Category Archives: InfoSec

Post-Quantum Cryptography Resources

This blog post provides essential resources for security professionals and software developers looking to secure data in the post-quantum era. It highlights key organizations such as NIST, the Linux Foundation, and the Post-Quantum Cryptography Alliance, which are leading efforts in quantum-resistant cryptography. Additionally, it introduces open-source libraries that facilitate the implementation of quantum-safe encryption algorithms, offering practical tools for integrating cutting-edge security measures into your systems. Continue reading

Posted in AI, InfoSec, Quantum | Comments Off on Post-Quantum Cryptography Resources

Security Hygiene

While responsibilities of leaders in information security are very extensive as shown in the CISO MindMap, following are seven foundational and “must-have” capabilities that every information security program should have. If any of these capabilities is missing, the first priority … Continue reading

Posted in InfoSec | Tagged , , , , | Comments Off on Security Hygiene

No-Hype Use of LLMs in Cybersecurity

Three use cases of Large Language Models (LLMs) to save time and immediately enhance productivity While there is tremendous hype around LLMs, many people in Cybersecurity are still struggling to put news tools like ChatGPT and Google Bard to practice. … Continue reading

Posted in AI, InfoSec, Leadership, SOC | Tagged , , , , , | Comments Off on No-Hype Use of LLMs in Cybersecurity

Risk Assessment – Qualitative, Quantitative and Scoring

Information security community has been performing risk assessment for as long as the profession existed. The risk assessment is  typically classified as qualitative (e.g. Critical, High, Medium, Low) or quantitative (a dollar amount). Risk scoring is a relatively new phenomenon … Continue reading

View post to subscribe to site newsletter.

Posted in InfoSec | Tagged , , | Comments Off on Risk Assessment – Qualitative, Quantitative and Scoring

Software Bill of Material and Vulnerability Management Blind Spots

Open source software is everywhere (which is not a bad thing in itself). However, many buyers don’t have inventory of open source components included in software products they are buying. Business even fail in keeping tack of open source components … Continue reading

Posted in InfoSec, Open Source | Tagged , | Comments Off on Software Bill of Material and Vulnerability Management Blind Spots

Podcast: CISO MindMap and Recommendations for 2022-23

Recently we recorded a podcast with CISO Tradecraft focusing on CISO MindMap 2022 and recommendations for 2022-23. As a reference the latest CISO MindMap is available here and detailed recommendations page is also available here. You can listen to the … Continue reading

Posted in InfoSec, Leadership, SOC | Tagged , , , , | Comments Off on Podcast: CISO MindMap and Recommendations for 2022-23

Essential Business Knowledge for InfoSec Professionals

June 18, 2022 – By Rafeeq Rehman The role of InfoSec professionals has morphed into a critical business function. One should expect getting involved in “business” discussion often, and at increasing higher levels of business structure up to board of … Continue reading

Posted in InfoSec, Leadership | Tagged , , | Comments Off on Essential Business Knowledge for InfoSec Professionals

CISO MindMap 2022 – Recommendations

I have included six specific recommendations with the recent publication of CISO MindMap. This article is to further elaborate on these recommendations, why these matter, and what actions information security leaders can take. The objective of this article is to … Continue reading

View post to subscribe to site newsletter.

Posted in cisomindmap, InfoSec | Tagged , , , | Comments Off on CISO MindMap 2022 – Recommendations

What could derail SASE train

There are many reasons that make Secure Access Service Edge (SASE) an appealing concept. Major among these are moving from corporate data centers to the Cloud, need to work from anywhere, reducing complexity, and use of applications delivered as SaaS. … Continue reading

View post to subscribe to site newsletter.

Posted in Digital Transformation, InfoSec | Comments Off on What could derail SASE train