Articles about Q&A

You'll often hear CI (continuous integration) and CD (continuous deployment) mentioned in the same breath, often as CI/CD, and indeed both are part of improving the quality, speed and efficiency of software development.

However, Stephen Atwell, principal product manager at Armory, argues that they shouldn't be considered as related functions. We spoke to him to find out why.

Continue reading →

The threat landscape has evolved a lot over the past few years as cybercriminals become more and more sophisticated. This has forced change within the industry and blurred the lines between the previous separate data protection and security strategies.

We spoke to Jason Gerrard, senior director of international systems engineering at Commvault, to find out more about why this is happening and what it means for the future of the data protection and cybersecurity industries.

Continue reading →

Cyber threats can come in many forms, over email, messaging platforms or social media. But what they all have in common is that they seek to exploit human weaknesses.

We spoke to Chris Lehman, CEO of SafeGuard Cyber, to discover how contextual analysis of business conversations can help determine if a conversation is benign or if something suspicious is taking place, allowing action to be taken.

Continue reading →

A major new threat has made its presence felt in the last few months. Cybercriminals have expanded the use of screen spoofing or overlay attacks from web applications to trusted mobile apps.

What’s more, the availability of as-a-service technology has lowered the threshold for attacks. We spoke to Dr. Klaus Schenk, SVP security and threat research at Verimatrix, to learn more about how these attacks work and what can be done to guard against them.

Continue reading →

As businesses look to manage their cybersecurity risk, many have turned to insurance to cover the financial implications of a successful breach.

However, insurers naturally want to limit their own exposure to risk and the small print of the policy may limit some claims. In particular this can apply to IoT devices which represent a major unprotected attack surface in corporate networks.

Continue reading →

Passkeys are often touted as being the way to achieve a passwordless future. But as yet passkeys are supported by only a small number of websites. Passkeys are a safer, more efficient way of authenticating users, but it will be a long time before they become the norm -- if indeed they ever become the norm.

We talked to Darren Guccione, CEO and co-founder of Keeper Security, to discuss the use cases for passkeys, the barriers to mass adoption and how users can adopt and secure passkeys in conjunction with their passwords.

Continue reading →

The shift to remote and hybrid working has led to many problems for IT teams, not least that it offers an expanded attack surface. Add in the threat from cybercriminals looking to capitalize on advanced AI capabilities to create malware and you have some major challenges.

We spoke to Doug Kersten, CISO of enterprise collaboration specialist Appfire, to discuss the key security challenges product and DevOps teams face today and how to overcome them.

Continue reading →

One of the effects of the pandemic and the shift to remote and hybrid working has been that organizations have become increasingly reliant on messaging tools like Teams and Slack.

But new research from CybSafe shows that 47 percent of workers have received no training in the use of these platforms and could be putting themselves and their employers at risk.

Continue reading →

Securing the software supply chain presents many challenges. To make the process easier OX Security recently launched OX-GPT, a ChatGPT integration aimed specifically at improving software supply chain security.

We spoke to Neatsun Ziv, co-founder and CEO of OX Security, to discuss how AI can present developers with customized fix recommendations and cut and paste code fixes, allowing for quick remediation of critical security issues across the software supply chain.

Continue reading →

While much literature has been written on best practices for systems architecture, the desired outcomes have been as elusive as they have been sought after. The de-facto standard for enterprise systems that exists in reality is often closer to A Big Ball of Mud.

Very rarely is an organization’s technology (the infrastructure, the software or the set of systems powering the organization) planned as the state in which we see it today. All early systems need to scale, and most companies in the growth phase don't have the bandwidth to deal with this graciously.

Continue reading →

The European Union first proposed introducing a regulatory framework for AI back in 2021, the wheels of politics inevitably grind slowly, however, and it's still working on legislation to bolster regulations on the development and use of artificial intelligence.

The proposed Artificial Intelligence Act has sparked a good deal of debate in the industry with many worried that it could harm business competitiveness.

Continue reading →

Governments and data make for a complex relationship. In some cases, agencies are obligated to make information publicly accessible. In others, sensitive data is highly regulated and therefore needs to be protected to keep it out of the public domain.

With key information changing hands internally via various departments and externally via third parties, it's vital that government agencies can access systems and share data securely -- particularly given increases in cyberattacks.

Continue reading →

While some might argue that generative AI is eliminating the need for certain jobs, it's also increasing the need for new roles and skills such as 'prompt engineering'.

With many people looking to upskill in this area to produce better results from AI tools like ChatGPT, and some companies creating new roles to stay ahead of AI's fast-paced developments, we spoke to Mike Loukides, vice president of content strategy for O'Reilly Media, to find out more about prompt engineering and why it’s important.

Continue reading →

Today's application security landscape is complex and can lead to teams spending a lot of time hunting down vulnerabilities. Add in the move to cloud-based development and there's an even higher volume of code to deal with

We spoke to Shahar Man, CEO at Backslash Security, to learn more about what AppSec needs to look like in this world and how it ties in with greater use of the cloud.

Continue reading →

In today's increasingly digitally-centered organizations, the development of products, services, and solutions increasingly depends on the implementation of Application Programming Interfaces (APIs).

APIs have become the building blocks of modern business applications and are critical to digital transformation -- so much so that API security has become a boardroom issue.

Continue reading →