-
2 months ago | 
securityboulevard.com | Richi Jennings |Joan Goodchild |David Sopas
The Home of the Security Bloggers Network
-
2 months ago | 
darkreading.com | Joan Goodchild
These days, the word "toxic" gets thrown around a lot in many contexts, but when used to describe organizational culture, it poses an actual threat. When employees are constantly overworked, undervalued, or forced to operate in high-stress, blame-heavy environments, mistakes are inevitable. Fatigue leads to oversight, disengagement breeds carelessness, and a lack of psychological safety prevents people from speaking up about vulnerabilities or potential risks.
-
Jan 29, 2025 | 
darkreading.com | Joan Goodchild
QUESTION: There are times when cybersecurity teams need to say, "No," to business stakeholders. What is the best way to go about it? Saying “Yes” in business feels good, but, unfortunately, it’s not always possible. And among security departments, saying “No” isn’t happening often enough.
-
Jan 23, 2025 | 
darkreading.com | Joan Goodchild
For years, cybersecurity was frequently (and derisively) referred to as "The Department of No." Business executives griped that in the face of innovation, cybersecurity teams would slap down ideas, list reasons why the project was insecure, and why what they wanted to do was not feasible. Then came a mindshift change. As more security leaders were tasked with demonstrating a return on investment for security budgets, security departments started finding ways to say "yes" more often.
-
Dec 30, 2024 | 
darkreading.com | Joan Goodchild
From the growing sophistication of zero-day exploits to the entrenchment of nation-state and cybercriminal alliances, 2024 delivered more evidence of how quickly the threat landscape continues to evolve. The year reinforced hard truths about the persistence of attackers and the systemic challenges of defense. We look back on some of the events that defined 2024 and the tactical insights that security teams can apply to stay ahead in the ongoing battle in 2025.
-
Dec 20, 2024 | 
darkreading.com | Joan Goodchild
Experienced security leaders know that attackers are patient. Attackers can infiltrate corporate chat systems like Slack or Microsoft Teams and just ... watch. For months, they monitor conversations, learn who the experienced staff are, and take notes on upcoming vacation plans and each team member's communication style. Then when the company shifts to a skeleton crew — perhaps during a major holiday or summer break — they strike.
-
Dec 19, 2024 | 
darkreading.com | Joan Goodchild
Just about everyone is familiar with the annoying process of becoming locked out of an account and needing to reset a password. Whether it’s forgetting a login after months of disuse or being forced to prove identity to regain access, the experience can be frustrating, time-consuming, and — ironically — less secure than the original authentication process. "People lose their credentials all the time.
-
Oct 23, 2024 | 
darkreading.com | Joan Goodchild
Cybersecurity is not "one size fits all." Employers, recruiters, and managers need to embrace neurodiversity through inclusive hiring practices, tailored training programs, and adaptive management styles. Megan Roddie-Fonseca, a senior security engineer at Datadog, recalls a pivotal moment during her job interview that swayed her decision to join the company. "During the interview process, the manager asked me, 'How can I manage you? What's your ideal way of working?'" Roddie-Fonseca says.
-
Oct 15, 2024 | 
darkreading.com | Joan Goodchild
Years ago, when Mark Eggleston was tasked with building a privacy program for a national healthcare provider, he saw firsthand the importance of cross-functional collaboration. "I needed legal experts to debate the HIPAA Privacy, NPRM [Notice of Proposed Rulemaking], final rule, and guidance and convert those requirements into internal policies," Eggleston recalls.
-
Oct 11, 2024 | 
securityboulevard.com | Joan Goodchild
More security teams are incorporating AI to uplevel their defense strategies and boost productivity. With so much AI buzz, it may be overwhelming to decipher which tools to acquire and how they fit in a modern security strategy.
