CISO Express | A Security Professional’s Home Page

Gartner Magic Quadrant

Security Reports

2015 Cost of a Data Breach Study by Ponemon Institute

2015 Cost of a Data Breach Study by Ponemon Institute

IBM X-Force Threat Intelligence Quarterly – 3Q 2015

IBM X-Force Threat Intelligence Quarterly – 3Q 2015

Cisco 2015 Annual Security Report

Cisco 2015 Annual Security Report

Verizon 2015 Data Breach Investigations Report

Verizon 2015 Data Breach Investigations Report

Symantec Highlights from the 2015 Internet Security Threat Report

Symantec Highlights from the 2015 Internet Security Threat Report

Mcafee Labs Threat Report 2015

Mcafee Labs Threat Report 2015

Targeted Attack Campaigns and Trends (April 2015)

Targeted Attack Campaigns and Trends (April 2015)

US Secret Service Annual Report Includes Cyber Crime Info

US Secret Service Annual Report Includes Cyber Crime Info

Internet Crime Report 2014

Internet Crime Report 2014

Independent test of the Cisco Advanced Malware Protection Report

Independent test of the Cisco Advanced Malware Protection Report

2014 Healthcare Breach Report

2014 Healthcare Breach Report

Defense Security Service 2014

Defense Security Service 2014

Executives Perspectives on Top Risks 2015

Executives Perspectives on Top Risks 2015

2015 Global Threat Intelligence Report - NTT Group Security Companies

2015 Global Threat Intelligence Report - NTT Group Security Companies

Mandiant by Fireeye Threat Report 2015

Mandiant by Fireeye Threat Report 2015

PANDALABS ANNUAL REPORT

PANDALABS ANNUAL REPORT

2015 Trustwave Global Security Report

2015 Trustwave Global Security Report

2015 State of Software Security Reports - Annual Report

2015 State of Software Security Reports - Annual Report

2015 Dell Security Annual Threat Report

2015 Dell Security Annual Threat Report

Alcatel Lucent - Malware Reports

Alcatel Lucent - Malware Reports

Worldwide Infrastructure Security Report

Worldwide Infrastructure Security Report

The FireEye Mobile Threat Report 2015

The FireEye Mobile Threat Report 2015

Assume Your Organization is Already Infected 2014 Report

Assume Your Organization is Already Infected 2014 Report

Imperva's Web Application Attack Report (October 2014)

Imperva's Web Application Attack Report (October 2014)

Cyber Risk Reports by CISCO

    Security Thought Leaders Interviews

    • Daniel B. Cid, Sucuri
      Daniel Cid from Sucuri has agreed to a thought leadership interview. We hope that you will enjoy his thoughts and impressions and we certainly thank him for his time.
      - -
    • Dominique Karg, AlienVault
      Dominique Karg from AlienVault has agreed to a thought leadership interview. We hope that you will enjoy his thoughts and impressions and we certainly thank him for his time.
      - -
    • Lance Spitzner, Securing The Human, founder
      Lance Spitzner of Honeynet and Security The Human fame has agreed to a Thought Leadership interview and we certainly thank him for his time.
      - -
    • Bill Pfeifer, Juniper Networks
      Bill Pfeifer is a Product Line Engineerat Juniper Networks supporting security software and data centerfirewalls. He has been in the IT field for 15 years, including stints atan Army tank base, atechnology reseller, and some time at a financi…
      - -
    • Chris Pogue, Senior Security Analyst
      Chris Pogue is a Senior Security Analyst for the Spiderlabs Incident Response and Digital Forensics team at Trustwave. He has over ten years of administrative and security experience including three years on the IBM ISS X-Force Emergency Response Ser…
      - -
    • John Kanen Flowers
      John is a truly unique security thought leader. He has been involved in anumber of start ups and is currently working on something fairly radical カネ|box (orkane|box).
      - -
    • Kees Leune, Leune Consultancy, LLC
      Kees has made many contributions to the information assurance community, but one, the use of rubrics to help guide the peer review of GIAC Gold papers means a lot to me. It means a lot to you as well, because it created a state change for higher qual…
      - -
    • Joel Yonts, CISO
      Joel Yonts is a seasoned security executive with a passion forinformation security research.He has over 20 years of ITexperience with certifications in the areas of Security Leadership,Computer Forensics, Malware Analysis, Incident Handling, a…
      - -
    • Maury Shenk, TMT Advisor, Steptoe & Johnson
      Maury Shenk, TMT Advisor at Steptoe and Johnson, working with a focus on intellectual property, information security and encryption issues, has agreed to be interviewed for the Security Thought Leadership project, Maury has also recently embarked on…
      - -
    • Chris Wysopal, CTO, Veracode
      Veracode’s CTO and Co-Founder, Chris Wysopal, was named one of InfoWorld's Top 25 CTO's and one of the 100 most influential people in IT by eWeek. One of the original vulnerability researchers and a member of L0pht Heavy Industries, he has testi…
      - -
    • Amir Ben-Efraim, CEO, Altor Networks
      Amir Ben-Efraim, CEO and co-founder of Altor Networks has agreed to be interviewed for the Security Thought Leadership project. His company's booth at RSA2009 piqued my interest because they deal with one of my favorite subjects, Defense-in-Depth, bu…
      - -
    • Ed Hammersla, COO, Trusted Computer Solutions
      Ed Hammersla has a background in trusted systems, as in the Orange Book. He understands the mechanics of low to high information transfer.
      - -
    • What is a Security Thought Leader
      With the Security Thought Leader project Stephen hopes to introduce you to some really great men and women. A security thought leader can be defined by certain criteria: a person who is recognized by their peers as a thought leader, who passes their…
      - -
    • Amit Klein, CTO, Trusteer
      Amit Klein, CTO of Trusteer, a provider of web browser security technology, tells us about himself and his current project, Rapport. It is designed to secureonline transactions between compromised desktops and trusted financialwebsites.
      - -
    • Framework for Security Thought Leader Interview
      Stephen could certainlyuse your help in finding security thought leaders. If you know someone special that has made amajor contribution to the field, please download our Security Thought Leader Interview framework, we'd love to learn more about t…
      - -
    • An Interview with Ron Gula from Tenable about the role of a vulnerability scanner in protecting sensitive information
      Tenable's Ron Gula gives us an update on Nessus which now performs many of the industry standard web application testssuch as SQL injection and Cross Site Scripting analysis. This, combined with Tenable's database, application and operating system…
      - -
    • A. N. Ananth, CEO, Prism Microsystems, Inc.
      A.N. Ananth, CEO of Prism Microsystems, Inc. was one of the original architects of the EventTracker product offering, Prism’s enterprise log management solution.
      - -
    • Ivan Arce, CTO of Core Security Technologies
      Ivan Arce, Chief Technology Officer of Core Security Technologies, sets the technical direction for the company and is responsible for overseeing the development, testing and deployment of all Core products. He talks with us here about the recent u…
      - -
    • Jeremiah Grossman, Founder and CTO of WhiteHat Security
      Jeremiah Grossman, founder and CTO of WhiteHat Security, talks withStephenNorthcutt about the state of web application security as well as WhiteHat's approach to website vulnerability assessment andmanagement.
      - -
    • Mike Yaffe, Director of Product Marketing, Core Security Technologies.
      Most of the interviews that we have done in this series have been focused on technical people, but we believe Mike Yaffe is a game changer.
      - -
    • Chris Petersen, Chief Technology Officer, LogRhythm
      Chris gives us his vision on the current state of log and event management as well as some specifics about LogRhythm.
      - -
    • John Pirc, IBM, ISS Product Line & Services Executive: Security and Intelligent Network
      John Pirc from IBM's Network Security Solutions has agreed to be interviewed by the Securitylab; we certainly thank him for giving us his time to discuss security and the Intelligent Network.
      - -
    • Leigh Purdie, InterSect Alliance, co-founder of Snare: Evolution of log analysis
      We asked Leigh Purdie if he would give us an update on Snare and log analysis, as a follow to our interview with him in March, 2008, and we certainly thank him for his time.
      - -
    • Bill Worley, Chief Technology Officer, Secure64 Software Corporation
      At larger conferences, the SANS Institute has a vendor show, and I like to attend to find out about new companies and new technology. There was a vendor at our last show in Las Vegas, Secure64. I had never heard of them, so I wandered over and we had…
      - -
    • Doug Brown, former Manager of Security Resources, University of North Carolina at Chapel Hill
      One of the important concepts that we want to explore in security thought leadership is the idea of group or team thought leadership. And so we are looking for examples of teams that exhibited security thought leadership. Doug Brown, former Manager o…
      - -
    • Amrit Williams, Chief Technology Officer, BigFix
      Amrit Williams, Chief Technology Officer at BigFix, was formerly a research director in the Information Security and Risk Research Practice at Gartner, Inc. He is certainly a security thought leader and if you have not been introduced to him before,…
      - -
    • Andrew Hay, Q1 Labs
      Andrew Hay, one of the authors of the popular OSSEC Host-BasedIntrusion Detection Guide and upcoming Nagios 3 Enterprise NetworkMonitoring book has agreed to be interviewed for the SANS SecurityThought Leader series.
      - -
    • Gene Schultz, CTO of High Tower
      The Security Laboratory is pleased to interview Dr. Gene Schultz, one of the most experienced security practitioners in the field.
      - -
    • Tomasz Kojm, original author of ClamAV
      Tomasz Kojm is the original author of ClamAV, an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways.
      - -
    • Bill Johnson, CEO TDI
      Bill Johnson, CEO TDI, was the first person in the industry, that I am aware of, to sound the clarion call that we might be vulnerable to attacks via the Baseboard Management Controller (BMC). That certainly qualifies him as a security thought leader…
      - -
    • Gene Kim, Tripwire
      Gene Kim is one of the original authors of Tripwire, a software product used to manage configurations and change. Gene is willing to share his thoughts on virtualization with the Security Laboratory thought leadership series, and we certainly thank h…
      - -
    • Kevin Kenan, Managing Director, K2 Digital Defense
      Imperva and a few other vendors are starting to understand the importance of database security and release product, but Kevin Kenan, Managing Director, K2 Digital Defense picked up on this long ago.
      - -
    • Leigh Purdie, InterSect Alliance, co-founder of Snare
      Perhaps, one of the hottest topics in 2008 is log file analysis (who would have guessed). And while the commercial tools are getting a lot of the press, an open source and also commercial tool is ending up on a lot of systems. It is called Snare and…
      - -
    • Marty Roesch, Sourcefire CEO and Snort creator
      I keep thinking about the news reports that Chinese hackers managed to exfiltrate six terabytes of sensitive data from a large number of systems belonging to the Department of Homeland Security in November 2007. It seems like that would be impossible…
      - -
    • Dr. Anton Chuvakin, Chief Logging Evangelist with LogLogic
      Dr. Anton Chuvakin from LogLogic is probably the number one authority on system logging in the world, and his employer is probably the leading vendor for logging, so we appreciate this opportunity to share in his insights.
      - -
    • Kishore Kumar, CEO of Pari Networks
      One of the ongoing research projects in the Security Laboratory is to work with the thought leaders in information security to get an understanding of their vision for our industry. We have recently had the honor of working with Kishore Kumar, CEO of…
      - -
    • Interview with Dr. Robert Arn, CTO of Itiva
      The Leadership lab came across an interesting company, Itiva. Their CTO, Dr. Robert Arn, was kind enough to share his time and thoughts with our readers, and we certainly thank him for his time.
      - -
    • Interview with Charles Edge
      Charles Edge talks with Stephen Northcutt about security issues in the Mac world; even though the core OS is pretty safe, there are vulnerabilities that every Mac user should be aware of.
      - -
    • Mike Weider, CTO for Watchfire
      Stephen Northcutt interviews Mike Weider, CTO of Watchfire, regarding recent trends in web app vulnerabilities as well as his company's solutions for web application security.
      - -
    • Interview with authors of The Art of Software Security Assessment
      The Leadership Laboratory recently posted a book review of The Art of Software Security Assessment. The book raises a number of issues that we would love to explore further and the authors, Mark Dowd, John McDonald and Justin Schuh have graciously ag…
      - -
    • Ryan Barnett, Director of Application Security Training at Breach Security, Inc.
      RyanBarnett, Director of ApplicationSecurity Training at Breach Security, Inc. talks with Stephen Northcutt about the current state of web application security.
      - -
    • Dinis Cruz, Director of Advanced Technology, Ounce Labs
      Dinis Cruz, Director of Advanced Technology for Ounce Labs, talks withStephenNorthcutt about the many facets of OWASP, as well as the importantquestions that need real answers in order to develop secure webapplications.
      - -
    • Brian Chess, Chief Scientist for Fortify Software
      Brian Chess, Chief Scientist for Fortify Software, talks with Stephen Northcutt about static analysis and other web application security solutions.
      - -
    • Caleb Sima, CTO for SPI Dynamics
      Stephen Northcutt interviews Caleb Sima about the development of Caleb's company, SPI Dynamics, and the increasing need for solutions for web application security.
      - -
    • An Interview with David Hoelzer, author of DAD, a log aggregator
      An interview with David Hoelzer describing DAD, an open source Windowsevent log and syslog management tool that allows you to aggregate logsfrom hundreds to thousands of systems in real time.
      - -

    More Whitepapers and Publications