Defense in Depth And Website Security
The concept of Defense in Depth is not new. It’s been leveraged in the InfoSec domain for a long time, and has it’s roots deeply embedded in military strategy and tactics. That however doesn’t mean that even those in the InfoSec domain explain or implement it correctly. To fully appreciate the idea of Defense in…
Read MoreAccounting for Website Security in Higher Education
This morning I had the privilege of speaking at the Higher Education Web Professionals Association (HighEdWeb) annual conference. I took the opportunity to share a number of points around the website security threats as they pertain to the education industry, our observations on the trends at Sucuri and more importantly our thoughts on how to…
Read MoreDrupalCon Europe 2016 – Building a Security Framework for Your Websites
Last week I spent a few days in beautiful Dublin, Ireland for DrupalCon Europe 2016. I had the opportunity to present a new presentation in which I try to introduce an approach to building a security framework that anyone can build and deploy. We live in an age where the threats against our website are…
Read MoreHow To Protect Your Business Data
It’s impossible to go a week without seeing some reference to a data breach, whether it’s a write up on what happened years ago, or updates on breaches that are still happening. The two breaches I found most interesting where a treasure trove of business data (not credit card data) was exfiltrated, and subsequently released…
Read MoreThinking Through The Password Expiration Discussion
The most intriguing debate to come out of last weeks security conferences in Vegas stems from a presentation by FTC Chief Technologist Lorrie Cranor at PasswordsCon 2016, part of the BSides security conference in Las Vegas. Dan Gooding, with ARS Technica, summarized the discussion well; the gist of the presentation seems to question why we should change passwords at some frequency, or aims to…
Read MoreLessons Learned Playing With Pricing
When we first started, our pricing by all accounts was absurdly low. In my last post I chronicled the details of our pricing journey at Sucuri. Developers were finding that the cost was low enough that it was easier to send websites to us rather than invest their time, that could, at the time, run $40…
Read More