Articles about Q&A

Enterprises are increasingly looking to software bills of materials (SBOM) to understand the components inside the tech products they use in order to secure their software supply chain.

But do SBOMs really provide value? And how can they be used more effectively? We talked to Varun Badhwar, CEO and co-founder of Endor Labs, to find out the keys to using SBOMs successfully.

Continue reading →

Enterprises are facing a rapidly changing privacy landscape, in which some laws contradict each other, while struggling to reduce costs and gain visibility into their privacy risks.

Indeed there’s been a recent increase in lawsuits against companies for online privacy violations that is putting significant strain on C-level executives and they're looking to their IT leaders to address all of this risk with technology.

Continue reading →

In a little more than a decade, data analytics has been through several big transformations. First, it became digitized. Second, we witnessed the emergence of 'big data' analytics, driven partly by digitization and partly by massively improved storage and processing capabilities.

Finally, in the last couple of years, analytics has been transformed once again by emerging generative AI models that can analyze data at a previously unseen scale and speed.

Continue reading →

Third-party browser scripts are the code snippets that organizations put into their websites to run ads, analytics, chatbots, etc -- essentially anything that isn't coded by the organization itself.

Which sounds innocuous enough, but these scripts are increasingly being used as a vector for cyberattacks. We spoke to Simon Wijckmans, CEO of c/side, to understand how these attacks operate and what can be done to defend against them.

Continue reading →

As network boundaries can no longer be relied on to define the limits of cybersecurity, zero trust has become the overarching framework that now guides enterprise security strategies.

However, Zero Trust Network Access (ZTNA) has its limitations, especially in application security, and this can open up risk for organizations heavily reliant on SaaS systems.

Continue reading →

The IT world has always been a fast moving one and that means skills need to be kept up to date if you're not going to fall behind.

We spoke to Brett Shively, CEO of ACI Learning a provider of IT, cybersecurity and audit training for organizations around the world, about the importance of training and how a personalized approach can pay off.

Continue reading →

Over the past few years, technology teams have split into smaller work groups with more focused tasks. The rise of the cloud has created the need for DevOps teams, and the gap has grown wider between teams that build products and teams that manage products.

At the same time, applications have become dramatically more complicated. This has given rise to specialized site reliability engineers who are well-versed in monitoring all application components, including APIs. However, focusing API resilience in one team has allowed organizations to treat the symptoms rather than the underlying problem.

Continue reading →

The Digital Markets Act (DMA) is aimed at ensuring a higher degree of competition in European digital markets. It seeks to prevent big companies from abusing their market power and allow new players to enter the market.

We spoke to Chris Hewish, chief strategy officer at video games commerce company Xsolla, to discuss the implications the DMA has on game developers and publishers, particularly in the context of digital distribution platforms, app stores, and online marketplaces.

Continue reading →

The majority of teams today are contending with too much data which means they struggle to generate meaningful insights from their information, and can become overwhelmed by the sheer volume.

We spoke to CallMiner CMO Eric Williamson who believes sourcing customer feedback from different sources might help solve the problem.

Continue reading →

Microsoft Active Directory is used by a majority of the world’s organizations. But Cyberattacks and misconfigurations targeting AD have surged in recent years, leading to critical outages and data loss.

We spoke to Bob Bobel, CEO of Cayosoft, about how to address critical weaknesses in enterprise infrastructure associated with Microsoft Directory services.

Continue reading →

Last year saw almost 100 zero-day attacks, putting a strain on security teams and becoming known as the 'Hot Zero-Day Summer.'

In response to these attacks, the first instinct of many organizations has been to turn to automation. But Marc Rubbinaccio, manager, compliance at Secureframe, doesn't believe that this is the right approach. We spoke to him to find out more.

Continue reading →

CISOs are under the microscope to prove they can reduce vulnerabilities in the software development life cycle -- particularly, that they can do so from the start of code creation. As such, CISOs are searching for the most effective way to ensure the security awareness of their developers before they take on the responsibility of writing and introducing code.

Secure Code Warrior's co-founder and CTO, Matias Madou, believes that a 'gatekeeping' standard -- where developers are incrementally given access to more sensitive projects -- is the key to building a strong foundation for secure coding processes.

Continue reading →

Deepfakes are becoming more and more sophisticated, earlier this year a finance worker in Hong Kong was tricked out of millions following a deepfake call.

With the deepfake fast becoming a weapon of choice for cybercriminals, we spoke to Bridget Pruzin, senior manager -- compliance and risk investigations and analysis at Convera, to learn why she believes a 'Swiss cheese' approach, layering controls like unique on-call verification steps and involving in-person verification, is crucial to effectively defend against these scams.

Continue reading →

The world's critical national infrastructure remains on high alert. The National Cyber Security Centre in the UK and agencies in the US, Australia, Canada and New Zealand have all detailed how threat actors have been exploiting native tools and processes built into computer systems to gain persistent access and avoid detection.

We spoke to Chase Richardson, lead principal for cybersecurity and data privacy at Bridewell to discuss the critical trends and emerging dangers that cyber teams need to continue to watch out for?

Continue reading →

While digital certificates are an essential part of day-to-day security they also present challenges. They can expire or be revoked, or even forged.

We spoke to Bert Kashyap, CEO of passwordless security platform SecureW2, to learn more about certificate-related vulnerabilities and what IT and security teams can do to deal with them effectively.

Continue reading →