with Diana Kelley, CISO and co-founder of Cyberize. With International Women's Day in a week, we also looked at the challenges of recruiting women and diversity in the tech sphere.

How to use IAM and UEBA to Secure Your Cloud
As you move more of your operations to the cloud, ensuring your cloud environment is secure becomes increasingly important. Two essential tools that can help with this are Identity and Access Management (IAM) and User and Entity Behavior Analytics (UEBA). In this blog, we'll explore using IAM and UEBA to secure your cloud environment and protect sensitive data from potential security threats.

AI and the Future of Mobile Security
On this podcast's fourth episode, we learn about mobile security from Amit Modi, the Chief Technology Officer (CTO) and CISO of Movius Interactive Corporation, a leading global provider of cloud-based secure mobile communications software. We also chat about how mobile security will evolve with the advent of Artificial Intelligence (AI).

4 Important Uses of CSPM and Real-Life Examples
Cloud computing has become a critical part of many businesses. However, the convenience of the cloud comes hand-in-hand with significant security risks that must be addressed to ensure data protection and compliance. In this blog, we look at four important uses of a CSPM that help your organization proactively manage and counter cloud security risks.

Unleash The Power of A CSPM Against Advanced Threats
So, you've migrated some of your company's operations and data onto the cloud and have procured or are thinking of getting a Cloud Security Posture Management (CSPM) tool to help secure it, but are you using it to the fullest? Have you wondered if there was more you could do with your CSPM? In this blog, let us help with some suggestions on how you can optimally use your CSPM to counter advanced threats.

Understanding DSPM & CSPM for Optimal Data Security
On this episode, we had the opportunity to speak to Tyler Young, the CISO at BigID, a leading modern data security vendor that helps organizations with their data security, privacy, compliance, and governance.

Cybersecurity Risks and Business Context
After a brief hiatus, we are back with Season 3 of the Ask A CISO podcast. There are quite a few things we are doing differently this season (details below), but first, let's welcome our first guest for the new season: Fausto Lendeborg, Co-Founder and Chief Customer Officer of Secberus, and learn more about his start in cybersecurity, DDoS attacks, dealing with alert fatigue, and understanding what IaC, SaC, and PaC are.

ChatGPT: A Boon Or Bane for Cybersecurity?
Unless you've been living under a rock, you'd indeed have read or heard of ChatGPT by now. Everyone's talking about how this new Artificial Intelligence (AI) bot can help in almost every aspect of life, from cooking recipes to providing code for a startup! What about cybersecurity? In this article, we look at what opportunities and threats ChatGPT presents in our field of work.

What is the Zero Trust Model? Is it the same as the Privilege of Least Privilege?
The Principle of Least Privilege (PoLP) is a key tenet of the Zero Trust security model, but are they the same? How does PoLP fit into the Zero Trust model, and how can you implement PoLP as part of your plan to implement Zero Trust for your organization? We answer these questions for you.

The Cybersecurity Landscape in Hong Kong
Singapore and Hong Kong were acknowledged as having rather similar economies at one time, with the two countries going head-to-head in many industries, especially financial services and shipping. How different or similar is the cybersecurity landscape in Hong Kong then? Are there similarities or significant differences from Singapore's?

What Is PCI DSS 4.0 And How To Make Your Compliance Journey Easier?
Time is of the essence when you have just about two years to comply with the new PCI DSS 4.0 standard by 21 March 2024. Whether you are starting from scratch or updating your compliance from the current PCI DSS v3.2.1, read on to find out how your organization can use Warden's Compliance Automation to comply with PCI DSS v4.0 faster and with less pain.

Cybersecurity Awareness for Small Businesses
4 Cybersecurity Statistics You Should Be Aware of Today And 4 Things You Can Do Today To Minimize The Associated Risks

5 Quick Actions You Can Do Now to Improve Your Third-Party Security
Third-party vendor risk management is a challenging and critical area for companies of any size or industry, given how much organizations rely on third-party vendors for the processing of data. These 5 quick actions serve as an initial guide for you to improve your vendor risk management swiftly.

Killware: Malware That's Lethal
Ransomware incidents are headlining news and trade publications with increasing frequency so you’ll be familiar with it, but have you heard of killware?

4 Ways To Protect Your Organization From Increasing Insider Threats And Ransomware
In its 2021 Ransomware Study, IDC reported that approximately 37% of 791 global organizations surveyed were victims of some form of a ransomware attack in 2021. That is already unsettling, but here’s the other thing: ransomware attacks are also becoming increasingly sophisticated.

Real Life Examples of Web Vulnerabilities (OWASP Top 10)
Knowing the common web vulnerabilities is great, but specific examples help demonstrate the relevance of these cybersecurity issues. Let’s take the approach of following the OWASP Top 10 list.

Log4j2 Vulnerability: Horangi Is Here To Help With New And Updated Warden Rules
Automate Log4j2 Vulnerability Checks and Reduce Chances of Log4j2 Exploits with New and Updated Rules on Warden While You Apply Patches and Install Updates

Starting On Your ISO 27001 Certification Journey, And A Protip On Getting Certified! (Ask A CISO Ep. 10)
Ask A CISO host Mark Fuentes sits down with Manggala Eka Adideswar (Adi), Senior Head of Cyber Operations, Indonesia, to talk about ISO 27001, what it is, and the misconceptions surrounding achieving certification. They even include a protip for organizations looking to start on the certification journey!
