Tax Reform, Cybersecurity-Style
1/18/2018How the security industry can be more effective and efficient by recognizing four hidden "taxes" in the buying and selling process.
Post a Comment
Author
Profile of Ben Johnson
Co-founder and CTO, Obsidian Security News & Commentary Posts: 7Ben Johnson is CTO and co-founder of Obsidian Security. Prior to founding Obsidian, he co-founded Carbon Black and most recently served as the company's chief security strategist. As the company's original CTO, he led efforts to create the powerful capabilities that helped define the next-generation endpoint security space. Prior to Carbon Black, Ben was an NSA computer scientist and later worked as a cyber engineer in an advanced intrusion operations division for the intelligence community.
Johnson has extensive experience building complex systems for environments where speed and reliability are paramount. His background also includes a great deal of technical "agility," having worked on advanced operational teams supporting US national security missions and writing complex calculation engines for the financial sector.
Johnson earned a bachelor's degree in computer science from the University of Chicago and a master's degree in computer science from Johns Hopkins University. He also taught "Entrepreneurship in Technology" in the Masters Program of Computer Science at the University of Chicago in 2016 and 2017.
Articles by Ben Johnson
How the security industry can be more effective and efficient by recognizing four hidden "taxes" in the buying and selling process.
Post a Comment
Cloud Security's Shared Responsibility Is Foggy
9/14/2017Security is a two-way street. The cloud provider isn't the only one that must take precautions.
Post a Comment
Cybersecurity Self-Esteem: 4 Things Confident Teams Are Doing
8/31/2016By increasing our cybersecurity self-esteem, we can truly make a difference in raising our collective cybersecurity resiliency.
Post a Comment
Shifting The Economic Balance Of Cyberattacks
6/27/2016Our goal should be to simply make the cost of conducting a cyberattack so expensive that cybercriminals view attacking our organization as a bad return on investment.
Post a Comment
A Real World Analogy For Patterns of Attack
6/20/2016Patterns reveal exponentially more relevant information about attempted malfeasance than singular indicators of an attack ever could.
Post a Comment
Patterns Of Attack Offer Exponentially More Insight Than ‘Indicators’
6/13/2016In the cyberworld, patterns of attack provide investigators with context and the precise sequence of events as a cybercrime unfolds.
Post a Comment
‘Must Haves’ & ‘Must Dos’ For The First Federal CISO
3/11/2016Offensive and defensive experience, public/private sector know-how, ‘mini-NSA’ mindset and vision are top traits we need in a chief information security officer.
Post a Comment
White Papers
Video
0 Comments
Current Issue
Flash Poll
The State of IT and Cybersecurity
IT and security are often viewed as different disciplines - and different departments. Find out what our survey data revealed, read the report today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2011-2765
PUBLISHED: 2018-08-20
PUBLISHED: 2018-08-20
PUBLISHED: 2018-08-20
PUBLISHED: 2018-08-20
PUBLISHED: 2018-08-20
From DHS/US-CERT's National Vulnerability Database CVE-2011-2765
PUBLISHED: 2018-08-20
pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks.
CVE-2018-15594PUBLISHED: 2018-08-20
arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests.
CVE-2018-15572PUBLISHED: 2018-08-20
The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks.
CVE-2018-15573PUBLISHED: 2018-08-20
** DISPUTED ** An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk (as long as rlm.exe has access to it) via /goform/edit_lf_process with file content in the lfdata parameter and a pathname in the lf...
CVE-2018-15574PUBLISHED: 2018-08-20
** DISPUTED ** An issue was discovered in the license editor in Reprise License Manager (RLM) through 12.2BL2. It is a cross-site scripting vulnerability in the /goform/edit_lf_get_data lf parameter via GET or POST. NOTE: the vendor has stated "We do not consider this a vulnerability."
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This