CISO-to-CISO

[{"name":"Kathie Miley","summary":"\u003cp\u003eKathie Miley is a recognized name in cyber security and is currently an EVP at AffirmLogic. She has 30 years of IT and security experience and leadership, including as chief experience officer at the Cybersecurity Collaborative, chief operating officer at Cybrary, and EVP at Invincea, Inc. Miley also served on the Board of Directors for the national chapter of Information Systems Security Association and earned certifications for HIPAA Security Expert, HIPAA Privacy Expert, CSX, and Lean Six Sigma. She is currently on the advisory board of George Washington University\u0027s Customer Experience Certificate program.\u0026nbsp;Miley holds CHSE, CHPE, CSX, and LSS certifications.\u003c/p\u003e\r\n","imageReference":"/content/dam/f5-labs-v2/_author-headshots/Kathie_Miley.png","aboutAuthorDisplay":"first","searchLink":"/labs/search.html#q\u003dKathie%20Miley","jobTitle":"EVP","companyName":"AffirmLogic","articles":[{"topic":"Strategies","topicSearchPath":"/labs/search#q\u003dStrategies","threatCategoriesTitles":[],"date":"12/30/2020","contentDuration":"5 min. read","publishDate":"Dec 30, 2020 8:59:00 AM","title":"AI-powered Cyber Attacks","authors":["Kathie Miley"],"authorPaths":["/content/f5-labs-v2/en/authors/kathie-miley"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/ai-powered-cyber-attacks","mappedPath":"/labs/articles/cisotociso/ai-powered-cyber-attacks","description":"AI and Machine Learning can find the optimal cyberattack strategy by analyzing all possible vectors of attack.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/strategies","url":"/labs/search#q\u003dStrategies","name":"strategies","title":"Strategies","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:Keywords/machine-learning","url":"/labs/search#q\u003dmachine%20learning","name":"machine-learning","title":"machine learning","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/ciso","url":"/labs/search#q\u003dCISO","name":"ciso","title":"CISO","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:Keywords/AI","url":"/labs/search#q\u003dAI","name":"AI","title":"AI","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/automation","url":"/labs/search#q\u003dautomation","name":"automation","title":"automation","isTopic":false}],"thumbnailImage":"/content/dam/f5-labs-v2/article-backgrounds/a10/article-thumbnail-image.png","type":"blog","appTierAffected":[]},{"topic":"Strategies","topicSearchPath":"/labs/search#q\u003dStrategies","threatCategoriesTitles":[],"date":"11/03/2020","contentDuration":"5 min. read","publishDate":"Nov 3, 2020 11:29:00 AM","title":"OCC and HIPAA Cybersecurity Regulator Fines Now in Hundreds of Millions","authors":["Kathie Miley"],"authorPaths":["/content/f5-labs-v2/en/authors/kathie-miley"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/occ-and-hipaa-cybersecurity-regulator-fines-now-in-hundreds-of-m","mappedPath":"/labs/articles/cisotociso/occ-and-hipaa-cybersecurity-regulator-fines-now-in-hundreds-of-m","description":"Cybersecurity regulators have recently levied huge fines against financial institutions and healthcare organizations. Is this the new normal?","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/strategies","url":"/labs/search#q\u003dStrategies","name":"strategies","title":"Strategies","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/ciso","url":"/labs/search#q\u003dCISO","name":"ciso","title":"CISO","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/compliance-\u0026-legal","url":"/labs/search#q\u003dCompliance%20\u0026%20Legal","name":"compliance-\u0026-legal","title":"Compliance \u0026 Legal","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:Keywords/banking","url":"/labs/search#q\u003dbanking","name":"banking","title":"banking","isTopic":false}],"thumbnailImage":"/content/dam/f5-labs-v2/article-backgrounds/a10/article-thumbnail-image.png","type":"blog","appTierAffected":[]},{"topic":"Strategies","topicSearchPath":"/labs/search#q\u003dStrategies","threatCategoriesTitles":[],"date":"09/10/2020","contentDuration":"5 min. read","publishDate":"Sep 10, 2020 9:10:00 AM","title":"The Disappearing IT Security Budget: A 2020 Cybersecurity Crisis","authors":["Kathie Miley"],"authorPaths":["/content/f5-labs-v2/en/authors/kathie-miley"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/the-disappearing-it-security-budget--a-2020-cybersecurity-crisis","mappedPath":"/labs/articles/cisotociso/the-disappearing-it-security-budget--a-2020-cybersecurity-crisis","description":"As COVID-19 shrinks IT security budgets, security teams must shift their spending and update operations plans to support this new normal.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/strategies","url":"/labs/search#q\u003dStrategies","name":"strategies","title":"Strategies","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/governance","url":"/labs/search#q\u003dGovernance","name":"governance","title":"Governance","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/ciso","url":"/labs/search#q\u003dCISO","name":"ciso","title":"CISO","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:Keywords/covid-19","url":"/labs/search#q\u003dCOVID-19","name":"covid-19","title":"COVID-19","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:Keywords/coronavirus","url":"/labs/search#q\u003dCoronavirus","name":"coronavirus","title":"Coronavirus","isTopic":false}],"thumbnailImage":"/content/dam/f5-labs-v2/article-backgrounds/a10/article-thumbnail-image.png","type":"blog","appTierAffected":[]}],"aboutName":"Kathie","modalId":"modal-1968659122","setting":{"authorPath":"/content/f5-labs-v2/en/authors/kathie-miley/jcr:content","modalId":"modal-1968659122"}},{"name":"Dan Woods","summary":"\u003cp\u003ePrior to F5, Dan Woods spent more than 20 years with local, state, and federal law enforcement and intelligence organizations including the FBI as a special agent where he investigated cyber terrorism, and the CIA where he served as a cyber operations officer.\u003c/p\u003e\r\n","imageReference":"/content/dam/f5-labs-v2/_author-headshots/Dan_Woods_v6.jpg","aboutAuthorDisplay":"first","searchLink":"/labs/search.html#q\u003dDan%20Woods","jobTitle":"Global Head of Intelligence","companyName":"F5","articles":[{"topic":"Strategies","topicSearchPath":"/labs/search#q\u003dStrategies","threatCategoriesTitles":[],"date":"01/18/2022","contentDuration":"13 min. read","publishDate":"Jan 18, 2022 2:56:00 PM","title":"Cybersecurity Predictions for 2022 from F5 Labs (and Friends)","authors":["Sander Vinberg"],"authorPaths":["/content/f5-labs-v2/en/authors/sander-vinberg"],"contributors":["Remi Cohen","Raymond Pompon","Peter Scheffler","Dan Woods"],"contributorPaths":["/content/f5-labs-v2/en/authors/remi-cohen","/content/f5-labs-v2/en/authors/raymond-pompon","/content/f5-labs-v2/en/authors/peter-scheffler","/content/f5-labs-v2/en/authors/dan-woods"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/cybersecurity-predictions-for-2022-from-f5-labs-and-friends","mappedPath":"/labs/articles/cisotociso/cybersecurity-predictions-for-2022-from-f5-labs-and-friends","description":"We asked a diverse group of F5 security experts about cybersecurity in 2022. Here’s what they said. We look at cyber-war, cyber-crime, the cloud, the supply chain, encryption keys, and new ransomware targets.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/strategies","url":"/labs/search#q\u003dStrategies","name":"strategies","title":"Strategies","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/controls/article-focus/relevance","url":"/labs/search#q\u003dRelevance","name":"relevance","title":"Relevance","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/governance","url":"/labs/search#q\u003dGovernance","name":"governance","title":"Governance","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/controls/defense-strategies/defending-infrastructure","url":"/labs/search#q\u003dDefending%20Infrastructure","name":"defending-infrastructure","title":"Defending Infrastructure","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/Risk","url":"/labs/search#q\u003dRisk","name":"Risk","title":"Risk","isTopic":false}],"thumbnailImage":"/content/dam/f5-labs-v2/article-backgrounds/a08/article-thumbnail-image.png","type":"article","appTierAffected":[]},{"topic":"Strategies","topicSearchPath":"/labs/search#q\u003dStrategies","threatCategoriesTitles":[],"date":"05/14/2021","contentDuration":"10 min. read","publishDate":"May 14, 2021 9:07:00 AM","title":"I Was a Human CAPTCHA Solver","authors":["Dan Woods"],"authorPaths":["/content/f5-labs-v2/en/authors/dan-woods"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/i-was-a-human-captcha-solver","mappedPath":"/labs/articles/cisotociso/i-was-a-human-captcha-solver","description":"A behind-the-scenes peek into the hidden world of human click farms.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/strategies","url":"/labs/search#q\u003dStrategies","name":"strategies","title":"Strategies","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/ciso","url":"/labs/search#q\u003dCISO","name":"ciso","title":"CISO","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/c-suite","url":"/labs/search#q\u003dC-Suite","name":"c-suite","title":"C-Suite","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:Keywords/captcha","url":"/labs/search#q\u003dCAPTCHA","name":"captcha","title":"CAPTCHA","isTopic":false}],"thumbnailImage":"/content/dam/f5-labs-v2/article-backgrounds/a08/article-thumbnail-image.png","type":"article","appTierAffected":[]},{"topic":"Top Risks","topicSearchPath":"/labs/search#q\u003dTop%20Risks","threatCategoriesPath":["f5-labs-v2:category/threats/web-application-attacks/credential-theft","f5-labs-v2:category/threats/web-application-attacks/credential-stuffing","f5-labs-v2:category/threats/web-application-attacks/brute-force","f5-labs-v2:category/threats/client-side-attacks/credential-theft"],"threatCategoriesTitles":["Credential theft","Credential stuffing","Brute force attack","Credential Theft"],"date":"02/09/2021","contentDuration":"45 min. read","publishDate":"Feb 9, 2021 1:00:00 PM","title":"2021 Credential Stuffing Report","authors":["Sander Vinberg","Jarrod Overson"],"authorPaths":["/content/f5-labs-v2/en/authors/sander-vinberg","/content/f5-labs-v2/en/authors/jarrod-overson"],"contributors":["Dan Woods","Shuman Ghosemajumder","Sara Boddy","Raymond Pompon","Alexander Koritz"],"contributorPaths":["/content/f5-labs-v2/en/authors/dan-woods","/content/f5-labs-v2/en/authors/shuman-ghosemajumder","/content/f5-labs-v2/en/authors/sara-boddy","/content/f5-labs-v2/en/authors/raymond-pompon","/content/f5-labs-v2/en/authors/alexander_koritz"],"path":"/content/f5-labs-v2/en/labs/articles/threat-intelligence/2021-credential-stuffing-report","mappedPath":"/labs/articles/threat-intelligence/2021-credential-stuffing-report","description":"Credential stuffing is a multifaceted and enduring risk to organizations of all types and sizes. This report is a comprehensive examination of the entire life cycle of stolen credentials—from their theft, to their resale, and their repeated use in credential stuffing attacks.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:article-topics/top-risks","url":"/labs/search#q\u003dTop%20Risks","name":"top-risks","title":"Top Risks","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/threats/client-side-attacks","url":"/labs/search#q\u003dClient-side%20Attacks","name":"client-side-attacks","title":"Client-side Attacks","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/threats/web-application-attacks/brute-force","url":"/labs/search#q\u003dBrute%20force%20attack","name":"brute-force","title":"Brute force attack","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/threats","url":"/labs/search#q\u003dThreats","name":"threats","title":"Threats","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/threats/web-application-attacks/credential-stuffing","url":"/labs/search#q\u003dCredential%20stuffing","name":"credential-stuffing","title":"Credential stuffing","isTopic":false}],"thumbnailImage":"/content/dam/f5-labs-v2/article/articles/threats/23--2021-jan-mar/20210209_2021_cred_stuffing_report/ATLD_Thumbnail.jpg","type":"report","appTierAffected":["Access Tier"]},{"topic":"Fraud","topicSearchPath":"/labs/search#q\u003dFraud","threatCategoriesTitles":[],"date":"11/19/2020","contentDuration":"11 min.","publishDate":"Nov 19, 2020 9:10:00 AM","title":"Genesis Marketplace, a Digital Fingerprint Darknet Store","authors":["Dan Woods","Sara Boddy","Shahnawaz Backer"],"authorPaths":["/content/f5-labs-v2/en/authors/dan-woods","/content/f5-labs-v2/en/authors/sara-boddy","/content/f5-labs-v2/en/authors/shahnawaz-backer"],"path":"/content/f5-labs-v2/en/labs/articles/threat-intelligence/genesis-marketplace--a-digital-fingerprint-darknet-store","mappedPath":"/labs/articles/threat-intelligence/genesis-marketplace--a-digital-fingerprint-darknet-store","description":"Insights into Genesis Marketplace, a black market trading in digital identity.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:article-topics/Fraud","url":"/labs/search#q\u003dFraud","name":"Fraud","title":"Fraud","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/threats/client-side-attacks","url":"/labs/search#q\u003dClient-side%20Attacks","name":"client-side-attacks","title":"Client-side Attacks","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/threats/client-side-attacks/client-platform-malware","url":"/labs/search#q\u003dClient-platform%20malware","name":"client-platform-malware","title":"Client-platform malware","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/threats/web-application-attacks/brute-force","url":"/labs/search#q\u003dBrute%20force%20attack","name":"brute-force","title":"Brute force attack","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/threats","url":"/labs/search#q\u003dThreats","name":"threats","title":"Threats","isTopic":false}],"thumbnailImage":"/content/dam/f5-labs-v2/article-backgrounds/a07/article-thumbnail-image.png","appTierAffected":[]}],"aboutName":"Dan","modalId":"modal363071563","setting":{"authorPath":"/content/f5-labs-v2/en/authors/dan-woods/jcr:content","modalId":"modal363071563"}},{"name":"Mirell Metspalu","summary":"\u003cp\u003eMirell Metspalu is a Senior Privacy Analyst in F5. She has previously worked in fintech, consultancy and carried out legal research. With keen interest in privacy and data protection, UX design and product management, she focuses on helping product teams on building compliant, user friendly and ethical products.\u003c/p\u003e\r\n","imageReference":"/content/dam/f5-labs-v2/_author-headshots/Mirell_Metspalu.png","aboutAuthorDisplay":"first","searchLink":"/labs/search.html#q\u003dMirell%20Metspalu","jobTitle":"Sr Privacy Analyst","companyName":"F5","articles":[{"topic":"Strategies","topicSearchPath":"/labs/search#q\u003dStrategies","threatCategoriesTitles":[],"date":"01/28/2021","contentDuration":"5 min. read","publishDate":"Jan 28, 2021 9:07:00 AM","title":"Privacy by Design for Ethical Applications","authors":["Mirell Metspalu"],"authorPaths":["/content/f5-labs-v2/en/authors/mirell-metspalu"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/privacy-by-design-for-ethical-applications","mappedPath":"/labs/articles/cisotociso/privacy-by-design-for-ethical-applications","description":"Privacy by Design is key to ethical app design and includes anticipating for all possible uses of collected data.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/strategies","url":"/labs/search#q\u003dStrategies","name":"strategies","title":"Strategies","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/GDPR","url":"/labs/search#q\u003dGDPR","name":"GDPR","title":"GDPR","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/ciso","url":"/labs/search#q\u003dCISO","name":"ciso","title":"CISO","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/compliance-\u0026-legal","url":"/labs/search#q\u003dCompliance%20\u0026%20Legal","name":"compliance-\u0026-legal","title":"Compliance \u0026 Legal","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:Keywords/privacy","url":"/labs/search#q\u003dprivacy","name":"privacy","title":"privacy","isTopic":false}],"thumbnailImage":"/content/dam/f5-labs-v2/article-backgrounds/a10/article-thumbnail-image.png","type":"blog","appTierAffected":[]}],"aboutName":"Mirell","modalId":"modal-2015875088","setting":{"authorPath":"/content/f5-labs-v2/en/authors/mirell-metspalu/jcr:content","modalId":"modal-2015875088"}},{"name":"Shahnawaz Backer","summary":"\u003cp\u003eShahnawaz Backer was a Principal Security Advisor with F5 Labs. With keen interest in modern application development, digital identity and fraud vectors, he focuses on building security intelligence into solutions and firmly believes in automated proactive defence.\u003c/p\u003e\r\n","imageReference":"/content/dam/f5-labs-v2/_author-headshots/Shahnawaz_Backer.png","aboutAuthorDisplay":"first","searchLink":"/labs/search.html#q\u003dShahnawaz%20Backer","dateLastUpdated":"Oct 26, 2022 3:00:00 AM","articles":[{"topic":"Strategies","topicSearchPath":"/labs/search#q\u003dStrategies","threatCategoriesTitles":[],"date":"12/05/2022","contentDuration":"11 min. read","publishDate":"Dec 5, 2022 1:23:00 PM","title":"5 Cybersecurity Predictions for 2023 ","authors":["David Warburton"],"authorPaths":["/content/f5-labs-v2/en/authors/david-warburton"],"contributors":["Aditya Sood","Shahnawaz Backer","Aaron Brailsford","Remi Cohen","Ken Arora","David Arthur","Melissa McRee","Ethan Hansen"],"contributorPaths":["/content/f5-labs-v2/en/authors/aditya-sood","/content/f5-labs-v2/en/authors/shahnawaz-backer","/content/f5-labs-v2/en/authors/aaron-brailsford","/content/f5-labs-v2/en/authors/remi-cohen","/content/f5-labs-v2/en/authors/ken-arora","/content/f5-labs-v2/en/authors/david-arthur","/content/f5-labs-v2/en/authors/melissa-mcree","/content/f5-labs-v2/en/authors/ethan-hansen"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/5-cybersecurity-predictions-for-2023","mappedPath":"/labs/articles/cisotociso/5-cybersecurity-predictions-for-2023","description":"F5 Labs and experts across F5 share their experience from the past twelve months to predict what might be the biggest causes for concern in 2023.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/strategies","url":"/labs/search#q\u003dStrategies","name":"strategies","title":"Strategies","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/asset-inventory","url":"/labs/search#q\u003dasset%20inventory","name":"asset-inventory","title":"asset inventory","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/breach-trends","url":"/labs/search#q\u003dbreach%20trends","name":"breach-trends","title":"breach trends","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/misconfiguration","url":"/labs/search#q\u003dmisconfiguration","name":"misconfiguration","title":"misconfiguration","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:Keywords/saas","url":"/labs/search#q\u003dSaaS","name":"saas","title":"SaaS","isTopic":false}],"thumbnailImage":"/content/dam/f5-labs-v2/article-backgrounds/a06/article-thumbnail-image.png","type":"article","appTierAffected":[]},{"topic":"Controls","topicSearchPath":"/labs/search#q\u003dControls","threatCategoriesTitles":[],"date":"08/05/2021","contentDuration":"4 min. read","publishDate":"Aug 5, 2021 10:00:00 AM","title":"Fraud Scenarios in the Buy Now, Pay Later Ecosystem","authors":["Atishay Kumar","Shahnawaz Backer"],"authorPaths":["/content/f5-labs-v2/en/authors/atishay-kumar","/content/f5-labs-v2/en/authors/shahnawaz-backer"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/fraud-scenarios-in-the-buy-now-pay-later-ecosystem","mappedPath":"/labs/articles/cisotociso/fraud-scenarios-in-the-buy-now-pay-later-ecosystem","description":"Existing fraud tricks are finding new use in buy now, pay later payment systems.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/controls","url":"/labs/search#q\u003dControls","name":"controls","title":"Controls","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/governance","url":"/labs/search#q\u003dGovernance","name":"governance","title":"Governance","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/Risk","url":"/labs/search#q\u003dRisk","name":"Risk","title":"Risk","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/ciso","url":"/labs/search#q\u003dCISO","name":"ciso","title":"CISO","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/controls/defense-strategies/defending-applications","url":"/labs/search#q\u003dDefending%20Applications","name":"defending-applications","title":"Defending Applications","isTopic":false}],"thumbnailImage":"/content/dam/f5-labs-v2/article-backgrounds/a09/article-thumbnail-image.png","type":"article","appTierAffected":[]},{"topic":"Top Risks","topicSearchPath":"/labs/search#q\u003dTop%20Risks","threatCategoriesPath":["f5-labs-v2:category/threats/client-side-attacks/phishing","f5-labs-v2:category/threats/client-side-attacks/session-hijacking","f5-labs-v2:category/threats/web-application-attacks/man-in-the-middle","f5-labs-v2:category/threats/web-application-attacks/Malware"],"threatCategoriesTitles":["Phishing","Session hijacking","Man-in-the-middle","Malware"],"date":"06/17/2021","contentDuration":"4 min. read","publishDate":"Jun 17, 2021 8:27:00 AM","title":"Attacker Tricks for Taking Over Risk-Based Multifactor Authentication","authors":["Shahnawaz Backer"],"authorPaths":["/content/f5-labs-v2/en/authors/shahnawaz-backer"],"contributors":["Ann Sha Ng"],"contributorPaths":["/content/f5-labs-v2/en/authors/ann-sha-ng"],"path":"/content/f5-labs-v2/en/labs/articles/threat-intelligence/attacker-tricks-for-taking-over-risk-based-multifactor-authentication","mappedPath":"/labs/articles/threat-intelligence/attacker-tricks-for-taking-over-risk-based-multifactor-authentication","description":"From spoofing device fingerprints to hijacking authenticated sessions, attackers use a range of techniques to bypass multifactor authentication.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:article-topics/top-risks","url":"/labs/search#q\u003dTop%20Risks","name":"top-risks","title":"Top Risks","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/threats/client-side-attacks","url":"/labs/search#q\u003dClient-side%20Attacks","name":"client-side-attacks","title":"Client-side Attacks","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/threats","url":"/labs/search#q\u003dThreats","name":"threats","title":"Threats","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/threats/web-application-attacks/man-in-the-middle","url":"/labs/search#q\u003dMan-in-the-middle","name":"man-in-the-middle","title":"Man-in-the-middle","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/threats/client-side-attacks/phishing","url":"/labs/search#q\u003dPhishing","name":"phishing","title":"Phishing","isTopic":false}],"thumbnailImage":"/content/dam/f5-labs-v2/article-backgrounds/a15/article-thumbnail-image.png","type":"article","appTierAffected":["Services Tier","Access Tier","Client"]},{"topic":"Top Risks","topicSearchPath":"/labs/search#q\u003dTop%20Risks","threatCategoriesPath":["f5-labs-v2:category/threats/web-application-attacks/credential-theft","f5-labs-v2:category/threats/web-application-attacks/credential-stuffing","f5-labs-v2:category/threats/web-application-attacks/brute-force","f5-labs-v2:category/threats/web-application-attacks/cross-site-scripting","f5-labs-v2:category/threats/web-application-attacks/api-attacks","f5-labs-v2:category/threats/web-application-attacks/injection","f5-labs-v2:category/threats/web-application-attacks/phishing","f5-labs-v2:category/threats/web-application-attacks/abuse-of-functionality","f5-labs-v2:category/threats/web-application-attacks/Malware","f5-labs-v2:category/threats/web-application-attacks/remote-code-execution","f5-labs-v2:category/threats/client-side-attacks/client-platform-malware","f5-labs-v2:category/threats/client-side-attacks/cross-site-scripting","f5-labs-v2:category/threats/client-side-attacks/phishing","f5-labs-v2:category/threats/client-side-attacks/session-hijacking","f5-labs-v2:category/threats/client-side-attacks/Injection","f5-labs-v2:category/threats/client-side-attacks/credential-theft","f5-labs-v2:category/threats/app-infrastructure-attacks/credential-stuffing"],"threatCategoriesTitles":["Credential theft","Credential stuffing","Brute force attack","Cross-site scripting ","API Attacks","Injection","Phishing","Abuse of functionality","Malware","Remote Code Execution","Client-platform malware","Cross-site scripting","Phishing","Session hijacking","Injection","Credential Theft","Credential Stuffing"],"date":"05/18/2021","contentDuration":"60 min. read","publishDate":"May 18, 2021 4:53:00 PM","title":"2021 Application Protection Report: Of Ransom and Redemption","authors":["Sander Vinberg","Raymond Pompon","Shahnawaz Backer"],"authorPaths":["/content/f5-labs-v2/en/authors/sander-vinberg","/content/f5-labs-v2/en/authors/raymond-pompon","/content/f5-labs-v2/en/authors/shahnawaz-backer"],"contributors":["Malcolm Heath"],"contributorPaths":["/content/f5-labs-v2/en/authors/malcolm-heath"],"path":"/content/f5-labs-v2/en/labs/articles/threat-intelligence/2021-application-protection-report-of-ransom-and-redemption","mappedPath":"/labs/articles/threat-intelligence/2021-application-protection-report-of-ransom-and-redemption","description":"The 2021 version of F5’s continuing analysis of the application security threat landscape explores ransomware, payment card theft, and account takeover.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:article-topics/top-risks","url":"/labs/search#q\u003dTop%20Risks","name":"top-risks","title":"Top Risks","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/threats/web-application-attacks/brute-force","url":"/labs/search#q\u003dBrute%20force%20attack","name":"brute-force","title":"Brute force attack","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/threats/web-application-attacks/credential-stuffing","url":"/labs/search#q\u003dCredential%20stuffing","name":"credential-stuffing","title":"Credential stuffing","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/threats/web-application-attacks/credential-theft","url":"/labs/search#q\u003dCredential%20theft","name":"credential-theft","title":"Credential theft","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/threats/client-side-attacks/session-hijacking","url":"/labs/search#q\u003dSession%20hijacking","name":"session-hijacking","title":"Session hijacking","isTopic":false}],"thumbnailImage":"/content/dam/f5-labs-v2/article/articles/threats/24--2021-apr-jun/20210518_2021_apr/ATLD_Tile.jpg","type":"report","appTierAffected":["Services Tier","Access Tier","Client"]}],"aboutName":"Shahnawaz","modalId":"modal-1813933071","setting":{"authorPath":"/content/f5-labs-v2/en/authors/shahnawaz-backer/jcr:content","modalId":"modal-1813933071"}},{"name":"Mike Simon","summary":"\u003cp\u003eWith an education in computer science and 25 years of experience designing and securing information systems, Mike Simon is a well-known and highly respected member of the Northwest’s information security community. He is faculty at the University of Washington Information School, a published author, an active collaborator in the PRISEM and PICES projects and other regional initiatives, a subject matter expert in the energy and finance sectors, and integrated with law enforcement through contacts in the FBI, DHS, and Infragard. As Critical Informatics’ Chief Technology Officer, he leads development teams for the Critical Insight security monitoring platform and the associated Critical Insight Collector-sensor, directs our Big Data and Data Analytics program and helps to set company direction and strategy.\u003c/p\u003e\r\n","imageReference":"/content/dam/f5-labs-v2/_author-headshots/Mike_Simon.png","aboutAuthorDisplay":"first","searchLink":"/labs/search.html#q\u003dMike%20Simon","jobTitle":"CTO","companyName":"Critical Informatics","companyPageUrl":"https://ci.security/","articles":[{"topic":"Strategies","topicSearchPath":"/labs/search#q\u003dStrategies","threatCategoriesTitles":[],"date":"02/06/2019","contentDuration":"4 min. read","publishDate":"Feb 6, 2019 8:28:00 AM","title":"If I Had to Do It Over Again, Part 2","authors":["Raymond Pompon"],"authorPaths":["/content/f5-labs-v2/en/authors/raymond-pompon"],"contributors":["Sara Boddy","Mike Simon","Todd Plesco","Kate Wakefield"],"contributorPaths":["/content/f5-labs-v2/en/authors/sara-boddy","/content/f5-labs-v2/en/authors/mike-simon","/content/f5-labs-v2/en/authors/todd-plesco","/content/f5-labs-v2/en/authors/kate-wakefield"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/if-i-had-it-to-do-over-again-part-2","mappedPath":"/labs/articles/cisotociso/if-i-had-it-to-do-over-again-part-2","description":"More lessons learned from CISOs about “fire and forget,” physical security, the human factor, and audit logging.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/strategies","url":"/labs/search#q\u003dStrategies","name":"strategies","title":"Strategies","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/career-path","url":"/labs/search#q\u003dCareer%20Path","name":"career-path","title":"Career Path","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/governance","url":"/labs/search#q\u003dGovernance","name":"governance","title":"Governance","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/Risk","url":"/labs/search#q\u003dRisk","name":"Risk","title":"Risk","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/ciso","url":"/labs/search#q\u003dCISO","name":"ciso","title":"CISO","isTopic":false}],"thumbnailImage":"/content/dam/f5-labs-v2/article-backgrounds/a11/article-thumbnail-image.png","type":"blog","appTierAffected":[]},{"topic":"Controls","topicSearchPath":"/labs/search#q\u003dControls","threatCategoriesTitles":[],"date":"11/02/2017","contentDuration":"9 min. read","publishDate":"Nov 2, 2017 12:00:00 AM","title":"Can Engineers Build Networks Too Complicated for Humans to Operate? Part II: Making Sense of Network Activities and System Behaviors","authors":["Mike Simon"],"authorPaths":["/content/f5-labs-v2/en/authors/mike-simon"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/can-engineers-build-networks-too-complicated-for-humans-to-operate-part-ii-making-sense-of-network-activities-and-system-behaviors","mappedPath":"/labs/articles/cisotociso/can-engineers-build-networks-too-complicated-for-humans-to-operate-part-ii-making-sense-of-network-activities-and-system-behaviors","description":"How to selectively capture packets for further analysis and avoid buying a storage farm.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/controls","url":"/labs/search#q\u003dControls","name":"controls","title":"Controls","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/risk-management","url":"/labs/search#q\u003drisk%20management","name":"risk-management","title":"risk management","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/ciso","url":"/labs/search#q\u003dCISO","name":"ciso","title":"CISO","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/packet-analysis","url":"/labs/search#q\u003dpacket%20analysis","name":"packet-analysis","title":"packet analysis","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/complex-systems","url":"/labs/search#q\u003dcomplex%20systems","name":"complex-systems","title":"complex systems","isTopic":false}],"thumbnailImage":"/content/dam/f5-labs-v2/article-backgrounds/a05/article-thumbnail-image.png","type":"blog","appTierAffected":["Client"]},{"topic":"Strategies","topicSearchPath":"/labs/search#q\u003dStrategies","threatCategoriesTitles":[],"date":"08/03/2017","contentDuration":"6 min. read","publishDate":"Aug 3, 2017 12:00:00 AM","title":"Can Engineers Build Networks Too Complicated for Humans to Operate? Part I: Scope of the Problem","authors":["Mike Simon"],"authorPaths":["/content/f5-labs-v2/en/authors/mike-simon"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/can-engineers-build-networks-too-complicated-for-humans-to-operate-part-i-scope-of-the-problem","mappedPath":"/labs/articles/cisotociso/can-engineers-build-networks-too-complicated-for-humans-to-operate-part-i-scope-of-the-problem","description":"This series explores how InfoSec practitioners can use math, technology, and critical thinking to mitigate risk in a world where networks and data have surpassed the scope of human comprehension.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/strategies","url":"/labs/search#q\u003dStrategies","name":"strategies","title":"Strategies","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/risk-management","url":"/labs/search#q\u003drisk%20management","name":"risk-management","title":"risk management","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/ciso","url":"/labs/search#q\u003dCISO","name":"ciso","title":"CISO","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/packet-analysis","url":"/labs/search#q\u003dpacket%20analysis","name":"packet-analysis","title":"packet analysis","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/complex-systems","url":"/labs/search#q\u003dcomplex%20systems","name":"complex-systems","title":"complex systems","isTopic":false}],"thumbnailImage":"/content/dam/f5-labs-v2/article-backgrounds/a09/article-thumbnail-image.png","type":"blog","appTierAffected":["Client"]}],"aboutName":"Mike","modalId":"modal-842160816","setting":{"authorPath":"/content/f5-labs-v2/en/authors/mike-simon/jcr:content","modalId":"modal-842160816"}},{"name":"Mike Hamilton","summary":"\u003cp\u003eMike Hamilton is the founder and CISO of CI Security (formerly Critical Informatics). He has 25 years experience in Information Security as a practitioner, entrepreneur, consultant, and in executive management. He also has direct experience in retail, manufacturing, government, defense, academic, semiconductor, energy, law enforcement, transportation, publishing and financial sectors - from Fortune 1 to small nonprofits. \u003c/p\u003e\r\n","imageReference":"/content/dam/f5-labs-v2/_author-headshots/Mike_Hamilton.png","aboutAuthorDisplay":"first","searchLink":"/labs/search.html#q\u003dMike%20Hamilton","jobTitle":"Founder, CISO","companyName":"CI Security","companyPageUrl":"https://ci.security/","articles":[{"topic":"Strategies","topicSearchPath":"/labs/search#q\u003dStrategies","threatCategoriesTitles":[],"date":"01/15/2019","contentDuration":"5 min. read","publishDate":"Jan 15, 2019 3:34:00 PM","title":"If I Had to Do It Over Again","authors":["Raymond Pompon"],"authorPaths":["/content/f5-labs-v2/en/authors/raymond-pompon"],"contributors":["Erik Pierson","Mike Hamilton","Mary Gardner"],"contributorPaths":["/content/f5-labs-v2/en/authors/erik-pierson","/content/f5-labs-v2/en/authors/mike-hamilton","/content/f5-labs-v2/en/authors/mary-gardner"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/if-i-had-it-to-do-over-again","mappedPath":"/labs/articles/cisotociso/if-i-had-it-to-do-over-again","description":"Learn from CISOs who describe how they would “do it over” again in some of their early security program deployments.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/strategies","url":"/labs/search#q\u003dStrategies","name":"strategies","title":"Strategies","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/career-path","url":"/labs/search#q\u003dCareer%20Path","name":"career-path","title":"Career Path","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/governance","url":"/labs/search#q\u003dGovernance","name":"governance","title":"Governance","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/Risk","url":"/labs/search#q\u003dRisk","name":"Risk","title":"Risk","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/ciso","url":"/labs/search#q\u003dCISO","name":"ciso","title":"CISO","isTopic":false}],"thumbnailImage":"/content/dam/f5-labs-v2/article-backgrounds/a11/article-thumbnail-image.png","type":"blog","appTierAffected":[]}],"aboutName":"Mike","modalId":"modal2133310420","setting":{"authorPath":"/content/f5-labs-v2/en/authors/mike-hamilton/jcr:content","modalId":"modal2133310420"}},{"name":"Aaron Zander","summary":"\u003cp\u003eAaron Zander is the Head of IT at HackerOne. Aaron is an Information Technology professional with more than 10 years of IT networking and security experience. Aaron is dedicated towards creating business efficient processes that increase ROI and create better experiences for end users and teams. Prior to HackerOne, Aaron served in technical IT leadership roles at Sitecore and Drop.\u0026nbsp; Aaron is based in San Francisco, California. He oversees IT for all of HackerOne’s global offices including Singapore, Europe and the UK.\u003c/p\u003e\r\n","imageReference":"/content/dam/f5-labs-v2/_author-headshots/Aaron_Zander.png","aboutAuthorDisplay":"first","searchLink":"/labs/search.html#q\u003dAaron%20Zander","jobTitle":"Head of IT","companyName":"HackerOne","companyPageUrl":"https://www.hackerone.com/blog","articles":[{"topic":"Controls","topicSearchPath":"/labs/search#q\u003dControls","threatCategoriesTitles":[],"date":"06/09/2020","contentDuration":"8 min. read","publishDate":"Jun 9, 2020 1:12:00 PM","title":"Using Zero Trust to Secure Your Company When Going Remote","authors":["Aaron Zander"],"authorPaths":["/content/f5-labs-v2/en/authors/aaron-zander"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/using-zero-trust-to-secure-your-company-when-going-remote","mappedPath":"/labs/articles/cisotociso/using-zero-trust-to-secure-your-company-when-going-remote","description":"How to move your workforce securely to remote access with zero trust networking.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/controls","url":"/labs/search#q\u003dControls","name":"controls","title":"Controls","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/ciso","url":"/labs/search#q\u003dCISO","name":"ciso","title":"CISO","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/controls/defense-strategies/defending-clients","url":"/labs/search#q\u003dDefending%20Clients","name":"defending-clients","title":"Defending Clients","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:Keywords/remote-access","url":"/labs/search#q\u003dRemote%20Access","name":"remote-access","title":"Remote Access","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/controls/article-focus/innovation","url":"/labs/search#q\u003dInnovation","name":"innovation","title":"Innovation","isTopic":false}],"thumbnailImage":"/content/dam/f5-labs-v2/article-backgrounds/a03/article-thumbnail-image.png","type":"blog","appTierAffected":[]}],"aboutName":"Aaron","modalId":"modal-235695977","setting":{"authorPath":"/content/f5-labs-v2/en/authors/aaron-zander/jcr:content","modalId":"modal-235695977"}},{"name":"Kip Boyle","summary":"\u003cp\u003eKip Boyle is the CEO of Cyber Risk Opportunities, whose mission is to help executives become better cyber risk managers. He has over 24 years of cybersecurity experience serving in such roles as Chief Information Security Officer (CISO) for PEMCO Insurance and Director of Wide Area Network Security for the F-22 Raptor. In addition to his work with many large, global organizations at the Stanford Research Institute, Kip has also held other cyber risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.\u003c/p\u003e\r\n","imageReference":"/content/dam/f5-labs-v2/_author-headshots/Kip_Boyle.png","aboutAuthorDisplay":"first","searchLink":"/labs/search.html#q\u003dKip%20Boyle","jobTitle":"CEO","companyName":"Cyber Risk Opportunities","companyPageUrl":"https://www.cyberriskopportunities.com/","articles":[{"topic":"Strategies","topicSearchPath":"/labs/search#q\u003dStrategies","threatCategoriesTitles":[],"date":"05/17/2018","contentDuration":"7 min. read","publishDate":"May 17, 2018 12:00:00 AM","title":"Managing Compliance Issues within the Value Chain","authors":["Kip Boyle"],"authorPaths":["/content/f5-labs-v2/en/authors/kip-boyle"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/managing-compliance-issues-within-the-value-chain","mappedPath":"/labs/articles/cisotociso/managing-compliance-issues-within-the-value-chain","description":"Align your compliance requirements with your other business requirements so you can distinguish what you must do from what’s nice to do.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/strategies","url":"/labs/search#q\u003dStrategies","name":"strategies","title":"Strategies","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/third-party-liability","url":"/labs/search#q\u003dthird%20party%20liability","name":"third-party-liability","title":"third party liability","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/third-party-security","url":"/labs/search#q\u003dthird%20party%20security","name":"third-party-security","title":"third party security","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/ciso","url":"/labs/search#q\u003dCISO","name":"ciso","title":"CISO","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/compliance","url":"/labs/search#q\u003dcompliance","name":"compliance","title":"compliance","isTopic":false}],"thumbnailImage":"/content/dam/f5-labs-v2/article-backgrounds/a03/article-thumbnail-image.png","type":"blog","appTierAffected":["Services Tier"]}],"aboutName":"Kip","modalId":"modal782047147","setting":{"authorPath":"/content/f5-labs-v2/en/authors/kip-boyle/jcr:content","modalId":"modal782047147"}},{"name":"Erik Pierson","summary":"\u003cp\u003eErik Pierson is the Director of Information Security at Slalom Consulting, with over 20 years experience in the field.\u003c/p\u003e\r\n","imageReference":"/content/dam/f5-labs-v2/_author-headshots/Erik_Pierson.png","aboutAuthorDisplay":"first","searchLink":"/labs/search.html#q\u003dErik%20Pierson","jobTitle":"Director of Information Security","companyName":"Slalom Consulting","companyPageUrl":"https://www.slalom.com/","articles":[{"topic":"Strategies","topicSearchPath":"/labs/search#q\u003dStrategies","threatCategoriesTitles":[],"date":"01/15/2019","contentDuration":"5 min. read","publishDate":"Jan 15, 2019 3:34:00 PM","title":"If I Had to Do It Over Again","authors":["Raymond Pompon"],"authorPaths":["/content/f5-labs-v2/en/authors/raymond-pompon"],"contributors":["Erik Pierson","Mike Hamilton","Mary Gardner"],"contributorPaths":["/content/f5-labs-v2/en/authors/erik-pierson","/content/f5-labs-v2/en/authors/mike-hamilton","/content/f5-labs-v2/en/authors/mary-gardner"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/if-i-had-it-to-do-over-again","mappedPath":"/labs/articles/cisotociso/if-i-had-it-to-do-over-again","description":"Learn from CISOs who describe how they would “do it over” again in some of their early security program deployments.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/strategies","url":"/labs/search#q\u003dStrategies","name":"strategies","title":"Strategies","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/career-path","url":"/labs/search#q\u003dCareer%20Path","name":"career-path","title":"Career Path","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/governance","url":"/labs/search#q\u003dGovernance","name":"governance","title":"Governance","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/Risk","url":"/labs/search#q\u003dRisk","name":"Risk","title":"Risk","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/ciso","url":"/labs/search#q\u003dCISO","name":"ciso","title":"CISO","isTopic":false}],"thumbnailImage":"/content/dam/f5-labs-v2/article-backgrounds/a11/article-thumbnail-image.png","type":"blog","appTierAffected":[]}],"aboutName":"Erik","modalId":"modal-43669857","setting":{"authorPath":"/content/f5-labs-v2/en/authors/erik-pierson/jcr:content","modalId":"modal-43669857"}},{"name":"Wendy Nather","summary":"\u003cp\u003eWendy Nather is Principal Security Strategist at Duo Security. She was previously the Research Director at the Retail ISAC, as well as Research Director of the Information Security Practice at independent analyst firm 451 Research. Wendy led IT security for the EMEA region of the investment banking division of Swiss Bank Corporation (now UBS), and served as CISO of the Texas Education Agency. She speaks regularly on topics ranging from threat intelligence to identity and access management, risk analysis, incident response, data security, and societal and privacy issues. Wendy is co-author of \u003ci\u003eThe Cloud Security Rules\u003c/i\u003e, and was listed as one of SC Magazine\u0027s Women in IT Security \u0026quot;Power Players\u0026quot; in 2014. \u003c/p\u003e\r\n","imageReference":"/content/dam/f5-labs-v2/_author-headshots/Wendy_Nather.png","aboutAuthorDisplay":"first","searchLink":"/labs/search.html#q\u003dWendy%20Nather","jobTitle":"Principal Security Strategist","companyName":"Duo Security","companyPageUrl":"https://duo.com/blog/post-author/wnather","articles":[{"topic":"Controls","topicSearchPath":"/labs/search#q\u003dControls","threatCategoriesTitles":[],"date":"04/04/2017","contentDuration":"6 min. read","publishDate":"Apr 4, 2017 12:00:00 AM","title":"Wait, Don’t Throw Out Your Firewalls!","authors":["Wendy Nather"],"authorPaths":["/content/f5-labs-v2/en/authors/wendy-nather"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/wait-dont-throw-out-your-firewalls-25982","mappedPath":"/labs/articles/cisotociso/wait-dont-throw-out-your-firewalls-25982","description":"Yes, the perimeter has shifted, but firewalls still have a place in your network. They’re just not alone anymore.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/controls","url":"/labs/search#q\u003dControls","name":"controls","title":"Controls","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/ciso","url":"/labs/search#q\u003dCISO","name":"ciso","title":"CISO","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/security-architecture","url":"/labs/search#q\u003dsecurity%20architecture","name":"security-architecture","title":"security architecture","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:Keywords/MFA","url":"/labs/search#q\u003dMFA","name":"MFA","title":"MFA","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/firewall","url":"/labs/search#q\u003dfirewall","name":"firewall","title":"firewall","isTopic":false}],"thumbnailImage":"/content/dam/f5-labs-v2/article-backgrounds/a14/article-thumbnail-image.png","type":"blog","appTierAffected":["Client"]}],"aboutName":"Wendy","modalId":"modal-1943454051","setting":{"authorPath":"/content/f5-labs-v2/en/authors/wendy-nather/jcr:content","modalId":"modal-1943454051"}},{"name":"Ravila White","summary":"\u003cp\u003eRavila White is currently a Deputy Director of Enterprise Security Architecture at a global healthcare company. She has over 15 years of experience in Information Technology and Information Security with a career spanning non-profit, healthcare, e-commerce and educations sectors. She has experience as a whitehat, strategist, architect, auditor, incident handler and various leadership roles.  She applies reverse engineering and logic-based information modeling to her work. Ravila carries CISSP, CISM, CISA, CIPP, GCIH and ITIL v3 certifications along with a MSc information Security from the University of Royal Holloway. She regularly presents at local and national events on information assurance topics and is published on a national and global level. She is also a member of the PacCISO and Agora.\u003c/p\u003e\r\n","imageReference":"/content/dam/f5-labs-v2/_author-headshots/Ravila_White.png","aboutAuthorDisplay":"first","searchLink":"/labs/search.html#q\u003dRavila%20White","jobTitle":"Deputy Director of Enterprise Security Architecture","articles":[{"topic":"Strategies","topicSearchPath":"/labs/search#q\u003dStrategies","threatCategoriesTitles":[],"date":"12/26/2017","contentDuration":"4 min. read","publishDate":"Dec 26, 2017 12:00:00 AM","title":"Achieving Multi-Dimensional Security Through Information Modeling—Modeling Inversion Part 5","authors":["Ravila White"],"authorPaths":["/content/f5-labs-v2/en/authors/ravila-white"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/achieving-multi-dimensional-security-through-information-modelingmodeling-inversion-part-5","mappedPath":"/labs/articles/cisotociso/achieving-multi-dimensional-security-through-information-modelingmodeling-inversion-part-5","description":"In Part 5 of this blog series, we use inversion modeling techniques to develop a high-level protection strategy.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/strategies","url":"/labs/search#q\u003dStrategies","name":"strategies","title":"Strategies","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/ciso","url":"/labs/search#q\u003dCISO","name":"ciso","title":"CISO","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/compliance","url":"/labs/search#q\u003dcompliance","name":"compliance","title":"compliance","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/security-architecture","url":"/labs/search#q\u003dsecurity%20architecture","name":"security-architecture","title":"security architecture","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/information-modeling","url":"/labs/search#q\u003dinformation%20modeling","name":"information-modeling","title":"information modeling","isTopic":false}],"thumbnailImage":"/content/dam/f5-labs-v2/article-backgrounds/a04/article-thumbnail-image.png","type":"blog","appTierAffected":["Client"]},{"topic":"Strategies","topicSearchPath":"/labs/search#q\u003dStrategies","threatCategoriesTitles":[],"date":"11/28/2017","contentDuration":"5 min. read","publishDate":"Nov 28, 2017 12:00:00 AM","title":"Achieving Multi-Dimensional Security Through Information Modeling—Unwrapping Controls Part 4","authors":["Ravila White"],"authorPaths":["/content/f5-labs-v2/en/authors/ravila-white"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/achieving-multi-dimensional-security-through-information-modelingunwrapping-controls-part-4","mappedPath":"/labs/articles/cisotociso/achieving-multi-dimensional-security-through-information-modelingunwrapping-controls-part-4","description":"In Part 3 of this blog series, we demonstrated modeling the threat landscape along with executive threat-modeling. In this blog, we discuss the importance of defining controls.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/strategies","url":"/labs/search#q\u003dStrategies","name":"strategies","title":"Strategies","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/ciso","url":"/labs/search#q\u003dCISO","name":"ciso","title":"CISO","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/compliance","url":"/labs/search#q\u003dcompliance","name":"compliance","title":"compliance","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/security-architecture","url":"/labs/search#q\u003dsecurity%20architecture","name":"security-architecture","title":"security architecture","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/information-modeling","url":"/labs/search#q\u003dinformation%20modeling","name":"information-modeling","title":"information modeling","isTopic":false}],"thumbnailImage":"/content/dam/f5-labs-v2/article-backgrounds/a15/article-thumbnail-image.png","type":"blog","appTierAffected":["Client"]},{"topic":"Strategies","topicSearchPath":"/labs/search#q\u003dStrategies","threatCategoriesTitles":[],"date":"08/23/2017","contentDuration":"5 min. read","publishDate":"Aug 23, 2017 12:00:00 AM","title":"Achieving Multi-Dimensional Security Through Information Modeling—Executive Threat Modeling Part 3","authors":["Ravila White"],"authorPaths":["/content/f5-labs-v2/en/authors/ravila-white"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/achieving-multi-dimensional-security-through-information-modelingexecutive-threat-modeling-part-3","mappedPath":"/labs/articles/cisotociso/achieving-multi-dimensional-security-through-information-modelingexecutive-threat-modeling-part-3","description":"How InfoSec leaders can build successful threat models by defining the threat landscape and its component resources, then asking simple, situational questions.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/strategies","url":"/labs/search#q\u003dStrategies","name":"strategies","title":"Strategies","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/ciso","url":"/labs/search#q\u003dCISO","name":"ciso","title":"CISO","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/compliance","url":"/labs/search#q\u003dcompliance","name":"compliance","title":"compliance","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/security-architecture","url":"/labs/search#q\u003dsecurity%20architecture","name":"security-architecture","title":"security architecture","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/information-modeling","url":"/labs/search#q\u003dinformation%20modeling","name":"information-modeling","title":"information modeling","isTopic":false}],"thumbnailImage":"/content/dam/f5-labs-v2/article-backgrounds/a01/article-thumbnail-image.png","type":"blog","appTierAffected":["Client"]},{"topic":"Strategies","topicSearchPath":"/labs/search#q\u003dStrategies","threatCategoriesTitles":[],"date":"06/22/2017","contentDuration":"7 min. read","publishDate":"Jun 22, 2017 12:00:00 AM","title":"Achieving Multi-Dimensional Security Through Information Modeling—The Master Model Part 2","authors":["Ravila White"],"authorPaths":["/content/f5-labs-v2/en/authors/ravila-white"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/achieving-multi-dimensional-security-through-information-modelingthe-master-model-part-2","mappedPath":"/labs/articles/cisotociso/achieving-multi-dimensional-security-through-information-modelingthe-master-model-part-2","description":"Understanding the customer segment of your organization is critical to developing a strategy that ensures regulatory compliance.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/strategies","url":"/labs/search#q\u003dStrategies","name":"strategies","title":"Strategies","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/ciso","url":"/labs/search#q\u003dCISO","name":"ciso","title":"CISO","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/compliance","url":"/labs/search#q\u003dcompliance","name":"compliance","title":"compliance","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/security-architecture","url":"/labs/search#q\u003dsecurity%20architecture","name":"security-architecture","title":"security architecture","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/information-modeling","url":"/labs/search#q\u003dinformation%20modeling","name":"information-modeling","title":"information modeling","isTopic":false}],"thumbnailImage":"/content/dam/f5-labs-v2/article-backgrounds/a04/article-thumbnail-image.png","type":"blog","appTierAffected":["Client"]}],"aboutName":"Ravila","modalId":"modal-640364060","setting":{"authorPath":"/content/f5-labs-v2/en/authors/ravila-white/jcr:content","modalId":"modal-640364060"}},{"name":"Masako Long","summary":"\u003cp\u003eMasako Long is a Senior Sales Executive at DefenseStorm, where she empowers financial institutions to take control of their cybersafety and soundness through understanding and appropriate action. She is passionate about making security an everyday conversation and enjoys bridging the technical gap.\u003c/p\u003e\r\n\u003cp\u003eThroughout her technology sales career, Masako has supported a wide range of industries from seafood, aerospace, healthcare, high tech, finance, critical infrastructure, with some of the biggest companies to small local companies. She attributes her knowledge primary to listening (A LOT!), taking good notes (although often illegible), and participating in a few security organizations.\u003c/p\u003e\r\n\u003cp\u003eTo contact Masako, email at \u003ca href\u003d\"mailto:masako.long@defensestorm.com\" target\u003d\"_blank\"\u003emasako.long@defensestorm.com\u003c/a\u003e or find her on LinkedIn: \u003ca href\u003d\"https://www.linkedin.com/in/masako/\" target\u003d\"_blank\"\u003ehttps://www.linkedin.com/in/masako/\u003c/a\u003e\u003c/p\u003e\r\n","imageReference":"/content/dam/f5-labs-v2/_author-headshots/Masako_Long.png","aboutAuthorDisplay":"first","searchLink":"/labs/search.html#q\u003dMasako%20Long","jobTitle":"Senior Sales Executive","companyName":"DefenseStorm","companyPageUrl":"https://www.defensestorm.com/","articles":[{"topic":"Strategies","topicSearchPath":"/labs/search#q\u003dStrategies","threatCategoriesTitles":[],"date":"10/25/2018","contentDuration":"7 min. read","publishDate":"Oct 25, 2018 10:15:00 AM","title":"“Fire the CISO!”","authors":["Masako Long"],"authorPaths":["/content/f5-labs-v2/en/authors/masako-long"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/--fire-the-ciso--","mappedPath":"/labs/articles/cisotociso/--fire-the-ciso--","description":"Managing cybersecurity and protecting the business should be a team effort, so don’t let your CISO become the easy scapegoat when things go wrong.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/strategies","url":"/labs/search#q\u003dStrategies","name":"strategies","title":"Strategies","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/ciso","url":"/labs/search#q\u003dCISO","name":"ciso","title":"CISO","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/risk-communication","url":"/labs/search#q\u003drisk%20communication","name":"risk-communication","title":"risk communication","isTopic":false}],"thumbnailImage":"/content/dam/f5-labs-v2/article-backgrounds/a15/article-thumbnail-image.png","type":"blog","appTierAffected":[]}],"aboutName":"Masako","modalId":"modal-322724156","setting":{"authorPath":"/content/f5-labs-v2/en/authors/masako-long/jcr:content","modalId":"modal-322724156"}},{"name":"Paul Farrall","summary":"\u003cp\u003ePaul Farrall currently holds the position of Vice President \u0026amp; Chief Information Security Officer at Skytap, a Cloud Infrastructure provider headquartered in Seattle, WA. For the past 15 years, Paul has been focused on Information Security and IT Operations at a variety of organizations ranging from Fortune 500 companies to small technology startups. Prior to Skytap, he was VP of Operations and Information Security for Big Fish Games, where he had overall responsibility for Information Security and IT Operations. Paul’s current interests include the emerging intersection of privacy and cybersecurity; integrating agile security into Devops; and developing cybersecurity best practices for cloud services providers.\u003c/p\u003e\r\n","imageReference":"/content/dam/f5-labs-v2/_author-headshots/Paul_Farrall.png","aboutAuthorDisplay":"first","searchLink":"/labs/search.html#q\u003dPaul%20Farrall","jobTitle":"Vice President and CISO","companyName":"Skytap","articles":[{"topic":"Strategies","topicSearchPath":"/labs/search#q\u003dStrategies","threatCategoriesTitles":[],"date":"04/18/2019","contentDuration":"6 min. read","publishDate":"Apr 18, 2019 7:51:00 AM","title":"If I Had To Do It Over Again, Part 3","authors":["Raymond Pompon"],"authorPaths":["/content/f5-labs-v2/en/authors/raymond-pompon"],"contributors":["Paul Farrall","Preston Hogue","Taeil Goh"],"contributorPaths":["/content/f5-labs-v2/en/authors/paul-farrall","/content/f5-labs-v2/en/authors/preston-hogue","/content/f5-labs-v2/en/authors/taeil-goh"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/if-i-had-to-do-it-over-again--part-3","mappedPath":"/labs/articles/cisotociso/if-i-had-to-do-it-over-again--part-3","description":"More stories from CISOs who describe how they would “do it over” again in some of their early security program deployments.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/strategies","url":"/labs/search#q\u003dStrategies","name":"strategies","title":"Strategies","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/career-path","url":"/labs/search#q\u003dCareer%20Path","name":"career-path","title":"Career Path","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/governance","url":"/labs/search#q\u003dGovernance","name":"governance","title":"Governance","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/Risk","url":"/labs/search#q\u003dRisk","name":"Risk","title":"Risk","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/ciso","url":"/labs/search#q\u003dCISO","name":"ciso","title":"CISO","isTopic":false}],"thumbnailImage":"/content/dam/f5-labs-v2/article-backgrounds/a12/article-thumbnail-image.png","type":"blog","appTierAffected":[]}],"aboutName":"Paul","modalId":"modal1449513714","setting":{"authorPath":"/content/f5-labs-v2/en/authors/paul-farrall/jcr:content","modalId":"modal1449513714"}},{"name":"Todd Plesco","summary":"\u003cp\u003eTodd Plesco is the Chief Information Security Officer of PrescribeWellness.  PrescribeWellness\u0027s cloud-based platform is used by pharmacies and other healthcare professionals to provide more effective, preventive healthcare services, which improve medication adherence, chronic disease management, transitions in care, and population health.\u003cbr /\u003e\r\n\u003cbr /\u003e\r\nMr. Plesco is responsible for developing and executing cyber security strategy and leading teams focused on risk management, security engineering, application security, cyber security operations and policy, and company-wide cyber security resiliency. His mission promotes a vigilant culture which places a high value on the protection of privacy and security for information resources and protection of personal health information entrusted to PrescribeWellness.\u003c/p\u003e\r\n\u003cp\u003e\u003ca href\u003d\"http://www.infosecurity.pro/\"\u003ehttp://www.infosecurity.pro/\u003c/a\u003e\u003c/p\u003e\r\n","imageReference":"/content/dam/f5-labs-v2/_author-headshots/Todd_Plesco.png","aboutAuthorDisplay":"first","searchLink":"/labs/search.html#q\u003dTodd%20Plesco","jobTitle":"CISO","companyName":"PrescribeWellness","articles":[{"topic":"Strategies","topicSearchPath":"/labs/search#q\u003dStrategies","threatCategoriesTitles":[],"date":"02/06/2019","contentDuration":"4 min. read","publishDate":"Feb 6, 2019 8:28:00 AM","title":"If I Had to Do It Over Again, Part 2","authors":["Raymond Pompon"],"authorPaths":["/content/f5-labs-v2/en/authors/raymond-pompon"],"contributors":["Sara Boddy","Mike Simon","Todd Plesco","Kate Wakefield"],"contributorPaths":["/content/f5-labs-v2/en/authors/sara-boddy","/content/f5-labs-v2/en/authors/mike-simon","/content/f5-labs-v2/en/authors/todd-plesco","/content/f5-labs-v2/en/authors/kate-wakefield"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/if-i-had-it-to-do-over-again-part-2","mappedPath":"/labs/articles/cisotociso/if-i-had-it-to-do-over-again-part-2","description":"More lessons learned from CISOs about “fire and forget,” physical security, the human factor, and audit logging.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/strategies","url":"/labs/search#q\u003dStrategies","name":"strategies","title":"Strategies","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/career-path","url":"/labs/search#q\u003dCareer%20Path","name":"career-path","title":"Career Path","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/governance","url":"/labs/search#q\u003dGovernance","name":"governance","title":"Governance","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/Risk","url":"/labs/search#q\u003dRisk","name":"Risk","title":"Risk","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/ciso","url":"/labs/search#q\u003dCISO","name":"ciso","title":"CISO","isTopic":false}],"thumbnailImage":"/content/dam/f5-labs-v2/article-backgrounds/a11/article-thumbnail-image.png","type":"blog","appTierAffected":[]},{"topic":"Strategies","topicSearchPath":"/labs/search#q\u003dStrategies","threatCategoriesTitles":[],"date":"05/25/2017","contentDuration":"4 min. read","publishDate":"May 25, 2017 12:00:00 AM","title":"How I Learned to Love Cyber Security","authors":["Todd Plesco"],"authorPaths":["/content/f5-labs-v2/en/authors/todd-plesco"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/how-i-learned-to-love-cyber-security-26951","mappedPath":"/labs/articles/cisotociso/how-i-learned-to-love-cyber-security-26951","description":"Cyber security can be a difficult and thankless job, but you can learn to love it when you know how to go about it.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/strategies","url":"/labs/search#q\u003dStrategies","name":"strategies","title":"Strategies","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/ciso","url":"/labs/search#q\u003dCISO","name":"ciso","title":"CISO","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/leadership","url":"/labs/search#q\u003dleadership","name":"leadership","title":"leadership","isTopic":false}],"thumbnailImage":"/content/dam/f5-labs-v2/article-backgrounds/a08/article-thumbnail-image.png","type":"blog","appTierAffected":["Client"]}],"aboutName":"Todd","modalId":"modal343613065","setting":{"authorPath":"/content/f5-labs-v2/en/authors/todd-plesco/jcr:content","modalId":"modal343613065"}},{"name":"Preston Hogue","summary":"\u003cp\u003ePreston Hogue was RVP of Security Marketing at F5 and served as a worldwide security evangelist for the company. Previously, he was a Security Product Manager at F5, specializing in network security Governance, Risk, and Compliance (GRC). He joined F5 in 2010 as a Security Architect and was responsible for designing F5’s current Information Security Management System. Preston has a proven track record building out Information Security Management Systems with Security Service Oriented Architectures (SSOA), enabling enhanced integration, automation, and simplified management. Before joining F5, he was Director of information Security at social media provider Demand Media where he built out the information security team. Preston’s career began 18 years ago when he served as a security analyst performing operational security (OPSEC) audits for the U.S. Air Force. He currently holds CISSP, CISA, CISM, and CRISC security and professional certifications.\u003c/p\u003e\r\n","imageReference":"/content/dam/f5-labs-v2/_author-headshots/Preston_Hogue_2.png","aboutAuthorDisplay":"first","searchLink":"/labs/search.html#q\u003dPreston%20Hogue","dateLastUpdated":"Oct 26, 2022 3:00:00 AM","articles":[{"topic":"Strategies","topicSearchPath":"/labs/search#q\u003dStrategies","threatCategoriesTitles":[],"date":"10/08/2020","contentDuration":"1 min. read","publishDate":"Oct 8, 2020 9:33:00 AM","title":"Education\u0027s Digital Future and the End of Snow Days","authors":["Preston Hogue"],"authorPaths":["/content/f5-labs-v2/en/authors/preston-hogue"],"path":"/content/f5-labs-v2/en/labs/articles/bylines/education-s-digital-future-and-the-end-of-snow-days","mappedPath":"/labs/articles/bylines/education-s-digital-future-and-the-end-of-snow-days","description":"Healthcare dramatically adjusted due to the COVID-19 pandemic. But parents around the world are much more concerned with education. F5 Labs\u0027 Preston Hogue writes for SecurityWeek, describing how the traditional classroom was turned on its head in a matter of weeks, and which of those changes will be...","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/strategies","url":"/labs/search#q\u003dStrategies","name":"strategies","title":"Strategies","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:Keywords/BYOD","url":"/labs/search#q\u003dBYOD","name":"BYOD","title":"BYOD","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/ciso","url":"/labs/search#q\u003dCISO","name":"ciso","title":"CISO","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:Keywords/online-education","url":"/labs/search#q\u003dOnline%20Education","name":"online-education","title":"Online Education","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/asset-management","url":"/labs/search#q\u003dAsset%20management","name":"asset-management","title":"Asset management","isTopic":false}],"thumbnailImage":"/content/dam/f5-labs-v2/article/3rd-party/SecurityWeek_16x9.png","type":"byline","appTierAffected":[]},{"topic":"Education","topicSearchPath":"/labs/search#q\u003dEducation","threatCategoriesTitles":[],"date":"06/23/2020","contentDuration":"7 min. read","publishDate":"Jun 23, 2020 3:00:00 PM","title":"How to Guard Against Identity Theft in Times of Increasing Online Fraud","authors":["Debbie Walkowski"],"authorPaths":["/content/f5-labs-v2/en/authors/debbie-walkowski"],"contributors":["Preston Hogue","Raymond Pompon"],"contributorPaths":["/content/f5-labs-v2/en/authors/preston-hogue","/content/f5-labs-v2/en/authors/raymond-pompon"],"path":"/content/f5-labs-v2/en/labs/learning-center/how-to-guard-against-identity-theft-in-times-of-increasing-online-fraud","mappedPath":"/labs/learning-center/how-to-guard-against-identity-theft-in-times-of-increasing-online-fraud","description":"In a climate of rampant online fraud, protecting yourself from identity theft requires taking some simple, proactive steps and remaining constantly vigilant.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:category/education","url":"/labs/search#q\u003dEducation","name":"education","title":"Education","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:Motive/cybercrime","url":"/labs/search#q\u003dCybercrime","name":"cybercrime","title":"Cybercrime","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:Keywords/password-management","url":"/labs/search#q\u003dpassword%20management","name":"password-management","title":"password management","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:coveo-facets/fraud/identity-theft","url":"/labs/search#q\u003dIdentity%20Theft","name":"identity-theft","title":"Identity Theft","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:article-topics/Fraud","url":"/labs/search#q\u003dFraud","name":"Fraud","title":"Fraud","isTopic":false}],"thumbnailImage":"/content/dam/f5-labs-v2/article-backgrounds/a14/article-thumbnail-image.png","type":"article","appTierAffected":[]},{"topic":"Strategies","topicSearchPath":"/labs/search#q\u003dStrategies","threatCategoriesTitles":[],"date":"05/27/2020","contentDuration":"1 min. read","publishDate":"May 27, 2020 9:08:00 AM","title":"As Healthcare Industry Transforms Overnight, Tech Community Must Act","authors":["Preston Hogue"],"authorPaths":["/content/f5-labs-v2/en/authors/preston-hogue"],"path":"/content/f5-labs-v2/en/labs/articles/bylines/as-healthcare-industry-transforms-overnight--tech-community-must","mappedPath":"/labs/articles/bylines/as-healthcare-industry-transforms-overnight--tech-community-must","description":"The healthcare industry is adopting a decade of digital transformation in a matter of months, with the risk exposure to match. F5 Labs\u0027 Preston Hogue writes for SecurityWeek, discussing the vital need for security expertise to lend a hand.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/strategies","url":"/labs/search#q\u003dStrategies","name":"strategies","title":"Strategies","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"industry:healthcare","url":"/labs/search#q\u003dHealthcare","name":"healthcare","title":"Healthcare","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/risk-management","url":"/labs/search#q\u003drisk%20management","name":"risk-management","title":"risk management","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/Risk","url":"/labs/search#q\u003dRisk","name":"Risk","title":"Risk","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/ciso","url":"/labs/search#q\u003dCISO","name":"ciso","title":"CISO","isTopic":false}],"thumbnailImage":"/content/dam/f5-labs-v2/article/3rd-party/SecurityWeek_16x9.png","type":"byline","appTierAffected":[]},{"topic":"Strategies","topicSearchPath":"/labs/search#q\u003dStrategies","threatCategoriesTitles":[],"date":"05/22/2020","contentDuration":"1 min. read","publishDate":"May 22, 2020 9:57:00 AM","title":"Attacking the Organism: Telecom Service Providers","authors":["Preston Hogue"],"authorPaths":["/content/f5-labs-v2/en/authors/preston-hogue"],"path":"/content/f5-labs-v2/en/labs/articles/bylines/attacking-the-organism--telecom-service-providers","mappedPath":"/labs/articles/bylines/attacking-the-organism--telecom-service-providers","description":"Telecom touches everything that everyone does, and the insertion points are nearly limitless. F5 Labs\u0027 Preston Hogue writes for SecurityWeek, discussing the specific prevention measures telecom providers can take to protect themselves and their customers.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/strategies","url":"/labs/search#q\u003dStrategies","name":"strategies","title":"Strategies","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/ciso","url":"/labs/search#q\u003dCISO","name":"ciso","title":"CISO","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"industry:Communications/Telecommunications","url":"/labs/search#q\u003dTelecommunications","name":"Telecommunications","title":"Telecommunications","isTopic":false}],"thumbnailImage":"/content/dam/f5-labs-v2/article/3rd-party/SecurityWeek_16x9.png","type":"byline","appTierAffected":[]}],"aboutName":"Preston","modalId":"modal1400077767","setting":{"authorPath":"/content/f5-labs-v2/en/authors/preston-hogue/jcr:content","modalId":"modal1400077767"}},{"name":"Shuman Ghosemajumder","summary":"\u003cp\u003eShuman Ghosemajumder is global head of artificial intelligence at F5. Shuman was previously chief technology officer of Shape Security, which was acquired by F5 in 2020. Shape\u0027s technology platform is the primary application defense for the world\u0027s largest banks, airlines, retailers, and government agencies.\u003c/p\u003e\r\n","imageReference":"/content/dam/f5-labs-v2/_author-headshots/Shuman_Ghosemajumder.png","aboutAuthorDisplay":"first","searchLink":"/labs/search.html#q\u003dShuman%20Ghosemajumder","jobTitle":"Global Head, Artificial Intelligence","companyName":"F5","articles":[{"topic":"Top Risks","topicSearchPath":"/labs/search#q\u003dTop%20Risks","threatCategoriesPath":["f5-labs-v2:category/threats/web-application-attacks/remote-code-execution"],"threatCategoriesTitles":["Remote Code Execution"],"date":"12/12/2021","contentDuration":"2 min. read","publishDate":"Dec 12, 2021 10:49:00 AM","title":"Explaining the Widespread log4j Vulnerability","authors":["Shuman Ghosemajumder"],"authorPaths":["/content/f5-labs-v2/en/authors/shuman-ghosemajumder"],"path":"/content/f5-labs-v2/en/labs/articles/threat-intelligence/explaining-the-widespread-log4j-vulnerability","mappedPath":"/labs/articles/threat-intelligence/explaining-the-widespread-log4j-vulnerability","description":"The log4j security vulnerability is one of the most widespread cybersecurity vulnerabilities in recent years. Here\u0027s a non-technical explanation of it.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:article-topics/top-risks","url":"/labs/search#q\u003dTop%20Risks","name":"top-risks","title":"Top Risks","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:Keywords/0-day","url":"/labs/search#q\u003d0-day","name":"0-day","title":"0-day","isTopic":false,"relatedKeywordTerms":"Zero-day"},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/threats","url":"/labs/search#q\u003dThreats","name":"threats","title":"Threats","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/threats/web-application-attacks/remote-code-execution","url":"/labs/search#q\u003dRemote%20Code%20Execution","name":"remote-code-execution","title":"Remote Code Execution","isTopic":false,"relatedKeywordTerms":"RCE"}],"thumbnailImage":"/content/dam/f5-labs-v2/article-backgrounds/a13/article-thumbnail-image.png","type":"article","appTierAffected":[]},{"topic":"Strategies","topicSearchPath":"/labs/search#q\u003dStrategies","threatCategoriesTitles":[],"date":"03/18/2021","contentDuration":"5 min. read","publishDate":"Mar 18, 2021 12:41:00 PM","title":"When Will We Get Rid Of Passwords?","authors":["Shuman Ghosemajumder","Taggart Bonham"],"authorPaths":["/content/f5-labs-v2/en/authors/shuman-ghosemajumder","/content/f5-labs-v2/en/authors/taggart-bonham"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/when-will-we-get-rid-of-passwords-","mappedPath":"/labs/articles/cisotociso/when-will-we-get-rid-of-passwords-","description":"Passwords are inherently flawed, and not just because of credential stuffing. The future of authentication looks very different, but there are steps you can take now to control risk.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/strategies","url":"/labs/search#q\u003dStrategies","name":"strategies","title":"Strategies","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/ciso","url":"/labs/search#q\u003dCISO","name":"ciso","title":"CISO","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/threats/web-application-attacks/credential-stuffing","url":"/labs/search#q\u003dCredential%20stuffing","name":"credential-stuffing","title":"Credential stuffing","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:Keywords/multifactor-authentication","url":"/labs/search#q\u003dMultifactor%20authentication","name":"multifactor-authentication","title":"Multifactor authentication","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:Keywords/MFA","url":"/labs/search#q\u003dMFA","name":"MFA","title":"MFA","isTopic":false}],"thumbnailImage":"/content/dam/f5-labs-v2/article-backgrounds/a14/article-thumbnail-image.png","type":"article","appTierAffected":[]},{"topic":"Top Risks","topicSearchPath":"/labs/search#q\u003dTop%20Risks","threatCategoriesPath":["f5-labs-v2:category/threats/web-application-attacks/credential-theft","f5-labs-v2:category/threats/web-application-attacks/credential-stuffing","f5-labs-v2:category/threats/web-application-attacks/brute-force","f5-labs-v2:category/threats/client-side-attacks/credential-theft"],"threatCategoriesTitles":["Credential theft","Credential stuffing","Brute force attack","Credential Theft"],"date":"02/09/2021","contentDuration":"45 min. read","publishDate":"Feb 9, 2021 1:00:00 PM","title":"2021 Credential Stuffing Report","authors":["Sander Vinberg","Jarrod Overson"],"authorPaths":["/content/f5-labs-v2/en/authors/sander-vinberg","/content/f5-labs-v2/en/authors/jarrod-overson"],"contributors":["Dan Woods","Shuman Ghosemajumder","Sara Boddy","Raymond Pompon","Alexander Koritz"],"contributorPaths":["/content/f5-labs-v2/en/authors/dan-woods","/content/f5-labs-v2/en/authors/shuman-ghosemajumder","/content/f5-labs-v2/en/authors/sara-boddy","/content/f5-labs-v2/en/authors/raymond-pompon","/content/f5-labs-v2/en/authors/alexander_koritz"],"path":"/content/f5-labs-v2/en/labs/articles/threat-intelligence/2021-credential-stuffing-report","mappedPath":"/labs/articles/threat-intelligence/2021-credential-stuffing-report","description":"Credential stuffing is a multifaceted and enduring risk to organizations of all types and sizes. This report is a comprehensive examination of the entire life cycle of stolen credentials—from their theft, to their resale, and their repeated use in credential stuffing attacks.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:article-topics/top-risks","url":"/labs/search#q\u003dTop%20Risks","name":"top-risks","title":"Top Risks","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/threats/client-side-attacks","url":"/labs/search#q\u003dClient-side%20Attacks","name":"client-side-attacks","title":"Client-side Attacks","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/threats/web-application-attacks/brute-force","url":"/labs/search#q\u003dBrute%20force%20attack","name":"brute-force","title":"Brute force attack","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/threats","url":"/labs/search#q\u003dThreats","name":"threats","title":"Threats","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/threats/web-application-attacks/credential-stuffing","url":"/labs/search#q\u003dCredential%20stuffing","name":"credential-stuffing","title":"Credential stuffing","isTopic":false}],"thumbnailImage":"/content/dam/f5-labs-v2/article/articles/threats/23--2021-jan-mar/20210209_2021_cred_stuffing_report/ATLD_Thumbnail.jpg","type":"report","appTierAffected":["Access Tier"]},{"topic":"Controls","topicSearchPath":"/labs/search#q\u003dControls","threatCategoriesTitles":[],"date":"11/05/2020","contentDuration":"1 min. read","publishDate":"Nov 5, 2020 8:42:00 AM","title":"How AI Will Automate Cybersecurity in the Post-COVID World","authors":["Shuman Ghosemajumder"],"authorPaths":["/content/f5-labs-v2/en/authors/shuman-ghosemajumder"],"path":"/content/f5-labs-v2/en/labs/articles/bylines/how-ai-will-automate-cybersecurity-in-the-post-covid-world","mappedPath":"/labs/articles/bylines/how-ai-will-automate-cybersecurity-in-the-post-covid-world","description":"The sheer scale of cybercrime attacks makes automated defenses a necessity. Shape\u0027s Shuman Ghosemajumder writes for VentureBeat, describing how the bad guys are also embracing automation, and what we can do about it.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/controls","url":"/labs/search#q\u003dControls","name":"controls","title":"Controls","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:Keywords/covid-19","url":"/labs/search#q\u003dCOVID-19","name":"covid-19","title":"COVID-19","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:Motive/cybercrime","url":"/labs/search#q\u003dCybercrime","name":"cybercrime","title":"Cybercrime","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:Keywords/AI","url":"/labs/search#q\u003dAI","name":"AI","title":"AI","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/automation","url":"/labs/search#q\u003dautomation","name":"automation","title":"automation","isTopic":false}],"thumbnailImage":"/content/dam/f5-labs-v2/article/3rd-party/VentureBeat_16x9.png","type":"byline","appTierAffected":[]}],"aboutName":"Shuman","modalId":"modal1164283617","setting":{"authorPath":"/content/f5-labs-v2/en/authors/shuman-ghosemajumder/jcr:content","modalId":"modal1164283617"}}]