In this episode, we talk about application security with guest Tanya Janca. Hear our discussion on the tension between authentication and authorization, the prevalence of API security flaws, the new OWASP API Security Top 10, and the inadequacy of API security measures.

On this week of the Ask A CISO podcast, we sit down with Izar Tarandach and Matthew J. Coles as they discuss their motivations for writing their book, Threat Modeling: A Practical Guide for Development Teams, define what Threat Modeling is, and help us understand how we can benefit from threat modeling and the fundamentals of secure development.

Join us on this episode of the Ask A CISO podcast as we discuss AI and ML in cybersecurity with Diana Kelley, CISO and co-founder of Cyberize. With International Women's Day in a week, we also looked at the challenges of recruiting women and diversity in the tech sphere.

As you move more of your operations to the cloud, ensuring your cloud environment is secure becomes increasingly important. Two essential tools that can help with this are Identity and Access Management (IAM) and User and Entity Behavior Analytics (UEBA). In this blog, we'll explore using IAM and UEBA to secure your cloud environment and protect sensitive data from potential security threats.

On this podcast's fourth episode, we learn about mobile security from Amit Modi, the Chief Technology Officer (CTO) and CISO of Movius Interactive Corporation, a leading global provider of cloud-based secure mobile communications software. We also chat about how mobile security will evolve with the advent of Artificial Intelligence (AI).

Cloud computing has become a critical part of many businesses. However, the convenience of the cloud comes hand-in-hand with significant security risks that must be addressed to ensure data protection and compliance. In this blog, we look at four important uses of a CSPM that help your organization proactively manage and counter cloud security risks.

So, you've migrated some of your company's operations and data onto the cloud and have procured or are thinking of getting a Cloud Security Posture Management (CSPM) tool to help secure it, but are you using it to the fullest? Have you wondered if there was more you could do with your CSPM? In this blog, let us help with some suggestions on how you can optimally use your CSPM to counter advanced threats.

On this episode, we had the opportunity to speak to Tyler Young, the CISO at BigID, a leading modern data security vendor that helps organizations with their data security, privacy, compliance, and governance.

After a brief hiatus, we are back with Season 3 of the Ask A CISO podcast. There are quite a few things we are doing differently this season (details below), but first, let's welcome our first guest for the new season: Fausto Lendeborg, Co-Founder and Chief Customer Officer of Secberus, and learn more about his start in cybersecurity, DDoS attacks, dealing with alert fatigue, and understanding what IaC, SaC, and PaC are.

Unless you've been living under a rock, you'd indeed have read or heard of ChatGPT by now. Everyone's talking about how this new Artificial Intelligence (AI) bot can help in almost every aspect of life, from cooking recipes to providing code for a startup! What about cybersecurity? In this article, we look at what opportunities and threats ChatGPT presents in our field of work.

The Principle of Least Privilege (PoLP) is a key tenet of the Zero Trust security model, but are they the same? How does PoLP fit into the Zero Trust model, and how can you implement PoLP as part of your plan to implement Zero Trust for your organization? We answer these questions for you.

Singapore and Hong Kong were acknowledged as having rather similar economies at one time, with the two countries going head-to-head in many industries, especially financial services and shipping. How different or similar is the cybersecurity landscape in Hong Kong then? Are there similarities or significant differences from Singapore's?

Time is of the essence when you have just about two years to comply with the new PCI DSS 4.0 standard by 21 March 2024. Whether you are starting from scratch or updating your compliance from the current PCI DSS v3.2.1, read on to find out how your organization can use Warden's Compliance Automation to comply with PCI DSS v4.0 faster and with less pain.

4 Cybersecurity Statistics You Should Be Aware of Today And 4 Things You Can Do Today To Minimize The Associated Risks

Third-party vendor risk management is a challenging and critical area for companies of any size or industry, given how much organizations rely on third-party vendors for the processing of data. These 5 quick actions serve as an initial guide for you to improve your vendor risk management swiftly.

Ransomware incidents are headlining news and trade publications with increasing frequency so you’ll be familiar with it, but have you heard of killware?

In its 2021 Ransomware Study, IDC reported that approximately 37% of 791 global organizations surveyed were victims of some form of a ransomware attack in 2021. That is already unsettling, but here’s the other thing: ransomware attacks are also becoming increasingly sophisticated.

Knowing the common web vulnerabilities is great, but specific examples help demonstrate the relevance of these cybersecurity issues. Let’s take the approach of following the OWASP Top 10 list.

Automate Log4j2 Vulnerability Checks and Reduce Chances of Log4j2 Exploits with New and Updated Rules on Warden While You Apply Patches and Install Updates

Ask A CISO host Mark Fuentes sits down with Manggala Eka Adideswar (Adi), Senior Head of Cyber Operations, Indonesia, to talk about ISO 27001, what it is, and the misconceptions surrounding achieving certification. They even include a protip for organizations looking to start on the certification journey!