Lester Chng is a cybersecurity and crisis management professional and he has extensive experience in conducting exercises and establishing large-scale exercise programs in the financial services sector as well as the military. He has participated as the lead representative in multinational security exercises and has also orchestrated enterprise-wide live exercises. Lester is a former Naval [...]
[Post 31 of 30] In this recap post, I am going to lay things bare. Some thing worked well and some things fell flat. And I mean completely bombed. The goal of this post is to show the insights I gained from this experience, and hopefully others can get some benefit from walking through the [...]
[Post 30 - 30 in 30] Effective cybersecurity management involves leveraging a variety of tools and resources. Three such tools, CVSS (Common Vulnerability Scoring System), EPSS (Exploit Prediction Scoring System), and CISA KEV (Known Exploited Vulnerabilities), are critical for identifying, assessing, and mitigating potential threats. Harnessing CVSS, EPSS, and CISA KEV The first tool, CVSS, [...]
[Post 29 - 30 in 30] Introduction The Cybersecurity and Infrastructure Security Agency (CISA) has updated its "#StopRansomware Guide" in May 2023. This guide is a treasure trove of strategies to combat ransomware attacks. But what does it contain, and how can you use it to protect your digital assets? Let's dive in and find [...]
[Post 28 - 30 in 30] As more and more cyber attacks occur, sometimes the threat actors can get lost in the news of the attacks that occur. This is more often the case as they dismantle operations or rename, or regroup. In this article I will discuss 3 relatively new threat actors, their origin [...]
[Post 27 - 30 in 30] As a cybersecurity professional, you understand the critical importance of continuous learning and staying ahead of the ever-evolving threat landscape. To further enhance your expertise and insights, we have curated a selection of 10 influential cybersecurity books written in the past decade. These books, authored by renowned experts, hackers, [...]
[Post 26 - 30 in 30] In the digital age, the battlefield has extended beyond physical borders. The war is no longer fought only with guns and bombs, but with codes and algorithms. Cybersecurity, once a niche field, has become a paramount concern for governments, corporations, and individuals alike. A recent joint advisory from Canada, [...]
[Post 25 - 30 in 30] Cybersecurity is no longer a luxury but a necessity. However, as the recession looms, budgets are becoming tighter, leading companies to rethink their cybersecurity investments. How, then, should businesses optimize their limited budgets to ensure robust cybersecurity? Let's break it down. A Bird's Eye View of Cybersecurity Threat Landscape [...]
[Post 24 - 30 in 30] Voice cloning technology, an emerging risk to organizations, represents an evolution in the convergence of artificial intelligence (AI) threats. This technology is currently being abused by threat actors in the wild, capable of defeating voice-based multi-factor authentication (MFA), enabling the spread of misinformation and disinformation, and increasing the effectiveness [...]
[Post 23 - 30 in 30] Building an effective SOC is not a small task. It's a considerable commitment of resources, time, and skill, but also a significant step towards ensuring your business's cybersecurity. This article will break down the key aspects of creating a SOC for small, medium, and large companies, addressing the estimated [...]
Designing Risk in IT Infrastructure 