Top News:

Behavioral Analytics, Intrusion Prevention and the Cloud: A CISO's Insights 

By Paul Calatayud 
Surescripts CISO

Behavioral analytics. Cloud governance. Machine learning. At this year’s Black Hat USA 2015, these were just some of the terms that dominated the sessions and exhibit hall alike.

For healthcare security professionals responsible for protecting incredibly sensitive and increasingly desired patient information, if these aren’t top-line concerns and agenda items, you and your team need to consider revising your to-do list.

First and foremost, from my experiences at Black Hat, the level of quality and professionalism that’s consistently displayed is worth noting. From educational talks to informational and dynamic booth displays, I am never disappointed with my decision to attend and always walk away with new information and connections. For me, this event is a can’t-miss.

                                                                  Read More  

Breaking the Chain

By Cathy Hubbs 
American University CISO

By now most of us have heard of the phrase kill chain. For those of you that haven’t heard of it, the kill chain is a phase-based model used to describe the stages of a data breach attack.

The goal is to break the attack chain by using the appropriate level of key controls for your industry.  Lockheed Martin is credited with introducing the model and widely publicized how they thwarted an attack by using their homegrown Cyber Kill Chain framework. 

The stages are typically characterized as:

  • Reconnaissance
  • Establish a foothold
  • Identify interesting data
  • Distribute malware
  • Exfiltrate data
  • Persist Undetected

                                                                  Read More  

The Ever Evolving Role of the Chief Information Security Officer

By Paul Calatayud 
Surescripts CISO

Over the past few years, there has been an uptick in cybercrime on a mass scale, with hackers gaining access to personal information of millions of people. Breaches at well-known, successful companies such as Target and Home Depot make national news.

In more recent years, healthcare organizations are increasingly becoming the target of cyber-attacks. The threat of information leaking and security vulnerabilities are undeniable, advancing the need for strong leadership to help manage security initiatives and ensure companies are safeguarding valuable customer data.

This is where a chief information security officer (CISO) steps in -- to maintain processes across an organization to minimize IT security risks. Below I share my perspective on the evolving role as  Surescripts’ security chief and how the position can and must fit into the organization’s overarching leadership framework.

                                                                  Read More  

Information Security: Learning from the Past to Improve Our Future

By Daniel Conroy 
Synchrony Financial CISO

Things were simpler in the past. I know we hear that sometimes and to a certain degree this is true. It is also true that he who forgets the past is doomed to repeat it. In the world of information security (IS), both adages apply.

Back in ancient history – in this case the 1980s (ancient in terms of IT evolution) – information security was an afterthought. The focus was on building “simple” networks with business enablement and functionality as the primary concerns. Back in those early days, hacking was more of a hobby than a malicious activity.

Those of us old enough to remember the movie WarGames will note its stark warning of how quickly things can unintentionally escalate. The first “simple” computer viruses began to emerge at this time as well. During the 1990s, we started to see more advanced network-aware code with the potential to cause real disruption.

                                                                  Read More  


 Why I Look Forward to October

By David Sherry 
Brown University CISO

Life on a college campus changes in the Fall.

In a way, just like the seasons, life in higher ed is very cyclical, and the beginning of the semester is one of excitement.  It also ends a busy season for the IT group, which is commonly known to all others as “summer break.” 

Much of the major work for IT and the security team must be done while the students are not on campus, so summer and January are critical times. I know that this may be counter-intuitive to those who think we have the summers off, but when you look at it pragmatically, it makes perfect sense. We cannot get in the way of the teaching and learning!

I especially look forward to October. Each year as October approaches it brings a distinct feel to my role as a security officer on a college campus.  We all enjoy it when the colors begin to appear on the trees, the days slowly begin to get cooler, and the sounds of the Fall sports are heard all over campus.  However, I look forward to October for a specific reason: our annual campaign in support of National Cyber Security Awareness Month.

We take National Cyber Security Awareness Month (“NCSAM”) seriously here.  We’ve been making this an awareness priority for 11 years, and are listed as an NCSAM Champion with Stay Safe Online. Our campus expects to be hearing a security message each year, and we try not to disappoint.​

                                                                                           Read More 


Security Current eBook 

A CISOs Guide to Principles of Data Privacy and Security
By David Sheidlower 


Are We Painting Ourselves into a Technological Corner?

Will the next war be fought with bullets or mouse clicks?


A CISOs Top 5 To Do's in the First 90 Days

Lendmark Financial Services VP of Information Security on Priorities when Starting a New Job


Risk Averse. Rule Averse.

How bias can impact how a security program works


An Open Letter Vendors 

By John J. Masserini
MIAX Options CSO

So tell me - did you hear the news?? Apparently the rumors are indeed true.

2015 is the year of the Security Startup.

And in the words of the greatest British comedy troupe ever… and there was much rejoicing …

However, after meeting with dozens of startups at Black Hat a few weeks ago, I've realized that the vast majority of the leaders of these new companies struggle to articulate the value their solutions bring to the enterprise.

As many of us have, I have seen many new technologies in the security space that promise to ‘solve all of my problems’ or ‘revolutionize the space.’

Sadly, most of them have gone the way of the Betamax – superior technology that suffered from poor implementation. 

Read More 

Everything is Compromised 

By Tim Kropp
Financial Sector Deputy CISO 

Internet of Things (IoT) means everything is potentially connected everywhere and with everyone.   Assume it is all compromised. 

As the volume of IoT grows, we should better understand the implications a bunch of tiny powerful computers connecting to each other brings with them.  These devices need the same strong attention we are placing on smartphones, laptops, servers, and services. 

Among the IoT devices are routers, thermostats, refrigerators, and automobiles.  Routers are particularly unnerving, as they have gotten a lot smarter and are extremely capable.  They are also a perfect place to sit, wait, and watch.  If you have time, read Coding Horror’s Blog post on this topic[1].

Read More 


About securitycurrent | Privacy Policy | Subscribe to our newsletter