No Password Required: Project Manager at Rapid7 and Queen of Cyber Media
No Password Required: Virtual CISO at Trace3 and Roller Derby Penalty Box Visitor
12 O’Clock High, A Podcast on Business Leadership – Leadership in Cybersecurity and Privacy with Robert Meyers
We get Privacy for work — Episode 7: What Is a WISP and Why Your Organization Must Have One
Information Security and ISO 27001
A Compliance Officer Turned Board Member's Advice
Cyberside Chats: Protect Your Crown Jewels – Nobody breaks into a bank to steal the posters
Unauthorized Access: An Inside Look at Incident Response
No Password Required: The Philosopher CISO of Tallahassee Who Lives to Help Other People
Cyberside Chats - Zero Trust and Cyber Negligence: A conversation with Dr. Zero Trust Chase Cunningham
No Password Required: A Former Police Officer Who Embodies All the Qualities of a Great Leader
Modernize your Information Governance: Building a Framework for Success
CyberSide Chats: Recap of the White House Cyber Summit (with Amanda Fennell)
[Podcast] Fight the Phish!
Canna We Talk Cannabis? Cybersecurity Risks Bring Growing Pains to Cannabis Businesses
The Importance Of Cybersecurity During A Merger & Acquisition Transaction
Phishing and Vishing and Smishing (Oh my!): New Types of Scams Require Increased Vigilance
Several federal agencies issued on April 7th a document titled: Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure (“Advisory”)....more
Cynthia Wyre is a senior strategic engagement project manager at Rapid7, where she helps connect academic research and industry. Her path into cybersecurity innovation was untraditional, moving from health care and...more
As cyber operations increasingly intersect with geopolitical conflict, legacy insurance exclusions are being put to the test. In this episode of The Cyber Periscope, Pam Signorello sits down with Jessica Gallinaro to unpack...more
Providers have recently moved towards enabling AI agents to maintain persistent context and memory across interactions rather than treating each request as an isolated event. The environment makes it easier for enterprise AI...more
The American Hospital Association (AHA) is advising hospitals and healthcare entities to “take precautionary measures in case Iran, its proxies or self-radicalized individuals attempt attacks in the U.S.” during the conflict...more
Today’s AI models suffer from a critical flaw. They lack human judgment and context that makes them vulnerable to what security researchers call “prompt injection attacks.” What are prompt injection attacks? Simply put, it is...more
The New York Department of Financial Services (“NYDFS”) recently updated its Frequently Asked Questions to add several detailed new FAQs on the expanded multi-factor authentication (“MFA”) rule. As of November 1, 2025,...more
Recent large‑scale data breaches across major sectors in Korea, including across the telecommunications, retail, and finance sector, have prompted swift and coordinated response from lawmakers and regulators. The National...more
On February 11, Freddie Mac issued a bulletin announcing significant updates to its servicing and loss mitigation policies for mortgage servicers, with those loss mitigation changes effective May 1. The revised guidelines...more
While many consider a romantic relationship to be a personal matter and not an organizational issue, few realize that an employee falling for a romance scam can have a direct impact on an organization’s bottom line....more
Security professionals rely on the implementation of multifactor authentication (MFA) to defend against phishing attacks and intrusions. Unfortunately, we can’t completely rely on MFA to protect us as threat actors (more...more
The Situation: The aviation industry is increasingly reliant on digital systems, from air traffic management to ground operations and predictive maintenance. This digital transformation has significantly broadened the...more
We continue to alert our readers to the uptick and successful use of vishing attacks against companies. Threat actors continue to be creative in developing strategies to use vishing to gain access into systems....more
As we have warned before, threat actors using QR codes in attacks against victims continue to rise. To illustrate the risk, on January 8, 2026, the FBI issued a FLASH alert, entitled “North Korean Kimsuky Actors Leverage...more
This year, organisations around the world are being offered the opportunity to acquire their own branded internet extensions: ".BRAND" top-level domains. Moving your brand from the left of the dot(.) to the right of the...more
Live from B-Sides Jacksonville, No Password Required welcomes Gina Yacone, virtual CISO at Trace3. Jack Clabby of Carlton Fields and Sarina Gandy, host and producer of the CyberBay Podcast, host a conversation on Gina’s...more
The Data Act is now live, raising questions about cybersecurity protections and the handling of trade secrets. Our Privacy, Cyber & Data Strategy Team highlights five key points about the new data-sharing obligations for...more
During the AI Governance and Security Assessment Workshop, Shawn Helms and Jason Krieser of McDermott Will & Schulte and Patrick Murphy of Palo Alto Networks Unit 42, discussed ways to govern the use of generative artificial...more
As organizations increasingly rely on cloud computing, many face complex compliance obligations under Canada’s Export and Import Permits Act (EIPA) when storing or transmitting controlled technology. Global Affairs Canada...more
On November 17, 2025, the Securities and Exchange Commission’s (the “SEC”) Division of Examinations (the “Division”) published its examination priorities for 2026 (the “Priorities”)....more
When a cyberattack occurs, time is the most valuable asset. Much like law enforcement’s “first 48” hours rule in criminal investigations, the first 72 hours of a cyberattack, often referred to collectively as the “golden...more
A recent settlement with an education service provider and three states – California, Connecticut, and New York – serves as a reminder to deactivate the credentials of departed employees. The case arose following a data...more
In today’s complex data landscape, business-related communications and messaging data are critical and often only available from mobile devices. Today, 70% of investigations are internal investigations*. Join us for an...more
On 12 November 2025 the UK Government introduced its highly anticipated Cyber Security and Resilience (Network and Information Systems) Bill (the “Bill”) to Parliament. The Bill is the first major overhaul of cybersecurity...more
In a recent blog post, KnowBe4 reported that it has “uncovered an emerging advanced phishing campaign targeting Microsoft 365 users globally to steal their credentials....more