CISOs: How to Answer the 5 Questions Boards Will Ask You
10/2/2018As boards learn the importance of cybersecurity, certain issues arise on a regular basis. These tips can help you address them.
Post a Comment
Author
Profile of John Hellickson
Vice President, Advisory Services, at Kudelski Security, Inc. Member Since: 9/26/2018Author
News & Commentary Posts: 1
Comments: 0
John Hellickson has more than 25 years of IT experience, the last two decades focused on security and risk management. He's served as an executive security consultant and trusted partner, providing companies with risk management strategies aligning technology, people, and processes with business objectives. At First Data, he rose from security engineer to CISO, leading a global team to create a business-driven, risk-balanced strategy and cybersecurity program. Hellickson served seven years in the US Air Force, his last assignment protecting systems supporting the country's nuclear war plan. He is a certified information systems security professional (CISSP) and board member of the nonprofits Security Advisor Alliance and Veteran's Passport to Hope.
Articles by John Hellickson
As boards learn the importance of cybersecurity, certain issues arise on a regular basis. These tips can help you address them.
Post a Comment
White Papers
Video
1 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: We have been "PAD"locked! Would have prefered being "SHER"locked.
Latest Comment: We have been "PAD"locked! Would have prefered being "SHER"locked.
Current Issue
Building and Managing an IT Security Operations ProgramAs cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
How Enterprises Are Developing Secure Applications
IT security and application development are disparate processes that are increasingly coming together. Here's a look at how that's happening.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2019-11809
PUBLISHED: 2019-05-20
PUBLISHED: 2019-05-20
PUBLISHED: 2019-05-20
PUBLISHED: 2019-05-19
PUBLISHED: 2019-05-18
From DHS/US-CERT's National Vulnerability Database CVE-2019-11809
PUBLISHED: 2019-05-20
An issue was discovered in Joomla! before 3.9.6. The debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector.
CVE-2019-12198PUBLISHED: 2019-05-20
In GoHttp through 2017-07-25, there is a stack-based buffer over-read via a long User-Agent header.
CVE-2019-12185PUBLISHED: 2019-05-20
eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the web r...
CVE-2019-12184PUBLISHED: 2019-05-19
There is XSS in browser/components/MarkdownPreview.js in BoostIO Boostnote 0.11.15 via a label named flowchart, sequence, gallery, or chart, as demonstrated by a crafted SRC attribute of an IFRAME element, a different vulnerability than CVE-2019-12136.
CVE-2019-12173PUBLISHED: 2019-05-18
MacDown 0.7.1 (870) allows remote code execution via a file:\\\ URI, with a .app pathname, in the HREF attribute of an A element. This is different from CVE-2019-12138.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2019 UBM, All rights reserved
Tweet This