Author: Tony Bradley

People tend to think of the world as much more binary–more black and white than it really is. In most cases, though, reality lies in the vast gray area between the extremes. When it comes to cybersecurity and digital privacy, the lines between the extremes are getting more blurred as time goes on–expanding the ambiguous gray area where the real risks lie. David Marcus joins me for this episode of the TechSpective Podcast. If you believe his LinkedIn profile, David is an infosec and intelligence dude, builder and leader of teams, lifter of heavy objects, and rider of Harleys. I…

TechSpective Podcast Episode 055 One of the hot trends right now is the NFT. NFT–pronounced by some as “nifty” because it is catchier than saying N-F-T–stands for “non-fungible token”. NFTs exist in a world that few truly understand (and I don’t claim to be one of them)–a mix of trendy technology buzzwords including blockchain and cryptocurrency. At face value, they seem to make little sense, and yet those who understand and know how to capitalize on the hype and demand can make insane money right now. This blog post from KnowTechie.com does a better job of explaining NFTs than I…

The World Economic Forum ranked cybercrime among the top seven risks of highest concern to organizations in its Global Risks Report 2020. While there is still a broad spectrum for cyber attacks—ranging from the simple and mundane, to more sophisticated advanced persistent threats, to complex nation state attacks, attackers continue to raise the bar in terms of techniques and exploits. The COVID-19 pandemic and quarantine efforts around the globe provided even greater opportunity for attackers to prey on the chaos and confusion. The constantly evolving threat landscape requires that organizations continually adapt new approaches to cybersecurity. Qualys addressed this issue…

With the explosion of internet-of-things (IoT) and connected, industrial IoT (IIoT), and connected, smart home devices, it is getting harder and harder to find things that don’t have some sort of embedded operating system and connectivity today. While connected devices can streamline productivity and provide a variety of benefits, they also expose you to risk. If it’s a connected device running an operating system, there is a very good chance that an attacker can find a vulnerability to exploit to compromise the device and gain access to your network. That is true even in a best case scenario where secure…

TechSpective Podcast Episode 054 Navigating the web of regulatory compliance mandates and mitigating risk from a constantly evolving and expanding threat landscape is challenging. For a company like Adobe–a large enterprise with a global footprint that was also an early adopter of cloud technologies–managing governance, risk, and compliance (GRC) is even more complex. A leader from the Adobe Tech Governance, Risk, and Compliance (TechGRC) team at Adobe joins me on this episode of the TechSpective podcast to talk about the creative and innovative ways Adobe tackles GRC. Adobe had to develop its own approaches to help ensure security controls are…

TechSpective Podcast Episode 053 March is Women’s History Month, and also the month we celebrate International Women’s Day. That also makes it the month that media outlets highlight the challenges and triumphs of women in society. My guest on this episode of the TechSpective Podcast is Sheela Sarva, a Senior Application Security Manager with Qualys, to talk about her experiences as a woman working in technology and cybersecurity, and insights and guidance she can offer young women considering what to do with their lives or just entering the workforce. We discuss some of the struggles that women face in general,…

TechSpective Podcast Episode 052 Companies depend on technology. It really doesn’t matter what a company actually does today–even companies that are not “tech” companies rely on technology in some way, shape, or form for day-to-day communications, operations, accounting, and other functions. With so much riding on technology, businesses need access to relevant details and information about the relative security of the devices they buy. Intel provides this sort of visibility for customers with a new report developed in cooperation with the Ponemon Institute: The Role of Transparency and Security Assurance in Driving Technology Decision-Making. Some of the key findings of…

I am not sure if you noticed or not, but 2020 was a strange year. The COVID-19 pandemic completely disrupted the business model for most companies and forced an acceleration in digital transformation—even for companies who weren’t planning on, or prepared for, it. The net result is that there were a variety of repercussions from a technology and cybersecurity perspective—which makes the 2020 Product Security Report from Intel that much more relevant and interesting. The report opens with this statement from Intel: “Security doesn’t just happen. It’s the result of unwavering focus that guides everything we do to research, architect,…

Wi-Fi connectivity is increasingly pervasive. Many organizations have embraced Wi-Fi as a primary means of connecting to network applications and resources. It is significantly cheaper and more convenient than having to run ethernet cable throughout the office. It is also a more feasible option today than it once was because wireless technology has evolved to the point that Wi-Fi speeds today rival or exceed what was possible with wired connections not too long ago. Of course, the benefits of Wi-Fi connectivity also come with some unique security challenges—like the issues recently discovered by Ruben Santamarta, a principal security consultant at…

Organizations are faced with an increasing volume of attacks from a constantly evolving threat landscape. Cybersecurity is largely a game of cat and mouse—with attackers and IT security professionals taking turns leapfrogging each other’s capabilities—and digital transformation, accelerated dramatically by the COVID pandemic for many companies, has expanded the attack surface and created new opportunities for attackers. Thankfully, the rise of detection and response offerings strives to change the game and provide more effective protection. Qualys introduced a new service this week—Qualys SaaS Detection and Response (SaaSDR) to help customers defend SaaS applications and platforms. It wasn’t that long ago…