Contributor Ray Pompon

The Ethical and Legal Dilemmas of Threat Researchers

/ Jul 12, 2018

By ray pompon

F5 Labs' Ray Pompon writes for HelpNetSecurity, discussing the grey areas of threat research and some common issues researchers encounter.

Economic Espionage: How Nation-State-Funded APTs Steal Billions in Secrets

Blog / Jun 12, 2018

By ray pompon

Don’t think your company is immune from nation-state APTs going after your intellectual property. Take these essential steps to protect yourself.

The Eternal Struggle: Security Versus Users

/ Jun 7, 2018

By ray pompon

F5 Labs writes for Help Net Security, explaining how to deal with the often-adversarial relationship between security professionals and the users they support.

The Little Mistake That Causes a Breach

Blog / Jun 5, 2018

By ray pompon

A little mistake in security controls can have disastrous consequences. How common are they and how do you prevent them?

Advanced Attackers: Stealthy, Patient, Dangerous

Blog / May 31, 2018

By ray pompon

Advanced attackers are considered a top threat by CISOs. Although they are rare, their stealthy determination to learn everything about a target before they strike makes them especially dangerous.

Hacker Fashion Review

Blog / May 30, 2018

By ray pompon

It’s important for the fashion-conscious hacker to know what’s on trend! Here’s a preview of APT Group Purple Aardvark’s summer line—a few hits, some misses.

Breach Costs Are Rising with the Prevalence of Lawsuits

Blog / May 2, 2018

By ray pompon

When it comes to tallying the total cost of a data breach, lawsuits figure prominently, alongside repair costs, loss of reputation and sales, compliance penalties, and operational downtime.

How Secure Are Your Third-Party Web Apps?

Blog / Apr 26, 2018

By ray pompon

You can’t assume that your third-party web apps are secure! You need to assess them yourself using this multi-step process.

Extend Your Security Program’s Influence with Adjuvants

Blog / Apr 17, 2018

By ray pompon

Savvy CISOs don’t go it alone; they rely on in-house collaborators (outside of the security team) to help achieve the organization’s security objectives.

Know the Risks to Your Critical Apps and Defend Against Them

Blog / Apr 10, 2018

By ray pompon

Critical apps are the ones that must never go down or be hacked. They are also the hardest to defend because they are often massive, ancient, and touch everything.

When Information Security is a Matter of Public Safety

Blog / Mar 22, 2018

By ray pompon sara boddy debbie walkowski

Seven steps for improving the security of critical infrastructure systems—and protecting the public from unnecessary risk.

Reacting to a Big Breach

/ Mar 15, 2018

By ray pompon

A big public breach is a teachable moment for both you and your organization.

CISOs Look to Machine Learning to Augment Security Staffing Shortages

Blog / Feb 6, 2018

By ray pompon

As security expertise becomes more scarce, CISOs are turning to machine learning to do more with fewer people.

Risk vs. Reality: Don’t Solve the Wrong Problem

Blog / Jan 24, 2018 (MODIFIED: Feb 6, 2018)

By ray pompon

If you’re not evaluating risk in terms of likelihood and impact, you could be focusing your security efforts in all the wrong places.

Global Consultancy Overcomes Cloud Security Risks

Blog / Jan 9, 2018 (MODIFIED: Jan 18, 2018)

By ray pompon

How moving application into the cloud can make your organization stronger and more valuable to your customers.

Liability in an Assume Breach World

Blog / Jan 2, 2018 (MODIFIED: Jan 18, 2018)

By ray pompon sara boddy

The safest way to run a network is to assume it’s going to breached, but that also means minimizing your liability and ensuring the executive team is fully aware of what is going on.

To Protect Your Network, You Must First Know Your Network

/ Dec 13, 2017 (MODIFIED: Jan 12, 2018)

By ray pompon

Strong security starts with understanding exactly what you need to protect and where it resides within your organization.

Lessons Learned From a Decade of Data Breaches

Report / Dec 7, 2017 (MODIFIED: Jan 31, 2018)

By sara boddy ray pompon

F5 Labs researched 433 breach cases spanning 12 years, 37 industries, and 27 countries to discover patterns in the initial attacks that lead to the breach.

Avoiding the Epidemic of Hospital Hacks

Blog / Dec 5, 2017 (MODIFIED: Jan 9, 2018)

By ray pompon

Good security is highly dependent on hospital staff being well trained and having the discipline to follow security processes—manual and otherwise—to the letter.

The Startup Security Challenge: Safe in the Cloud From Day One

Blog / Nov 30, 2017 (MODIFIED: Jan 3, 2018)

By ray pompon

How this cloud startup met its goals for security and availability right out of the gate by setting goals, doing a risk analysis, and examining tradeoffs.

Phishing: The Secret of Its Success and What You Can Do to Stop It

Report / Nov 16, 2017 (MODIFIED: Jan 4, 2018)

By ray pompon

Learn about the tricks attackers use to dupe unsuspecting users and how you can help protect them—and your organization.

Is a Good Offense the Best Defense Against Hackers?

Blog / Nov 9, 2017 (MODIFIED: Dec 19, 2017)

By ray pompon

Proposed legislation could change existing laws that bars victims of hacking attacks from striking back.

Third-Party Security is Your Security

Blog / Oct 24, 2017 (MODIFIED: Dec 5, 2017)

By ray pompon

When you must depend on third parties for a variety of products and services, it’s critical that you hold them to high security standards.

How to Be a More Effective CISO by Aligning Your Security to the Business

Blog / Oct 17, 2017 (MODIFIED: Nov 28, 2017)

By ray pompon

Security must align to the business needs, not the other way around. Begin with investigation and understanding to be most effective.

Phishing for Information, Part 5: How Attackers Pull It All Together, and How You Can Fight Back

Blog / Sep 28, 2017 (MODIFIED: Oct 24, 2017)

By ray pompon

Stop feeding attackers every piece of the puzzle they need to pull off their scams.

Five Reasons CISOs Should Keep an Open Mind About Cryptocurrencies

Blog / Sep 26, 2017 (MODIFIED: Nov 9, 2017)

By ray pompon justin shattuck

Far from a dying breed, cryptocurrencies are not only evolving but being accepted in countless new markets. CISOs need to know the ins and outs, pros and cons.

Phishing for Information, Part 4: Beware of Data Leaking Out of Your Equipment

Blog / Sep 7, 2017 (MODIFIED: Dec 29, 2017)

By ray pompon

Organizations often overlook the many ways in which their own systems put useful information right into the hands of attackers building cyber scams.

Six Steps to Finding Honey in the OWASP

Blog / Aug 31, 2017 (MODIFIED: Oct 17, 2017)

By ray pompon

The OWASP Top 10 represents “basic stuff you should be doing so you don’t look negligent if you get hacked.” Don’t get stung by neglecting them.

URL Obfuscation—Still a Phisher’s Phriend

Blog / Aug 29, 2017 (MODIFIED: Sep 28, 2017)

By ray pompon

Cyber crooks use several common URL disguising techniques to trick users into thinking their sham sites are legitimate.

Phishing for Information, Part 3: How Attackers Gather Data About Your Organization

Blog / Aug 22, 2017 (MODIFIED: Sep 28, 2017)

By ray pompon

The Internet is full of information about your company that’s easily accessible to anyone and particularly useful to attackers.

Follow us on social media.