Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Advertise

About Us

Author

Profile of Randy Trzeciak

Director, Insider Threat Center, CERT

News & Commentary Posts: 1

Randy Trzeciak is Technical Manager of CERT's Enterprise Threat and Vulnerability Management Team and the Director of the CERT Insider Threat Center at Carnegie Mellon University's Software Engineering Institute.The team's mission is to assist organizations in improving their security posture and incident response capability by researching technical threat areas; developing and conducting information security assessments; and providing information, solutions and training for preventing, detecting, and responding to illicit activity. Team members are domain experts in insider threat and incident respons. Team capabilities include threat analysis and modeling; building and evaluating insider threat programs; development of insider threat controls, workshops, and exercises. Randy has over 25 years' experience in software engineering, project management, information security, and database design, development, and maintenance.In addition to his role with CERT, he also has a dual appoint as Program Director for the Masters of Science in Information Security Policy and Management (MSISPM) program and CERT professor at Carnegie Mellon's Heinz College, Graduate School of Information Systems and Management. Randy holds an MS in Management from the University of Maryland and a BS in Management Information Systems and a BA in Business Administration from Geneva College.

Articles by Randy Trzeciak, Director, Insider Threat Center, CERT
posted in October 2014

Insider Threats and Preventing Data Leaks

10/2/2014
Speaker: Randy Trzeciak, Director, Insider Threat Center, CERT

Major data leaks such as Edward Snowden’s release of NSA data are only the tip of the insider threat iceberg. Every day, enterprises face the threat of losing valuable insider information – not only through malicious leaks but through unintentional, accidental violations of security rules. How can organizations spot the signs of a data leak and stop it before it goes too far? How can IT help prevent accidental leaks of sensitive data? A top expert offers some essential advice on stopping data loss from within.

Submit your questions to [email protected] with the title of the session in the subject line to engage with our presenters.

Post a Comment

Cartoon Archive

Current Issue

2020: The Year in Security

Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Assessing Cybersecurity Risk in Today's Enterprises

COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.

Download Now!

The Malware Threat Landscape

0 comments

How Data Breaches Affect the Enterprise (2020)

0 comments

Building an Effective Cybersecurity Incident Response Team

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2021-3110
PUBLISHED: 2021-01-20

The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter.

CVE-2020-35217
PUBLISHED: 2021-01-20

Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. Instead of comparing the CSRF token in the request with the CSRF token in the cookie, it compares the CSRF token in the cookie against a CSRF token that is stored in the session. An attacker does not even need to p...

CVE-2021-23326
PUBLISHED: 2021-01-20

This affects the package @graphql-tools/git-loader before 6.2.6. The use of exec and execSync in packages/loaders/git/src/load-git.ts allows arbitrary command injection.

CVE-2020-27852
PUBLISHED: 2021-01-20

A stored Cross-Site Scripting (XSS) vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role (Administrator, Editor, etc.).

CVE-2021-3137
PUBLISHED: 2021-01-20

XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]