Detection and Response
This CISO Isn’t Real, But His Problems Sure Are
The odds are stacked against this poor guy (and you) now – but a unified Extended Detection and Response (XDR) and SIEM restacks them in your favor.
2022 Planning: A First-Year CISO Shares Her Point of View
On Thursday, November 17, Katie Ledoux, CISO at Attentive, joined Rapid7's Bob Rudis to dive into how she's approaching 2022 planning.
The Cybersecurity Skills Gap Is Widening: New Study
A new study reveals organizations are having serious trouble sourcing top-tier cybersecurity talent — despite their need to fill these roles growing more urgent by the day.
The CISO as an Ethical Leader: Building Accountability Into Cybersecurity
It’s important that cybersecurity leaders reinforce ethical practices in guarding against data loss.
Rapid7's 2021 ICER Takeaways: Vulnerability Disclosure Programs Among the Fortune 500
We rely on fantastically advanced technology in every aspect of our modern lives. Of course, anyone who has spent any time analyzing these technologies will notice that we are routinely bedeviled with vulnerabilities, especially when it comes to the internet.
Industry Cyber-Exposure Report (ICER)
Rapid7's 2021 ICER Takeaways: High-Risk Services Among the Fortune 500
Certain services are considered high-risk on the public internet. We conducted research to see how well Fortune 500 companies are performing in this area.
How ViacomCBS Digital delivers uninterrupted content streaming to millions of fans without compromising security: Lessons for enterprise CISOs
Each day, ViacomCBS Digital sees a growing surge in digital content demand—from MTV and Comedy Central to CBS Sports, rushing across its Paramount+ (formerly CBS All Access) streaming platform.
Industry Cyber-Exposure Report (ICER)
Rapid7's 2021 ICER Takeaways: Web Security Among the Fortune 500
There are very few security measures that should be applied to all web applications across the board without further subdividing what specific type of application we are referring to. However, there are a couple that we will examine here.
3 Things Executives & Boards Should Know About Cybersecurity for 2016
As we ramp down the activities of 2015, the cybersecurity landscape has
certainly shaped strategy for the new year and beyond. Effective strategic
planning is important and can lower risk and operational costs for
organizations. Managers will usually plan for the changing threat landscape,
looking at weaknesses and vulnerabilities internally and make a plan for how to
shore up defenses. To plan effectively, you'll want to consider information on
the coming changes in the security landscape as we
CISO Guidance on Building the Team
If I had a nickel for every time I read about the “security skills
shortage”…well, suffice to say that everyone seems to lament the lack of strong
talent in this industry, and the low number of eager young graduates seeking to
start a security career. So what better topic to explore by way of follow-up to
the 2-part blog [/2015/11/12/security-budget-tips-part-2-from-cisos-for-cisos]:
Security Budget Tips from CISOs, for CISOs? (To recap: I'm interviewing CISOs
for their guidance on select infos
Security Budget Tips [PART 2], from CISOs, for CISOs
CISO Series: Budgeting Part II
Hopefully you've read (and maybe even benefitted from) Part I of my CISO
Budgeting blog [/2015/11/02/security-budget-tips-from-cisos-for-cisos]. To
recap, I interviewed a group of CISOs about how they use budgetary discussions
for career growth, and what advice they'd give to others looking to set a budget
plan. There were five key takeaways that came out of these interviews; here were
the first three:
1. Whatever you do, don't under deliver.
2. Budgets are abou
Security Budget Tips, from CISOs, for CISOs
CISO Series: Budgeting
I have provided a brief overview of the genesis of the CISO series
[/2015/10/27/introducing-the-ciso-blog-series], and now it is time to tackle our
first topic: security budgets. Whether you're the CISO of a large public company
or leading security at an early-stage startup, rich in headcount or forced to be
tight with the purse strings, reporting into the CIO, COO, or elsewhere in the
organization, the fact remains that budget conversations are among the most
Introducing the CISO Blog Series
Since joining Rapid7
[/2014/01/27/supporting-the-security-community-why-i-joined-rapid7] I've gotten
to work on some pretty cool projects, the most recent of which is capturing a
body of knowledge for the community… by CISOs, for CISOs.
The evolution of the CISO role, of course, is nothing new, and there's plenty of
analysis on it for anyone who's interested (for example, Forrester has a great
report called Evolve To Become The CISO Of 2018 Or Face Extinction
Push vs Pull Security
I woke up from a dream this morning. Maybe you can help me figure out what it
Your company hired me to build a security program. They had in mind a number of
typical things. Build a secure software development lifecycle so app developers
didn't code up XSS vulnerabilities. Improve network security with new firewalls,
and rolling out IDS sensors. Set up training so people would be less likely to
get phished. Implement a compliance program like NIST or ISO. And you wanted all
of that rolle
Security in Energy & Utilities
Energy and utilities (E&U) companies must comply with standards such as NERC,
protect their SCADA systems against compromise, and cope with the expansion of
the smart grid as home energy systems become increasingly connected to the
Internet of Things.
So how do these factors impact the daily life of a CISO working in the E&U
sector? In the enclosed video, you'll hear firsthand about some of the key
security considerations – which include wanting to know what users are doing –
as well as about h