Advertise

Author

Profile of Lance Dubsky

CISSP, CISM

News & Commentary Posts: 2

Lance Dubsky, CISSP, CISM, is Chief Security Strategist, Americas, at FireEye and has over two decades of experience planning, building and implementing large information security programs. Before joining FireEye, he served as the Chief Information Security Officer at two U.S. Intelligence Agencies where he led global information security programs. Lance drove transformations in risk management, security engineering, space security assurance and security operations. Earlier in his career he worked as an independent consultant advising public sector clients and he is a veteran of the U.S. Air Force. He holds a B.S. in Information Systems from the University of Maryland and a M.A. from Creighton University in International Relations.

Articles by Lance Dubsky, CISSP, CISM

View Content By Month

Diagnosis SOC-atrophy: What To Do When Your Security Operation Center Gets Sick

7/6/2016
Whether it’s due to lack of attention, poor capital planning or alert fatigue, there are lots of reasons why an SOC can become unhealthy. Here’s how to make it better.
Post a Comment

The Balancing Act: Government Security In The Cloud

5/4/2016
The cloud offers great opportunities and challenges to public sector security teams defending critical systems against advanced threats. These 7 strategies will help you avoid a worst-case scenario.
Post a Comment

Hot Topics

Editors' Choice

6 Ways Greed Has a Negative Effect on Cybersecurity

Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA , 6/11/2018

Weaponizing IPv6 to Bypass IPv4 Security

John Anderson, Principal Security Consultant, Trustwave Spiderlabs, 6/12/2018

'Shift Left' & the Connected Car

Rohit Sethi, COO of Security Compass, 6/12/2018

Live Events

Webinars

More UBM Tech
Live Events

INsecurity Conference - An Event Like No Other

Black Hat Trainings - October 22 & 23

Are You Looking to Learn About New Cybersecurity Threats & Challenges? Then INsecurity Is For You!

White Papers

2018 Security Report

Microsoft Fixes 11 Critical, 39 Important Vulns

CIAM vs. IAM - How Customer IAM differs from traditional IAM

Next-Gen Firewalls - Why They Aren't an All-Encompassing Solution

Once Upon a Network: Modern-Day Security Tales

More White Papers

Video

All Videos

Cartoon

Latest Comment: IT'S A BEAUTIFUL WALL! AND MEXICO WILL PAY FOR IT!

Cartoon Archive

Current Issue

The Changing Role of the CISO

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

The State of IT and Cybersecurity

IT and security are often viewed as different disciplines - and different departments. Find out what our survey data revealed, read the report today!

Download Now!

[Strategic Security Report] Navigating the Threat Intelligence Maze

0 comments

[Strategic Security Report] Cloud Security's Changing Landscape

0 comments

The State of Ransomware

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading OR #DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2018-10997
PUBLISHED: 2018-06-17

Etere EtereWeb before 28.1.20 has a pre-authentication blind SQL injection in the POST parameters txUserName and txPassword.

CVE-2018-11218
PUBLISHED: 2018-06-17

Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows.

CVE-2018-11219
PUBLISHED: 2018-06-17

An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking.

CVE-2018-10377
PUBLISHED: 2018-06-17

PortSwigger Burp Suite before 1.7.34 has Improper Certificate Validation of the Collaborator server certificate, which might allow man-in-the-middle attackers to obtain interaction data.

CVE-2018-10969
PUBLISHED: 2018-06-17

SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid.

Terms of Service
Privacy Statement
Legal Entities

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]