Category Archives: Security Management

Nonprofits Cannot Ignore CyberSecurity

Chloe Messdaghi    October 26, 2017

Prior to joining Kenna Security, I worked with a number of nonprofits around the world. Each focused on providing shelter, education, health services, and food to children in need. The mission was clear and critical. Executing that mission wasn’t so easy. Nonprofits run on donated money. Though our goal was to save children, the strategy to drive the mission forward… Read more »

Secret #5 of Vulnerability Scanning: You Can Actually Prioritize, Rather Than Just Analyze

Ed Bellis    January 20, 2015

This is the third post by Ed Bellis in a three-part series on Vulnerability Scanning. To view all five secrets and two common “gotchas” of vulnerability scanning, please click here. Typically, security teams spend tons of time putting together Excel spreadsheets and swimming through countless rows of data. Doing so will get the job done, eventually…kind of. But the problem is, as… Read more »

Secret #4 of Vulnerability Scanning: Don’t Dump-and-Run, Make It Consumable

Ed Bellis    January 15, 2015

This is the second post by Ed Bellis in a three-part series on Vulnerability Scanning. To view all five secrets and two common “gotchas” of vulnerability scanning, please click here. You know what I’m talking about when I talk about the infamous dump-and-run. “Here’s your 300-page PDF with a laundry list of every vulnerability known to man!” From what I’ve… Read more »

Secret #1 of Vulnerability Scanning: CVSS Is Only Part of the Picture

Ed Bellis    January 8, 2015

This is the first post by Ed Bellis in a three-part series on Vulnerability Scanning. To view all five secrets and two common “gotchas” of vulnerability scanning, please click here. Information security can be a thankless job. I know, I’ve lived it first-hand. When I ran Security at Orbitz, it was absolutely critical that my team and I stayed on top of… Read more »

A Holiday Poem About Your Scan Data

Andrea Bailiff-Gush    December 16, 2014

  It’s almost year end, and you must understand security pros everywhere are tired of their scans. The data’s too much! And it just isn’t clear where the next threat might truly appear. Security folks need help, a surefire way to parse through Qualys, Nessus & more each day. To know what to prioritize, without having to bet and find vulnerabilities, breaches… Read more »

Laying the Foundation for Change

Karim Toubba    October 14, 2014

This blog post was written by new CEO of Risk I/O, Karim Toubba. You can read more about our new CEO announcement here. I have always been drawn to solving substantive problems that lay the foundation for change, particularly in the security industry. To date, much has been written about the sophistication of the hacker and even the most casual news… Read more »

There’s No Such Thing As a Cool Vulnerability

Michael Roytman    July 31, 2014

If you work in vulnerability management, all the vulnerabilities you’ll hear about at Black Hat are irrelevant. Every year at Black Hat and DEF CON, new vulnerabilities get released, explained and demoed. This year, you’ll see everything from remote car hacks, to hotel room takeovers, to virtual desktop attacks to Google Glass hacks. But once you get back home, don’t let… Read more »

On Physical Security

rhuber    March 31, 2014

Our mission at Risk I/O is to help businesses understand threats to their infrastructure, but as security practitioners we are interested in many forms of security, including physical. This blog post concerns something of particular interest to me, securing my office and a nearly successful theft, which was thwarted by a bit of hobbyist tech. Risk I/O is an emerging… Read more »