Ericka Chickowski

Enterprises are increasingly recognizing that the CISO's skills and experience building risk-based cyber programs translate well to other C-suite positions.

SANS Institute experts weigh in on the top threat vectors faced by enterprises and the public at large.

Software bills of materials (SBOMs) have long been seen as the technical foundation for opening up visibility into enterprise software supply chains. So far, the work has been focused on building the mechanisms for collecting and updating the software ingredients within SBOMs and organizing everything in a repeatable, standardized fashion.

From charting out RACI matrices to getting their own attorneys, there are a number of ways CISOs can do good work while protecting their personal liability.

DevSecOps started getting written and talked about a decade ago, and today many companies are paying attention to the best-practices recommendations put forth in the press and conferences. In fact, a report released by GitLab earlier this year showed that, as of last year, a majority of companies — 56% — say they lean on DevOps or DevSecOps methodologies.

The most recent numbers from (ISC)2 , from last year, show that the cybersecurity global workforce reached 5.5 million. That's up by 9% over the year before.

The bigger the cybersecurity technical debt the bigger the risk of being exposed to security flaws. Experts share how to reduce the debt therefore reducing risk.

One of the prevailing proverbs of application development is the truth about the so-called iron triangle — that when developing software you’ve got three options: good, fast, and cheap. But you can only pick two. Good can have varying definitions but for most it’s a solid stand-in for "quality," of which software security is an increasingly important subset.

One of the prevailing proverbs of application development is the truth about the so-called iron triangle — that when developing software you've got three options: good, fast, and cheap. But you can ...

One of the trickiest problems organizations face with securing their software supply chain is making risk decisions without really understanding where the biggest threats lie in their software, whether open source or commercial. Even with a full slate of application security testing (AST), without modernizing your approach with software supply chain security (SSCS) tools, it can be difficult to get a sweeping view of how all of the different deployed components and packages play into an overall threat posture.