LEO

A Cyber Security Concern

Looking Through the Different Filters of the CISO and the Board

Looking Through the Different Filters of the CISO and the Board 450 270 JustinSilbert
By Justin Silbert. Perhaps the most misunderstood challenge of the modern day CISO continues to be communication with the Board of Directors.  The task seems simple, but there is major disconnect between the CISO and the Board. According to the Cyentia Institute’s 2017 Cyber Balance Sheet report, “even basic questions on the value of cybersecurity [...]read more

Learning Through Gaming, Red vs. Blue

Learning Through Gaming, Red vs. Blue 1179 666 RobBeason
By: Rob Beason, CISSP, GSLC, Security+ At the Houston Security Conference, 2018; fellow LEOs Clint Bodungen and Kevin Lackey put on a red versus blue team training for attendees. The course was a one-day workshop intended to educate ICS practitioners, network defenders and the security conscious on the topics of basic attack methodologies and the [...]read more

Dev Overflow – Part 8

Dev Overflow – Part 8 840 630 MikhailSudakov
By Mikhail Sudakov, Cyber Security Architect and Analyst, LEO Cyber Security. Back to Part 7 This is yet another example of why (software) security cannot be just a checkbox. More generally being a way of thinking, here it specifically takes the form of an ongoing process - a process that should have only one possible [...]read more

The Virtual Future of the CISO

The Virtual Future of the CISO 2160 1440 JustinSilbert
By Justin Silbert, GCIH, GCFE, CISSP. Just last week, the city of Atlanta became known as the latest victim of cyber crime, a ransomware attack crippling the city for 5 days. As admitted by the Atlanta Mayor, cyber security was not made a priority and they suffered greatly because of it. And Atlanta is not [...]read more

ICS Security Manager as a Service – Part 4

ICS Security Manager as a Service – Part 4 IsiahJones
By Isiah Jones, MPS, CISSP, GICSP, C|CISO, Director, ICS Cyber Security Engineering The fourth and final post in our series explores who can benefit from the ICS Security Manager as a Service concept. To revisit the earlier posts, please see Part 1, Part 2, and Part 3. So, who would even benefit from this ICS Security [...]read more

ICS Security Manager as a Service – Part 3

ICS Security Manager as a Service – Part 3 500 238 IsiahJones
By Isiah Jones, MPS, CISSP, GICSP, C|CISO, Director, ICS Cyber Security Engineering This is the third blog post in our series that explores why the ICS Security Manager as a Service is needed. To review the earlier posts please visit Part 1 and Part 2. What is the ICS Security Manager as a Service? The easiest way for [...]read more

ICS Security Manager as a Service – Part 2

ICS Security Manager as a Service – Part 2 500 333 IsiahJones
By Isiah Jones, MPS, CISSP, GICSP, C|CISO, Director, ICS Cyber Security Engineering This is the second blog post in our series that explores the ICS Security Manager as a Service concept. To review Part 1, please visit ICS Security Manager as a Service - Part 1. In my travels over the last four years, I’ve consistently encountered the same [...]read more

ICS Security Manager as a Service – Part 1

ICS Security Manager as a Service – Part 1 500 334 IsiahJones
By Isiah Jones, MPS, CISSP, GICSP, C|CISO, Director, ICS Cyber Security Engineering As industrial control system (ICS) assets and operations increasingly become the targets of opportunity it is important that new strategies and ideas for focused and tailored security approaches are introduced to the community. ICS security manager as a service can enable the community to contract [...]read more

IT/OT Convergence – a Hacker’s view

IT/OT Convergence – a Hacker’s view 1280 480 KevinLackey
By Kevin Lackey. It is often repeated by control systems security professionals that a primary difference between IT and OT systems is that while IT’s primary function is to process, record, and retrieve data, the primary function of OT processes is to maintain availability, keep the process running and the production occurring. This idea is [...]read more

Dev Overflow – Part 7

Dev Overflow – Part 7 640 240 MikhailSudakov
By Mikhail Sudakov, Cyber Security Architect and Analyst, LEO Cyber Security. Back to Part 6 As previous posts demonstrate, (software) security is a state of mind and not a checkbox to be marked off to meet some criteria, and definitely not something to be added on top of a completed product. The issue of broken [...]read more

Securing Financial Institution Core Migration

Securing Financial Institution Core Migration 640 240 SethJaffe
By Seth Jaffe. The Credit Union Information Security Professionals Association held its yearly meeting last week in San Antonio. One of the topics that came up often was core migration, a security issue that just got a booster shot from Tuesday’s article by Brian Krebs on that very subject. One of Krebs’ colleagues received an [...]read more

Filtering Out the Noise – Product Evals Using Trello

Filtering Out the Noise – Product Evals Using Trello 150 150 RobBeason
By: Rob Beason One of the most important challenges facing all organizations is product selection. Most tools or solutions are significant investments, which no business can afford to get wrong. How do you determine if a solution is the right fit for your needs? How do you know if what you're buying is just vaporware [...]read more