Cybersecurity practitioners, as defenders of information, benefit from the fact that they are, in some ways, one large team, and the sharing of information and best practices as an industry and a community elevates everyone’s ability to protect their data. The passing of experience and expertise among peers is important, but staying ahead of emerging cyber threats requires recruiting and training the next generation.
CornCon “Quad Cities Cybersecurity Conference” is returning in person on September 30 & October 1, 2022. To be held at RiverCenter convention center in downtown Davenport, Iowa, this year’s conference will include a Thursday CISO summit (TBD), two days full of great speakers, tutorials, villages and expo, as well has K12 activities on both Friday and Saturday. More details can be found on the conference website: https://corncon.net. (note that early bird pricing has been extended to July 15th)
Systemic risk is about the risk that exists between the parts of any complex system. This includes third-party vulnerabilities. Being able to understand if any third party introduces critical levels of systemic risk to the entire system through concentration risk is also a critical systemic cyber risk challenge.
It was a great honor to be asked to keynote Bloomcon this morning! Wish I could have been there in person. Despite the issues we had getting sound to work with Zoom, I ended my presentation on time. I’ll have to go in person next year!Link to my slides: https://johndjohnson.com/…/BloomCon.2022.JJOHNSON…
I was fortunate to be on a panel to discuss the Software Supply Chain with Richard Rushing, Bryan Hurd and Richard Greenberg (moderator) for the ISSA Los Angeles chapter on Wednesday (1/19/21). Click here to view the recording, https://www.youtube.com/watch?v=y3wqCc34tME.
Supply chain security can refer to suppliers who provide services, staffing, support, or who develop software/hardware. The supply chain is varied and different across industry segments and organizations. If you consider the development of applications or electronics, there may be a long list of companies who contribute to the final product. The longer the supply chain and the less visibility you have into (or ability to assess) each supplier, the higher the overall complexity and resulting risk to your organization.
Let’s consider the software that we use in our own organizations. There is a lot of it. Do you have a complete inventory of the software you have running on your endpoints, or supporting business processes? Having a granular software inventory and an approved enterprise application catalog is a starting point. The granular information you need includes: “Who owns and makes decisions about the application?” “Who supports and patches it?” “Who budgets for and pays for licenses?” “What is the application architecture and how does it communicate?” Having a central trusted software inventory (this may differ between desktops and servers) is a starting point. Read More
How can programs aimed at K-12 students encourage more kids to consider cybersecurity as a career? Watch the webinar recording now!
This interactive webinar is designed for educators and professionals who want to learn from cybersecurity professionals who have developed engaging STEM events to get kids excited about cybersecurity as a possible career. The panelists will share examples of successful events and activities that they have led with K-12 students for over a decade, many of which you can duplicate in your own community.Read More
Skills shortage directly tied to financial loss in data breaches
According to IBM’s 2024 Cost Of A Data Breach Report, more than half of breached organizations now face severe security staffing shortages, a whopping 26.2% increase from the previous year. And that’s expensive.…
Perplexity will show live US election results despite AI accuracy warnings
Wary about accidentally providing misinformation, competitor AI assistants from OpenAI, Google, and Anthropic currently direct users elsewhere or decline to answer election questions. OpenAI's ChatGPT…
China launched major botnet that's attacking users all over the world, reveals Microsoft
Storm-0940’s method of attack is calculated and difficult to detect. The botnet, through a sub-group known as CovertNetwork-1658, submits minimal login attempts to various accounts within a…
US Space Force warns of “mind-boggling” build-up of Chinese capabilities
Both Russia and China have tested satellites with capabilities that include grappling hooks to pull other satellites out of orbit and “kinetic kill vehicles” that can target satellites and long-range…