Profile of Sara Peters

Senior Editor at Dark Reading

Member Since: 3/12/2014
Author
News & Commentary Posts: 502
Comments: 647

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad of other topics. She authored the 2009 CSI Computer Crime and Security Survey and founded the CSI Working Group on Web Security Research Law -- a collaborative project that investigated the dichotomy between laws regulating software vulnerability disclosure and those regulating Web vulnerability disclosure.

Articles by Sara Peters

View Content By Month

The CISO Life Is Half as Good

4/14/2021
Lora Vaughn was at a crossroads -- and that was before mandated pandemic lockdowns came into play. Here's her story of how life got sweeter after she stepped away from the CISO job.
Post a Comment

Realistic Patch Management Tips, Post-SolarWinds

3/5/2021
Patch management and testing are different, exactly the same, and completely out of hand. Here are tips from the experts on how to wrangle patches in a time of malicious software updates.
Post a Comment

Securing Super Bowl LV

2/26/2021
A peek at open XDR technology and defense that held up better than the Kansas City Chiefs.
Post a Comment

Dark Reading Video News Desk Returns to Black Hat

8/6/2020
UPDATED: Coming to you prerecorded from in front of carefully arranged bookcases around the world ...!
Post a Comment

Supporting Women in InfoSec

8/5/2020
Maxine Holt, senior research director from Omdia, explains why the time is right for women to step into more cybersecurity jobs.
Post a Comment

Russian Election Interference: What’s Next?

8/5/2020
Nate Beach-Westmoreland gives a look back at the past 10 years of Russian election interference and disinformation campaigns. What can we learn from the past and what should we expect as the 2020 US presidential election approaches?
Post a Comment

Beyond Burnout: What Is Cybersecurity Doing to Us?

3/13/2020
Infosec professionals may feel not only fatigued, but isolated, unwell, and unsafe. And the problem may hurt both them and the businesses they aim to protect.
Post a Comment

Cryptographers Panel Tackles Espionage, Elections & Blockchain

2/26/2020
Encryption experts gave insights into the Crypto AG revelations, delved into complexities of the "right to be forgotten," and more at RSA Conference.
Post a Comment

Wendy Nather on How to Make Security 'Democratization' a Reality

2/25/2020
Ahead of her keynote at the RSA Conference, Cisco's head of advisory CISOs outlines to Dark Reading a unique paradigm that asks security teams to stop fighting their users -- and start sharing control with them.
Post a Comment

Martin and Dorothie Hellman on Love, Crypto & Saving the World

2/15/2020
Martin Hellman, co-creator of the Diffie-Hellman key exchange, and his wife of 53 years, Dorothie, talk about the current state of cryptography and what making peace at home taught them about making peace on Earth.
Post a Comment

Coronavirus Raises New Business Continuity, Phishing Challenges for InfoSec

2/13/2020
What happens when understaffed security teams at home and abroad are sequestered in physical quarantine zones?
Post a Comment

AppSec Concerns Drove 61% of Businesses to Change Applications

1/31/2020
Some have even left behind commercial software and migrated to open source or in-house homegrown applications. Continue for synopsis or read full research report.
Post a Comment

The Next Security Silicon Valley: Coming to a City Near You?

12/11/2019
The high cost of doing business in California's San Francisco Bay Area is just one factor driving infosec companies — established and and startups, alike — to pursue their fortunes elsewhere. Here's where many are going.
Post a Comment

What's in a WAF?

11/20/2019
Need a 101 lesson on Web application firewalls? Here's your crib sheet on what a WAF is, how it works, and what to look for when you're in the market for a new solution.
Post a Comment

8 Backup & Recovery Questions to Ask Yourself

11/14/2019
Don't wait until after a disaster, DDoS, or ransomware attack to learn just how good your backups really are.
Post a Comment

The Inestimable Values of an Attacker's Mindset & Alex Trebek

10/2/2019
Akamai security architect Marc Pardee tells the story of cutting his security teeth as an NSA intern and why all cybersecurity professionals can benefit from learning how to break things.
Post a Comment

The Etiquette of Respecting Privacy in the Age of IoT

9/28/2019
Is it rude to ask someone to shut off their Alexa? Ask the family who's written the book on etiquette for nearly 100 years — the descendants of Emily Post herself.
Post a Comment

Poll Results: Maybe Not Burned Out, But Definitely 'Well Done'

9/17/2019
Staff shortages and increasingly challenging jobs are turning up the heat on security pros, readers say.
Post a Comment

'It Saved Our Community': 16 Realistic Ransomware Defenses for Cities

8/30/2019
Practical steps municipal governments can take to better prevent and respond to ransomware infections.
Post a Comment

The Right to Be Patched: How Sentient Robots Will Change InfoSec Management

8/27/2019
It won't be long before we consider embodied AI as a form of "life" — and that will have a variety of paradigm-shifting, somewhat irritating, and potentially hilarious impacts on the daily lives of infosec and privacy pros.
Post a Comment

Skepticism About Symantec and Trepidation About IoT

8/10/2019
BLACK HAT 2019 -- Expert analysts from Informa, Eric Parizo and Tanner Johnson visit the Dark Reading News Desk to talk about the shake-ups at Symantec and trends in IoT security.
Post a Comment

Dark Reading News Desk Live at Black Hat USA 2019

8/8/2019
Watch right here for 40 video interviews with speakers and sponsors. Streaming live from Black Hat USA Wednesday and Thursday 2 p.m. to 6 p.m. Eastern.
Post a Comment

Twitter, Facebook, NSA Discuss Fight Against Misinformation

3/7/2019
RSA panelists address the delicate technical challenges of combating information warfare online without causing First Amendment freedoms to take collateral damage.
Post a Comment

Trust, or Lack of It, Is a Key Theme on RSAC Keynote Stage

3/5/2019
Neither machines nor humans might be entirely trustworthy, but the cooperation of the two might be the answer to issues of misinformation, deep fake videos, and other issues of trust, say security leaders.
Post a Comment

Axonius' 'Unsexy' Tool Wins RSAC Innovation Sandbox

3/5/2019
Judges award top honor to new company solving an old, unsolved problem: asset discovery and management.
Post a Comment

Facebook Shuts Hundreds of Russia-Linked Pages, Accounts for Disinformation

1/17/2019
Facebook says the accounts and pages were part of two unrelated disinformation operations aimed at targets outside the US.
Post a Comment

'We Want IoT Security Regulation,' Say 95% of IT Decision-Makers

1/17/2019
New global survey shows businesses are valuing IoT security more highly, but they are still challenged by IoT data visibility and privacy.
Post a Comment

Chinese Intel Agents Indicted for 5-Year IP Theft Campaign

10/31/2018
Intelligence agents aimed for aerospace manufacturing targets, with help of cyberattackers, corporate insiders, and one IT security manager.
Post a Comment

Dark Reading News Desk Live at Black Hat USA 2018

8/9/2018
Watch here Wednesday and Thursday, 2 p.m. - 6 p.m. ET to see over 40 live video interviews straight from the Black Hat USA conference in Las Vegas.
Post a Comment

GDPR Oddsmakers: Who, Where, When Will Enforcement Hit First?

5/25/2018
The GDPR grace period ends today. Experts take their best guesses on when data protection authorities will strike - and what kind of organizations will be first to feel the sting of the EU privacy law.
Post a Comment

Dark Reading Conference Call for Speakers Closes Friday

5/21/2018
Don't be shy, security practitioners. Share your best practices at our 2nd annual INsecurity Conference, to be held Oct. 23-25 in Chicago.
Post a Comment

12 Trends Shaping Identity Management

4/26/2018
As IAM companies try to stretch 'identity context' into all points of the cybersecurity market, identity is becoming 'its own solar system.'
Post a Comment

Firms More Likely to Tempt Security Pros With Big Salaries than Invest in Training

4/19/2018
Booz Allen survey shows most organizations' answer to the security skills shortage may be unsustainable.
Post a Comment

First Public Demo of Data Breach via IoT Hack Comes to RSAC

4/19/2018
At RSA Conference, senior researchers will show how relatively unskilled attackers can steal personally identifiable information without coming into contact with endpoint security tools.
Post a Comment

Cyber War Game Shows How Federal Agencies Disagree on Incident Response

4/18/2018
Former officials at DHS, DOJ, and DOD diverge on issues of attribution and defining what constitutes an act of cyber war.
Post a Comment

2018 RSA Conference: Execs Push Cooperation, Culture & Civilian Safety

4/17/2018
On the keynote stage, execs from Microsoft and McAfee introduced a new Cybersecurity Tech Accord.
Post a Comment

Verizon DBIR: Ransomware Attacks Double for Second Year in a Row

4/10/2018
Outside attackers still the biggest problem - except in healthcare.
Post a Comment

One-Third of Internal User Accounts Are 'Ghost Users'

4/4/2018
Attackers and malware can easily move laterally through an organization, thanks to inadequate access controls on file systems and a proliferation of inactive but enabled users.
Post a Comment

UVA Defeats UMBC, in Stunning Upset

3/27/2018
In first trip to Mid-Atlantic Collegiate Cyber Defense Competition, University of Virginia's Cyber Defense Team defeats reigning national champs from University of Maryland, Baltimore County.
Post a Comment

Cybercrime Costs for Financial Sector up 40% Since 2014

2/14/2018
A 9.6% increase just in the past year, and denial-of-service attacks are partly to blame.
Post a Comment

17 Things We Should Have Learned in 2017 But Probably Didn't

12/29/2017
The worm has returned and the Yahoos have all been exposed, but did 2017 teach us any genuinely new lessons we shouldn't already have known?
Post a Comment

We're Still Not Ready for GDPR? What is Wrong With Us?

11/17/2017
The canary in the coalmine died 12 years ago, the law went into effect 19 months ago, but many organizations still won't be ready for the new privacy regulations when enforcement begins in May.
Post a Comment

GDPR Compliance: 5 Early Steps to Get Laggards Going

10/16/2017
If you're just getting on the EU General Data Protection Regulation bandwagon, here's where you should begin.
Post a Comment

How Security Metrics Fail Us & How We Fail Them

9/26/2017
Joseph Carson of Thycotic discusses how infosec professionals buy security products they don't need and make other bad decisions, because of poor use of metrics.
Post a Comment

Attacking Developers Using 'Shadow Containers'

9/15/2017
Sagie Dulce describes why developers are such attractive targets and how the Docker API can be exploited to use one of developers' favorite tools against them in sneaky, obfuscated attacks.
Post a Comment

Tesla Hacks: The Good, The Bad, & The Ugly

9/12/2017
Keen Security Lab found multiple holes in the isolation layer Tesla uses to protect drive systems from infotainment systems, but were impressed by the auto company's security in other ways.
Post a Comment

Attacking Data Integrity & Hacking Radiation Monitoring Devices

9/8/2017
Ruben Santamarta shows radio-based vulnerabilities and investigates how the integrity of critical data can be manipulated to simulate, complicate or exacerbate emergency situations.
Post a Comment

How to Use Purple Teaming for Smarter SOCs

9/7/2017
Justin Harvey explains why the standard blue team vs. red team can be improved upon, and provides tips on doing purple teaming right.
Post a Comment

How Legendary Carder, Hacker Roman Seleznev Was Caught, Sentenced

9/6/2017
Assistant US Attorney Norman Barbosa visits the Dark Reading News Desk to discuss details of the credit card hacking case that led to an unprecedented 27-year prison sentence.
Post a Comment

Activists Beware: The Latest In 3G & 4G Spying

9/5/2017
Ravi Borgaonkar describes new 3G & 4G vulnerabilities that enable IMSI catchers to be smarter, stealthier snoopers.
Post a Comment

To Improve Diversity, 'Have the Uncomfortable Conversations'

9/5/2017
Jules Okafor of Fortress Information Security explains that diversity efforts cannot shy away from discussions of racism and sexism.
Post a Comment

Mikko Hypponen's Vision of the Cybersecurity Future

9/4/2017
Twenty years from now, will everything be in the Internet of Things, and if so, how does the security industry need to prepare? F-Secure's chief research officer weighs in on this and what else the future promises (and threatens).
Post a Comment

Automated Lateral Movement: Targeted Attack Tools for the Masses

9/1/2017
Tal Be'ery and Tal Maor explain that the most pervasive, worst defended tactic of sophisticated attackers will soon be ready for script kiddies, and release GoFetch: a new lateral movement automation tool.
Post a Comment

Using Market Pressures to Improve Cybersecurity

8/31/2017
Post-MedSec, Chris Wysopal discusses what impact the investor community -- if not consumers -- can have on squashing vulnerabilities and improving cybersecurity.
Post a Comment

St. Jude Pacemaker Gets Firmware Update 'Intended as a Recall'

8/30/2017
The devices that were the subject of a vulnerability disclosure debate last summer now have an FDA-approved fix.
Post a Comment

The Active Directory Botnet

8/30/2017
It's a nightmare of an implementation error with no easy fix. Ty Miller and Paul Kalinin explain how and why an attacker could build an entire botnet inside your organization.
Post a Comment

Training Courses for Aspiring Cybercriminals Put Security Education To Shame

8/29/2017
Reasonably priced, module-based training courses and helpful forums will train a beginner in all the tools and techniques of the successful cybercriminal, Rick Holland of Digital Shadows explains.
Post a Comment

IoTCandyJar: A HoneyPot for any IoT Device

8/29/2017
Palo Alto Networks researchers explain how they designed an affordable, behavior-based honeypot to detect attacks on an IoT device -- any kind of IoT device.
Post a Comment

New York's Historic FinSec Regulation Covers DDoS, Not Just Data

8/28/2017
Starting today, New York banks and insurers must report to authorities within 72 hours on any security event that has a 'reasonable likelihood' of causing material harm to normal operations.
Post a Comment

Turning Sound Into Keystrokes: Skype & Type

8/25/2017
Don't let your fingers do the talking in a Skype session. The callers on the other end could know what you're writing, researcher Daniele Lain explains.
Post a Comment

Insecure IoT Devices Pose Physical Threat to General Public

8/24/2017
At the car wash, look out for attack robots. Billy Rios discusses how IoT devices could be hacked to physically attack people -- not just on factory floors, but in everyday public settings.
Post a Comment

Dino Dai Zovi Dives Into Container Security, SecDevOps

8/23/2017
Dino Dai Zovi discusses the under-explored security aspects of Docker, data center orchestration, and containers.
Post a Comment

ShieldFS Hits 'Rewind' on Ransomware

8/18/2017
Federico Maggi and Andrea Continella discuss a new tool to protect filesystems by disrupting and undoing ransomware's encryption activities.
Post a Comment

How Bad Teachers Ruin Good Machine Learning

8/18/2017
Sophos data scientist Hillary Sanders explains how security suffers when good machine learning models are trained on bad testing data.
Post a Comment

The Shadow Brokers: How They Changed 'Cyber Fear'

8/17/2017
At Black Hat USA, Matt Suiche, founder of Comae Technologies, describes what we know about the Shadow Brokers and how they have changed the business of cyber fear.
Post a Comment

Behind the Briefings: How Black Hat Sessions Get Chosen

8/17/2017
Daniel Cuthbert and Stefano Zanero explain what the Black Hat review board is looking for in an abstract submission for the Briefings.
Post a Comment

Look, But Don't Touch: One Key to Better ICS Security

6/26/2017
Better visibility is essential to improving the cybersecurity of industrial control systems and critical infrastructure, but the OT-IT cultural divide must be united.
Post a Comment

You Have One Year to Make GDPR Your Biggest Security Victory Ever

5/25/2017
The EU's new razor-toothed data privacy law could either rip you apart or help you create the best security program you've ever had. Here's how.
Post a Comment

US-CERT Warns That HTTPS Inspection Tools Weaken TLS

3/16/2017
Turns out that man-in-the-middling your own traffic isn't the safest way to look for man-in-the-middle attacks.
Post a Comment

Women Still Only 11% Of Global InfoSec Workforce

3/15/2017
Career development and mentorship programs make women in cybersecurity feel more valued, increase women's success.
Post a Comment

After Election Interference, RSA Conference Speakers Ask What Comes Next

2/17/2017
Election-tampering called 'a red line we should not allow anyone to cross.'
Post a Comment

Microsoft President Says Tech Industry Should Be 'Neutral Digital Switzerland'

2/14/2017
RSA Conference: Brad Smith also says the world needs a "Digital Geneva Convention" to establish the international rules for nation-state cyber conflict.
Post a Comment

Darkness & Hope On Display At RSA Conference Keynotes

2/14/2017
Attendees start morning with John Lithgow telling them 'Look at how your light shines together.'
Post a Comment

National Security, Regulation, Identity Top Themes At Cloud Security Summit

2/13/2017
Gen. Keith Alexander gives Trump a thumbs-up and Cloud Security Alliance releases a new application.
Post a Comment

White House Announces Retaliatory Measures For Russian Election-Related Hacking

12/29/2016
35 Russian intelligence operatives ejected from the US, and two of the "Cyber Most Wanted" are frozen out by Treasury Department.
Post a Comment

10 Things InfoSec Pros Can Celebrate About 2016

12/29/2016
There were a few items that passed for good news this year.
Post a Comment

Amit Yoran Leaves Dell RSA To Join Tenable As New CEO

12/15/2016
Yoran says recent Dell acquisition of RSA parent company EMC did 'not really' impact his decision to leave.
Post a Comment

Avalanche Botnet Comes Tumbling Down In Largest-Ever Sinkholing Operation

12/1/2016
800,000 domains seized, sinkholed, or blocked, and five individuals arrested, in international effort to bring down botnet linked to 17 major malware families.
Post a Comment

2016's 7 Worst DDoS Attacks So Far

11/28/2016
Rise of booter and stresser services, mostly run on IoT botnets, is fueling DDoS excitement (but the pros aren't impressed).
Post a Comment

Security Experts Call For Regulation On IoT Cybersecurity

11/16/2016
During a House Committee hearing today, Bruce Schneier also asks for the establishment of a new government agency devoted to cybersecurity.
Post a Comment

Dark Reading Radio: 'Bug Bounties & The Zero-Day Trade'

11/15/2016
Join us, HackerOne's Alex Rice, and Veracode's Chris Wysopal for the next episode of Dark Reading Radio, today, Wednesday Nov. 16, at 1pmET.
Post a Comment

75,000 Data Protection Officers Needed By 2018 To Handle EU Law

11/9/2016
US alone will need 9,000 DPOs to meet GDPR mandates, says International Association of Privacy Professionals - but don't expect that many new job listings.
Post a Comment

Acalvio Technologies Secures Investment from GV

11/3/2016
GV (formerly Google Ventures) Joins Accel Ventures, Ignition Partners, Eileses Capital and Splunk, Bringing Total Investment in the Company to $22M
Post a Comment

Google Adwords Malvertising Campaign Targets Apple Macs

11/1/2016
Cheeky attackers make their lure an ad for Google Chrome.
Post a Comment

US Should Help Private Sector 'Active Defense,' But Outlaw Hacking Back, Says Task Force

10/31/2016
Task Force at George Washington University suggests ways for government to clear up legal quagmires, improve tools, keep us all out of trouble.
Post a Comment

New Free Tool Stops Petya Ransomware & Rootkits

10/20/2016
Meanwhile, Locky puts ransomware on the Check Point Top Three Global Malware List for the first time ever.
Post a Comment

California Victims Of Yahoo Breach Pursue Claims In State, Not Federal Court

10/17/2016
Plaintiffs hope to benefit from California's history of stricter cybersecurity and data privacy law.
Post a Comment

Happy 30th Birthday CFAA!

10/14/2016
Six things we still don’t know about the Computer Fraud and Abuse Act after all this time.
Post a Comment

Online Gaming Currency Funds Cybercrime In Real Life

10/11/2016
You really needed Cristiano Ronaldo or that Doomhammer. Cybercriminals will help you get it for a price, and it's not even entirely illegal.
Post a Comment

Incident Response A Challenge For 98% Of InfoSec Pros

10/6/2016
Too many alerts and too little staff leave security pros swimming in threat intel and begging for automation.
Post a Comment

Researcher Roots Out Security Flaws In Insulin Pumps

10/4/2016
Jay Radcliffe, researcher and diabetic who found the flaws in Johnson & Johnson Animas OneTouch Ping insulin pump, 'would not hesitate' to allow his own children be treated by the device if they were diabetic and advised to do so by physicians.
Post a Comment

Cybercriminals' Superior Business Savvy Keeps Them Ahead

9/30/2016
Rick Holland of Digital Shadows explains how the attackers' superior business agility, faster change management, specialized job force, lower barriers to entry and bulletproof hosting keeps them ahead of the good guys.
Post a Comment

EMV: The Anniversary Of One Deadline, The Eve of Another

9/29/2016
How merchants and criminals responded since the EMV liability shift for point-of-sale devices one year ago. And what changes can we expect after the liability shift for ATMs, which is just days away?
Post a Comment

Improving Security Savvy Of Execs And Board Room

9/28/2016
Jeff Welgan describes how best to improve cybersecurity literacy throughout the C-suite.
Post a Comment

Spam Levels Spike, Thanks In Part To Ransomware

9/23/2016
By shipping banking Trojans and ransomware that turn big profits fast, spammers can now afford the high overhead of high-volume spam campaigns.
Post a Comment

An Open-Source Security Maturity Model

9/23/2016
Oh you don't run open-source code? Really? Christine Gadsby and Jake Kouns explain how to identify and secure all those open-source libraries and other third-party components lurking inside your applications, proprietary and otherwise.
Post a Comment

National Health ISAC Calls For Collaborative Vuln Disclosure

9/21/2016
St. Jude Medical to host upcoming workshop on medical device info sharing, convened by NH-ISAC and medical device security consortium.
Post a Comment

How Windows 10 Stops Script-Based Attacks On The Fly

9/21/2016
Move over Apple 'Walled Garden.' Windows 10's new antimalware scan interface halts scripts by signing code on the fly... but does it work? Security researcher Nikhil Mittal takes a look.
Post a Comment

How You Can Support InfoSec Diversity, Starting With The Colleagues You Already Have

9/20/2016
Jamesha Fisher, Security Operations Engineer of GitHub, visits the Dark Reading News Desk at Black Hat to discuss her work making security more accessible to the uninitiated, and how a predominately white and male information security field can better support women and people of color.
Post a Comment

Stop Blaming Users. Make Security User-Friendly.

9/15/2016
Jelle Niemantsverdriet of Deloitte explains how security improves if security tools and error messages educate users and 'put a smile on someone's face.'
Post a Comment