Vulnerabilities

Not all vulnerabilities are created equal.  To steal NIST parlance, a ‘predisposing condition' is often needed to exploit a vulnerability successfully.  Is the attacker on our network?  Do they have admin rights, how complex are the steps needed to exploit the vulnerability? Most of us have sat dumb-struck as our vulnerability scanning tool tells us …

Continue reading Vulnerabilities

Go Phish

We ‘Go Phish’ with Chris Hodson, CISO, Tanium, who explains why distributed working is unquestionably the major talking point of the industry. What would you describe as your most memorable achievement in the cybersecurity industry? My first role running a security organisation at a large UK retailer; being entrusted to develop a cybersecurity strategy for …

Continue reading Go Phish

Four steps to managing software vulnerabilities

For me, the challenge isn’t always remediation.  In fact, technical vulnerabilities are almost always ‘fixed’ in one of two ways:  change a configuration or apply a software update in the form of a security patch.  CISOs face two fundamental challenges, which are applicable to both scenarios: 1) Visibility. It’s one thing applying a security update …

Continue reading Four steps to managing software vulnerabilities