CISO-to-CISO

Content for CISOs, by CISOs

Caging the Malicious Insider Application

[{"name":"Kathie Miley","summary":"\u003cp\u003eKathie Miley is a recognized name in cyber security and is currently an EVP at AffirmLogic. She has 30 years of IT and security experience and leadership, including as chief experience officer at the Cybersecurity Collaborative, chief operating officer at Cybrary, and EVP at Invincea, Inc. Miley also served on the Board of Directors for the national chapter of Information Systems Security Association and earned certifications for HIPAA Security Expert, HIPAA Privacy Expert, CSX, and Lean Six Sigma. She is currently on the advisory board of George Washington University\u0027s Customer Experience Certificate program.\u0026nbsp;Miley holds CHSE, CHPE, CSX, and LSS certifications.\u003c/p\u003e\r\n","imageReference":"/content/dam/f5-labs-v2/_author-headshots/Kathie_Miley.png","searchLink":"/content/f5-labs-v2/en/labs/search.author_Kathie+Miley.html","jobTitle":"EVP","companyName":"AffirmLogic","articles":[{"topic":"Strategies","topicPath":"/content/cq:tags/f5-labs-v2/ciso/strategies","topicSearchPath":"/labs/search?q\u003dStrategies","date":"December 30, 2020","contentDuration":"5 min. read","publishDate":"Dec 30, 2020 8:59:00 AM","title":"AI-powered Cyber Attacks","authors":["Kathie Miley"],"authorPaths":["/content/f5-labs-v2/en/authors/kathie-miley"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/ai-powered-cyber-attacks","mappedPath":"/labs/articles/cisotociso/ai-powered-cyber-attacks","description":"AI and Machine Learning can find the optimal cyberattack strategy by analyzing all possible vectors of attack.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/strategies","url":"/labs/search?q\u003dStrategies","name":"strategies","title":"Strategies","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:Keywords/machine-learning","url":"/labs/search?q\u003d%22machine+learning%22","name":"machine-learning","title":"machine learning","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/ciso","url":"/labs/search?q\u003dCISO","name":"ciso","title":"CISO","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:Keywords/AI","url":"/labs/search?q\u003dAI","name":"AI","title":"AI","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/automation","url":"/labs/search?q\u003dautomation","name":"automation","title":"automation","isTopic":false}],"backgroundImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a10/article-background-hero-image.png","thumbnailImage":"/content/dam/f5-labs-v2/article/backgrounds/a10/article-thumbnail-image.png","backgroundTileImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a10/optimize/article-tile-image.jpg","type":"blog","appTierAffected":[]},{"topic":"Strategies","topicPath":"/content/cq:tags/f5-labs-v2/ciso/strategies","topicSearchPath":"/labs/search?q\u003dStrategies","date":"November 03, 2020","contentDuration":"5 min. read","publishDate":"Nov 3, 2020 11:29:00 AM","title":"OCC and HIPAA Cybersecurity Regulator Fines Now in Hundreds of Millions","authors":["Kathie Miley"],"authorPaths":["/content/f5-labs-v2/en/authors/kathie-miley"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/occ-and-hipaa-cybersecurity-regulator-fines-now-in-hundreds-of-m","mappedPath":"/labs/articles/cisotociso/occ-and-hipaa-cybersecurity-regulator-fines-now-in-hundreds-of-m","description":"Cybersecurity regulators have recently levied huge fines against financial institutions and healthcare organizations. Is this the new normal?","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/strategies","url":"/labs/search?q\u003dStrategies","name":"strategies","title":"Strategies","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:Keywords/hipaa","url":"/labs/search?q\u003dHIPAA","name":"hipaa","title":"HIPAA","isTopic":false,"relatedKeywordTerms":""},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"industry:healthcare","url":"/labs/search?q\u003dHealthcare","name":"healthcare","title":"Healthcare","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/ciso","url":"/labs/search?q\u003dCISO","name":"ciso","title":"CISO","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/compliance-\u0026-legal","url":"/labs/search?q\u003d%22Compliance+%26+Legal%22","name":"compliance-\u0026-legal","title":"Compliance \u0026 Legal","isTopic":false}],"backgroundImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a10/article-background-hero-image.png","thumbnailImage":"/content/dam/f5-labs-v2/article/backgrounds/a10/article-thumbnail-image.png","backgroundTileImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a10/optimize/article-tile-image.jpg","type":"blog","appTierAffected":[]},{"topic":"Strategies","topicPath":"/content/cq:tags/f5-labs-v2/ciso/strategies","topicSearchPath":"/labs/search?q\u003dStrategies","date":"September 10, 2020","contentDuration":"5 min. read","publishDate":"Sep 10, 2020 9:10:00 AM","title":"The Disappearing IT Security Budget: A 2020 Cybersecurity Crisis","authors":["Kathie Miley"],"authorPaths":["/content/f5-labs-v2/en/authors/kathie-miley"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/the-disappearing-it-security-budget--a-2020-cybersecurity-crisis","mappedPath":"/labs/articles/cisotociso/the-disappearing-it-security-budget--a-2020-cybersecurity-crisis","description":"As COVID-19 shrinks IT security budgets, security teams must shift their spending and update operations plans to support this new normal.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/strategies","url":"/labs/search?q\u003dStrategies","name":"strategies","title":"Strategies","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/governance","url":"/labs/search?q\u003dGovernance","name":"governance","title":"Governance","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/ciso","url":"/labs/search?q\u003dCISO","name":"ciso","title":"CISO","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:Keywords/covid-19","url":"/labs/search?q\u003dCOVID-19","name":"covid-19","title":"COVID-19","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:Keywords/coronavirus","url":"/labs/search?q\u003dCoronavirus","name":"coronavirus","title":"Coronavirus","isTopic":false}],"backgroundImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a10/article-background-hero-image.png","thumbnailImage":"/content/dam/f5-labs-v2/article/backgrounds/a10/article-thumbnail-image.png","backgroundTileImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a10/optimize/article-tile-image.jpg","type":"blog","appTierAffected":[]}],"firstName":"Kathie","id":-1968659122},{"name":"Shahnawaz Backer","summary":"\u003cp\u003eShahnawaz Backer is a Principal Security Advisor with F5 Labs. With keen interest in modern application development, digital identity and fraud vectors, he focuses on building security intelligence into solutions and firmly believes in automated proactive defence.\u003c/p\u003e\r\n","imageReference":"/content/dam/f5-labs-v2/_author-headshots/Shahnawaz_Backer.png","searchLink":"/content/f5-labs-v2/en/labs/search.author_Shahnawaz+Backer.html","jobTitle":"Principal Security Advisor","companyName":"F5","articles":[{"topic":"Controls","topicPath":"/content/cq:tags/f5-labs-v2/ciso/controls","topicSearchPath":"/labs/search?q\u003dControls","date":"August 05, 2021","contentDuration":"4 min. read","publishDate":"Aug 5, 2021 10:00:00 AM","title":"Fraud Scenarios in the Buy Now, Pay Later Ecosystem","authors":["Atishay Kumar","Shahnawaz Backer"],"authorPaths":["/content/f5-labs-v2/en/authors/atishay-kumar","/content/f5-labs-v2/en/authors/shahnawaz-backer"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/fraud-scenarios-in-the-buy-now-pay-later-ecosystem","mappedPath":"/labs/articles/cisotociso/fraud-scenarios-in-the-buy-now-pay-later-ecosystem","description":"Existing fraud tricks are finding new use in buy now, pay later payment systems.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/controls","url":"/labs/search?q\u003dControls","name":"controls","title":"Controls","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/governance","url":"/labs/search?q\u003dGovernance","name":"governance","title":"Governance","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/Risk","url":"/labs/search?q\u003dRisk","name":"Risk","title":"Risk","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/ciso","url":"/labs/search?q\u003dCISO","name":"ciso","title":"CISO","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:Keywords/bnpl","url":"/labs/search?q\u003dBNPL","name":"bnpl","title":"BNPL","isTopic":false,"relatedKeywordTerms":""}],"backgroundImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a09/article-background-hero-image.png","thumbnailImage":"/content/dam/f5-labs-v2/article/backgrounds/a09/article-thumbnail-image.png","backgroundTileImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a09/optimize/article-tile-image.jpg","type":"article","appTierAffected":[]},{"topic":"Top Risks","topicPath":"/content/cq:tags/f5-labs-v2/article-topics/top-risks","topicSearchPath":"/labs/search?q\u003d%22Top+Risks%22","threatCategoriesPath":["f5-labs-v2:category/threats/client-side-attacks/phishing","f5-labs-v2:category/threats/client-side-attacks/session-hijacking","f5-labs-v2:category/threats/web-application-attacks/man-in-the-middle","f5-labs-v2:category/threats/web-application-attacks/Malware"],"threatCategoriesTitles":["Phishing","Session hijacking","Man-in-the-middle","Malware"],"date":"June 17, 2021","contentDuration":"4 min. read","publishDate":"Jun 17, 2021 8:27:00 AM","title":"Attacker Tricks for Taking Over Risk-Based Multifactor Authentication","authors":["Shahnawaz Backer"],"authorPaths":["/content/f5-labs-v2/en/authors/shahnawaz-backer"],"contributors":["Ann Sha Ng"],"contributorPaths":["/content/f5-labs-v2/en/authors/ann-sha-ng"],"path":"/content/f5-labs-v2/en/labs/articles/threat-intelligence/attacker-tricks-for-taking-over-risk-based-multifactor-authentication","mappedPath":"/labs/articles/threat-intelligence/attacker-tricks-for-taking-over-risk-based-multifactor-authentication","description":"From spoofing device fingerprints to hijacking authenticated sessions, attackers use a range of techniques to bypass multifactor authentication.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:article-topics/top-risks","url":"/labs/search?q\u003d%22Top+Risks%22","name":"top-risks","title":"Top Risks","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/threats/client-side-attacks","url":"/labs/search?q\u003d%22Client-side+Attacks%22","name":"client-side-attacks","title":"Client-side Attacks","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/threats","url":"/labs/search?q\u003dThreats","name":"threats","title":"Threats","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/threats/web-application-attacks/man-in-the-middle","url":"/labs/search?q\u003dMan-in-the-middle","name":"man-in-the-middle","title":"Man-in-the-middle","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/threats/client-side-attacks/phishing","url":"/labs/search?q\u003dPhishing","name":"phishing","title":"Phishing","isTopic":false}],"backgroundImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a15/article-background-hero-image.png","thumbnailImage":"/content/dam/f5-labs-v2/article/backgrounds/a15/article-thumbnail-image.png","backgroundTileImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a15/optimize/article-tile-image.jpg","type":"article","appTierAffected":["Services Tier","Access Tier","Client"]},{"topic":"Top Risks","topicPath":"/content/cq:tags/f5-labs-v2/article-topics/top-risks","topicSearchPath":"/labs/search?q\u003d%22Top+Risks%22","threatCategoriesPath":["f5-labs-v2:category/threats/web-application-attacks/credential-theft","f5-labs-v2:category/threats/web-application-attacks/credential-stuffing","f5-labs-v2:category/threats/web-application-attacks/brute-force","f5-labs-v2:category/threats/web-application-attacks/cross-site-scripting","f5-labs-v2:category/threats/web-application-attacks/api-attacks","f5-labs-v2:category/threats/web-application-attacks/injection","f5-labs-v2:category/threats/web-application-attacks/phishing","f5-labs-v2:category/threats/web-application-attacks/abuse-of-functionality","f5-labs-v2:category/threats/web-application-attacks/Malware","f5-labs-v2:category/threats/web-application-attacks/remote-code-execution","f5-labs-v2:category/threats/client-side-attacks/client-platform-malware","f5-labs-v2:category/threats/client-side-attacks/cross-site-scripting","f5-labs-v2:category/threats/client-side-attacks/phishing","f5-labs-v2:category/threats/client-side-attacks/session-hijacking","f5-labs-v2:category/threats/client-side-attacks/Injection","f5-labs-v2:category/threats/client-side-attacks/credential-theft","f5-labs-v2:category/threats/app-infrastructure-attacks/credential-stuffing"],"threatCategoriesTitles":["Credential theft","Credential stuffing","Brute force attack","Cross-site scripting ","API Attacks","Injection","Phishing","Abuse of functionality","Malware","Remote Code Execution","Client-platform malware","Cross-site scripting","Phishing","Session hijacking","Injection","Credential Theft","Credential Stuffing"],"date":"May 18, 2021","contentDuration":"60 min. read","publishDate":"May 18, 2021 4:53:00 PM","title":"2021 Application Protection Report: Of Ransom and Redemption","authors":["Sander Vinberg","Raymond Pompon","Shahnawaz Backer"],"authorPaths":["/content/f5-labs-v2/en/authors/sander-vinberg","/content/f5-labs-v2/en/authors/raymond-pompon","/content/f5-labs-v2/en/authors/shahnawaz-backer"],"contributors":["Malcolm Heath"],"contributorPaths":["/content/f5-labs-v2/en/authors/malcolm-heath"],"path":"/content/f5-labs-v2/en/labs/articles/threat-intelligence/2021-application-protection-report-of-ransom-and-redemption","mappedPath":"/labs/articles/threat-intelligence/2021-application-protection-report-of-ransom-and-redemption","description":"The 2021 version of F5’s continuing analysis of the application security threat landscape explores ransomware, payment card theft, and account takeover.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:article-topics/top-risks","url":"/labs/search?q\u003d%22Top+Risks%22","name":"top-risks","title":"Top Risks","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/threats/web-application-attacks/brute-force","url":"/labs/search?q\u003d%22Brute+force+attack%22","name":"brute-force","title":"Brute force attack","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/threats/web-application-attacks/credential-stuffing","url":"/labs/search?q\u003d%22Credential+stuffing%22","name":"credential-stuffing","title":"Credential stuffing","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/threats/web-application-attacks/credential-theft","url":"/labs/search?q\u003d%22Credential+theft%22","name":"credential-theft","title":"Credential theft","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/threats/client-side-attacks/session-hijacking","url":"/labs/search?q\u003d%22Session+hijacking%22","name":"session-hijacking","title":"Session hijacking","isTopic":false}],"backgroundImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a13/article-background-hero-image.png","thumbnailImage":"/content/dam/f5-labs-v2/article/backgrounds/a13/article-thumbnail-image.png","backgroundTileImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a13/optimize/article-tile-image.jpg","type":"report","appTierAffected":["Services Tier","Access Tier","Client"]},{"topic":"Fraud","topicPath":"/content/cq:tags/f5-labs-v2/article-topics/Fraud","topicSearchPath":"/labs/search?q\u003dFraud","date":"April 14, 2021","contentDuration":"4 min. read","publishDate":"Apr 14, 2021 12:51:00 PM","title":"Collusion Fraud: The Art of Gaming the System with Complicity","authors":["Shahnawaz Backer"],"authorPaths":["/content/f5-labs-v2/en/authors/shahnawaz-backer"],"contributors":["Yiing Chau Mak"],"contributorPaths":["/content/f5-labs-v2/en/authors/yiing-chau-mak"],"path":"/content/f5-labs-v2/en/labs/articles/threat-intelligence/collusion-fraud-the-art-of-gaming-the-system-with-complicity","mappedPath":"/labs/articles/threat-intelligence/collusion-fraud-the-art-of-gaming-the-system-with-complicity","description":"How platform business models are at an increased risk of fraud when two or more separate parties collude.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:article-topics/Fraud","url":"/labs/search?q\u003dFraud","name":"Fraud","title":"Fraud","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:Keywords/collusion","url":"/labs/search?q\u003dCollusion","name":"collusion","title":"Collusion","isTopic":false,"relatedKeywordTerms":""},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/threats","url":"/labs/search?q\u003dThreats","name":"threats","title":"Threats","isTopic":false}],"backgroundImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a13/article-background-hero-image.png","thumbnailImage":"/content/dam/f5-labs-v2/article/backgrounds/a13/article-thumbnail-image.png","backgroundTileImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a13/optimize/article-tile-image.jpg","type":"article","appTierAffected":[]}],"firstName":"Shahnawaz","id":-1813933071},{"name":"Dan Woods","summary":"\u003cp\u003ePrior to F5, Dan Woods spent more than 20 years with local, state, and federal law enforcement and intelligence organizations including the FBI as a special agent where he investigated cyber terrorism, and the CIA where he served as a cyber operations officer.\u003c/p\u003e\r\n","imageReference":"/content/dam/f5-labs-v2/_author-headshots/Dan_Woods_v6.jpg","searchLink":"/content/f5-labs-v2/en/labs/search.author_Dan+Woods.html","jobTitle":"Global Head of Intelligence","companyName":"F5","articles":[{"topic":"Strategies","topicPath":"/content/cq:tags/f5-labs-v2/ciso/strategies","topicSearchPath":"/labs/search?q\u003dStrategies","date":"January 18, 2022","contentDuration":"13 min. read","publishDate":"Jan 18, 2022 2:56:00 PM","title":"Cybersecurity Predictions for 2022 from F5 Labs (and Friends)","authors":["Sander Vinberg"],"authorPaths":["/content/f5-labs-v2/en/authors/sander-vinberg"],"contributors":["Remi Cohen","Raymond Pompon","Peter Scheffler","Dan Woods"],"contributorPaths":["/content/f5-labs-v2/en/authors/remi-cohen","/content/f5-labs-v2/en/authors/raymond-pompon","/content/f5-labs-v2/en/authors/peter-scheffler","/content/f5-labs-v2/en/authors/dan-woods"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/cybersecurity-predictions-for-2022-from-f5-labs-and-friends","mappedPath":"/labs/articles/cisotociso/cybersecurity-predictions-for-2022-from-f5-labs-and-friends","description":"We asked a diverse group of F5 security experts about cybersecurity in 2022. Here’s what they said. We look at cyber-war, cyber-crime, the cloud, the supply chain, encryption keys, and new ransomware targets.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/strategies","url":"/labs/search?q\u003dStrategies","name":"strategies","title":"Strategies","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/controls/article-focus/relevance","url":"/labs/search?q\u003dRelevance","name":"relevance","title":"Relevance","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/governance","url":"/labs/search?q\u003dGovernance","name":"governance","title":"Governance","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/controls/defense-strategies/defending-infrastructure","url":"/labs/search?q\u003d%22Defending+Infrastructure%22","name":"defending-infrastructure","title":"Defending Infrastructure","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/Risk","url":"/labs/search?q\u003dRisk","name":"Risk","title":"Risk","isTopic":false}],"backgroundImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a08/article-background-hero-image.png","thumbnailImage":"/content/dam/f5-labs-v2/article/backgrounds/a08/article-thumbnail-image.png","backgroundTileImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a08/optimize/article-tile-image.jpg","type":"article","appTierAffected":[]},{"topic":"Strategies","topicPath":"/content/cq:tags/f5-labs-v2/ciso/strategies","topicSearchPath":"/labs/search?q\u003dStrategies","date":"May 14, 2021","contentDuration":"10 min. read","publishDate":"May 14, 2021 9:07:00 AM","title":"I Was a Human CAPTCHA Solver","authors":["Dan Woods"],"authorPaths":["/content/f5-labs-v2/en/authors/dan-woods"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/i-was-a-human-captcha-solver","mappedPath":"/labs/articles/cisotociso/i-was-a-human-captcha-solver","description":"A behind-the-scenes peek into the hidden world of human click farms.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/strategies","url":"/labs/search?q\u003dStrategies","name":"strategies","title":"Strategies","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/ciso","url":"/labs/search?q\u003dCISO","name":"ciso","title":"CISO","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/c-suite","url":"/labs/search?q\u003dC-Suite","name":"c-suite","title":"C-Suite","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:Keywords/captcha","url":"/labs/search?q\u003dCAPTCHA","name":"captcha","title":"CAPTCHA","isTopic":false}],"backgroundImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a08/article-background-hero-image.png","thumbnailImage":"/content/dam/f5-labs-v2/article/backgrounds/a08/article-thumbnail-image.png","backgroundTileImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a08/optimize/article-tile-image.jpg","type":"article","appTierAffected":[]},{"topic":"Top Risks","topicPath":"/content/cq:tags/f5-labs-v2/article-topics/top-risks","topicSearchPath":"/labs/search?q\u003d%22Top+Risks%22","date":"February 09, 2021","contentDuration":"45 min. read","publishDate":"Feb 9, 2021 1:00:00 PM","title":"2021 Credential Stuffing Report","authors":["Sander Vinberg","Jarrod Overson"],"authorPaths":["/content/f5-labs-v2/en/authors/sander-vinberg","/content/f5-labs-v2/en/authors/jarrod-overson"],"contributors":["Dan Woods","Shuman Ghosemajumder","Sara Boddy","Raymond Pompon","Alexander Koritz"],"contributorPaths":["/content/f5-labs-v2/en/authors/dan-woods","/content/f5-labs-v2/en/authors/shuman-ghosemajumder","/content/f5-labs-v2/en/authors/sara-boddy","/content/f5-labs-v2/en/authors/raymond-pompon","/content/f5-labs-v2/en/authors/alexander_koritz"],"path":"/content/f5-labs-v2/en/labs/articles/threat-intelligence/2021-credential-stuffing-report","mappedPath":"/labs/articles/threat-intelligence/2021-credential-stuffing-report","description":"Credential stuffing is a multifaceted and enduring risk to organizations of all types and sizes. This report is a comprehensive examination of the entire life cycle of stolen credentials—from their theft, to their resale, and their repeated use in credential stuffing attacks.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:article-topics/top-risks","url":"/labs/search?q\u003d%22Top+Risks%22","name":"top-risks","title":"Top Risks","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/threats/client-side-attacks","url":"/labs/search?q\u003d%22Client-side+Attacks%22","name":"client-side-attacks","title":"Client-side Attacks","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/threats/web-application-attacks/brute-force","url":"/labs/search?q\u003d%22Brute+force+attack%22","name":"brute-force","title":"Brute force attack","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/threats","url":"/labs/search?q\u003dThreats","name":"threats","title":"Threats","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/threats/app-infrastructure-attacks/password-spraying","url":"/labs/search?q\u003d%22Password+Spraying%22","name":"password-spraying","title":"Password Spraying","isTopic":false,"relatedKeywordTerms":""}],"backgroundImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a13/article-background-hero-image.png","thumbnailImage":"/content/dam/f5-labs-v2/article/backgrounds/a13/article-thumbnail-image.png","backgroundTileImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a13/optimize/article-tile-image.jpg","type":"report","appTierAffected":["Access Tier"]},{"topic":"Fraud","topicPath":"/content/cq:tags/f5-labs-v2/article-topics/Fraud","topicSearchPath":"/labs/search?q\u003dFraud","date":"November 19, 2020","contentDuration":"11 min.","publishDate":"Nov 19, 2020 9:10:00 AM","title":"Genesis Marketplace, a Digital Fingerprint Darknet Store","authors":["Dan Woods","Sara Boddy","Shahnawaz Backer"],"authorPaths":["/content/f5-labs-v2/en/authors/dan-woods","/content/f5-labs-v2/en/authors/sara-boddy","/content/f5-labs-v2/en/authors/shahnawaz-backer"],"path":"/content/f5-labs-v2/en/labs/articles/threat-intelligence/genesis-marketplace--a-digital-fingerprint-darknet-store","mappedPath":"/labs/articles/threat-intelligence/genesis-marketplace--a-digital-fingerprint-darknet-store","description":"Insights into Genesis Marketplace, a black market trading in digital identity.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:article-topics/Fraud","url":"/labs/search?q\u003dFraud","name":"Fraud","title":"Fraud","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/threats/client-side-attacks","url":"/labs/search?q\u003d%22Client-side+Attacks%22","name":"client-side-attacks","title":"Client-side Attacks","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/threats/client-side-attacks/client-platform-malware","url":"/labs/search?q\u003d%22Client-platform+malware%22","name":"client-platform-malware","title":"Client-platform malware","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/threats/web-application-attacks/brute-force","url":"/labs/search?q\u003d%22Brute+force+attack%22","name":"brute-force","title":"Brute force attack","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/threats","url":"/labs/search?q\u003dThreats","name":"threats","title":"Threats","isTopic":false}],"backgroundImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a07/article-background-hero-image.png","thumbnailImage":"/content/dam/f5-labs-v2/article/backgrounds/a07/article-thumbnail-image.png","backgroundTileImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a07/optimize/article-tile-image.jpg","appTierAffected":[]}],"firstName":"Dan","id":363071563},{"name":"Mirell Metspalu","summary":"\u003cp\u003eMirell Metspalu is a Senior Privacy Analyst in F5. She has previously worked in fintech, consultancy and carried out legal research. With keen interest in privacy and data protection, UX design and product management, she focuses on helping product teams on building compliant, user friendly and ethical products.\u003c/p\u003e\r\n","imageReference":"/content/dam/f5-labs-v2/_author-headshots/Mirell_Metspalu.png","searchLink":"/content/f5-labs-v2/en/labs/search.author_Mirell+Metspalu.html","jobTitle":"Sr Privacy Analyst","companyName":"F5","articles":[{"topic":"Strategies","topicPath":"/content/cq:tags/f5-labs-v2/ciso/strategies","topicSearchPath":"/labs/search?q\u003dStrategies","date":"January 28, 2021","contentDuration":"5 min. read","publishDate":"Jan 28, 2021 9:07:00 AM","title":"Privacy by Design for Ethical Applications","authors":["Mirell Metspalu"],"authorPaths":["/content/f5-labs-v2/en/authors/mirell-metspalu"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/privacy-by-design-for-ethical-applications","mappedPath":"/labs/articles/cisotociso/privacy-by-design-for-ethical-applications","description":"Privacy by Design is key to ethical app design and includes anticipating for all possible uses of collected data.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/strategies","url":"/labs/search?q\u003dStrategies","name":"strategies","title":"Strategies","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/GDPR","url":"/labs/search?q\u003dGDPR","name":"GDPR","title":"GDPR","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/ciso","url":"/labs/search?q\u003dCISO","name":"ciso","title":"CISO","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/compliance-\u0026-legal","url":"/labs/search?q\u003d%22Compliance+%26+Legal%22","name":"compliance-\u0026-legal","title":"Compliance \u0026 Legal","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:Keywords/privacy","url":"/labs/search?q\u003dprivacy","name":"privacy","title":"privacy","isTopic":false}],"backgroundImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a10/article-background-hero-image.png","thumbnailImage":"/content/dam/f5-labs-v2/article/backgrounds/a10/article-thumbnail-image.png","backgroundTileImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a10/optimize/article-tile-image.jpg","type":"blog","appTierAffected":[]}],"firstName":"Mirell","id":-2015875088},{"name":"Mike Simon","summary":"\u003cp\u003eWith an education in computer science and 25 years of experience designing and securing information systems, Mike Simon is a well-known and highly respected member of the Northwest’s information security community. He is faculty at the University of Washington Information School, a published author, an active collaborator in the PRISEM and PICES projects and other regional initiatives, a subject matter expert in the energy and finance sectors, and integrated with law enforcement through contacts in the FBI, DHS, and Infragard. As Critical Informatics’ Chief Technology Officer, he leads development teams for the Critical Insight security monitoring platform and the associated Critical Insight Collector-sensor, directs our Big Data and Data Analytics program and helps to set company direction and strategy.\u003c/p\u003e\r\n","imageReference":"/content/dam/f5-labs-v2/_author-headshots/Mike_Simon.png","searchLink":"/content/f5-labs-v2/en/labs/search.author_Mike+Simon.html","jobTitle":"CTO","companyName":"Critical Informatics","companyPageUrl":"https://ci.security/","articles":[{"topic":"Strategies","topicPath":"/content/cq:tags/f5-labs-v2/ciso/strategies","topicSearchPath":"/labs/search?q\u003dStrategies","date":"February 06, 2019","contentDuration":"4 min. read","publishDate":"Feb 6, 2019 8:28:00 AM","title":"If I Had to Do It Over Again, Part 2","authors":["Raymond Pompon"],"authorPaths":["/content/f5-labs-v2/en/authors/raymond-pompon"],"contributors":["Sara Boddy","Mike Simon","Todd Plesco","Kate Wakefield"],"contributorPaths":["/content/f5-labs-v2/en/authors/sara-boddy","/content/f5-labs-v2/en/authors/mike-simon","/content/f5-labs-v2/en/authors/todd-plesco","/content/f5-labs-v2/en/authors/kate-wakefield"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/if-i-had-it-to-do-over-again-part-2","mappedPath":"/labs/articles/cisotociso/if-i-had-it-to-do-over-again-part-2","description":"More lessons learned from CISOs about “fire and forget,” physical security, the human factor, and audit logging.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/strategies","url":"/labs/search?q\u003dStrategies","name":"strategies","title":"Strategies","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/career-path","url":"/labs/search?q\u003d%22Career+Path%22","name":"career-path","title":"Career Path","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"industry:healthcare","url":"/labs/search?q\u003dHealthcare","name":"healthcare","title":"Healthcare","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/governance","url":"/labs/search?q\u003dGovernance","name":"governance","title":"Governance","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/Risk","url":"/labs/search?q\u003dRisk","name":"Risk","title":"Risk","isTopic":false}],"backgroundImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a11/article-background-hero-image.png","thumbnailImage":"/content/dam/f5-labs-v2/article/backgrounds/a11/article-thumbnail-image.png","backgroundTileImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a11/optimize/article-tile-image.jpg","type":"blog","appTierAffected":[]},{"topic":"Controls","topicPath":"/content/cq:tags/f5-labs-v2/ciso/controls","topicSearchPath":"/labs/search?q\u003dControls","date":"December 13, 2017","contentDuration":"9 min. read","publishDate":"Nov 2, 2017 12:00:00 AM","title":"Can Engineers Build Networks Too Complicated for Humans to Operate? Part II: Making Sense of Network Activities and System Behaviors","authors":["Mike Simon"],"authorPaths":["/content/f5-labs-v2/en/authors/mike-simon"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/can-engineers-build-networks-too-complicated-for-humans-to-operate-part-ii-making-sense-of-network-activities-and-system-behaviors","mappedPath":"/labs/articles/cisotociso/can-engineers-build-networks-too-complicated-for-humans-to-operate-part-ii-making-sense-of-network-activities-and-system-behaviors","description":"How to selectively capture packets for further analysis and avoid buying a storage farm.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/controls","url":"/labs/search?q\u003dControls","name":"controls","title":"Controls","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/risk-management","url":"/labs/search?q\u003d%22risk+management%22","name":"risk-management","title":"risk management","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/ciso","url":"/labs/search?q\u003dCISO","name":"ciso","title":"CISO","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/packet-analysis","url":"/labs/search?q\u003d%22packet+analysis%22","name":"packet-analysis","title":"packet analysis","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/complex-systems","url":"/labs/search?q\u003d%22complex+systems%22","name":"complex-systems","title":"complex systems","isTopic":false}],"backgroundImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a05/article-background-hero-image.png","thumbnailImage":"/content/dam/f5-labs-v2/article/backgrounds/a05/article-thumbnail-image.png","backgroundTileImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a05/optimize/article-tile-image.jpg","type":"blog","appTierAffected":["Client"]},{"topic":"Strategies","topicPath":"/content/cq:tags/f5-labs-v2/ciso/strategies","topicSearchPath":"/labs/search?q\u003dStrategies","date":"October 30, 2017","contentDuration":"6 min. read","publishDate":"Aug 3, 2017 12:00:00 AM","title":"Can Engineers Build Networks Too Complicated for Humans to Operate? Part I: Scope of the Problem","authors":["Mike Simon"],"authorPaths":["/content/f5-labs-v2/en/authors/mike-simon"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/can-engineers-build-networks-too-complicated-for-humans-to-operate-part-i-scope-of-the-problem","mappedPath":"/labs/articles/cisotociso/can-engineers-build-networks-too-complicated-for-humans-to-operate-part-i-scope-of-the-problem","description":"This series explores how InfoSec practitioners can use math, technology, and critical thinking to mitigate risk in a world where networks and data have surpassed the scope of human comprehension.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/strategies","url":"/labs/search?q\u003dStrategies","name":"strategies","title":"Strategies","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/risk-management","url":"/labs/search?q\u003d%22risk+management%22","name":"risk-management","title":"risk management","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/ciso","url":"/labs/search?q\u003dCISO","name":"ciso","title":"CISO","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/packet-analysis","url":"/labs/search?q\u003d%22packet+analysis%22","name":"packet-analysis","title":"packet analysis","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/complex-systems","url":"/labs/search?q\u003d%22complex+systems%22","name":"complex-systems","title":"complex systems","isTopic":false}],"backgroundImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a09/article-background-hero-image.png","thumbnailImage":"/content/dam/f5-labs-v2/article/backgrounds/a09/article-thumbnail-image.png","backgroundTileImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a09/optimize/article-tile-image.jpg","type":"blog","appTierAffected":["Client"]}],"firstName":"Mike","id":-842160816},{"name":"Mike Hamilton","summary":"\u003cp\u003eMike Hamilton is the founder and CISO of CI Security (formerly Critical Informatics). He has 25 years experience in Information Security as a practitioner, entrepreneur, consultant, and in executive management. He also has direct experience in retail, manufacturing, government, defense, academic, semiconductor, energy, law enforcement, transportation, publishing and financial sectors - from Fortune 1 to small nonprofits. \u003c/p\u003e\r\n","imageReference":"/content/dam/f5-labs-v2/_author-headshots/Mike_Hamilton.png","searchLink":"/content/f5-labs-v2/en/labs/search.author_Mike+Hamilton.html","jobTitle":"Founder, CISO","companyName":"CI Security","companyPageUrl":"https://ci.security/","articles":[{"topic":"Strategies","topicPath":"/content/cq:tags/f5-labs-v2/ciso/strategies","topicSearchPath":"/labs/search?q\u003dStrategies","date":"January 15, 2019","contentDuration":"5 min. read","publishDate":"Jan 15, 2019 3:34:00 PM","title":"If I Had to Do It Over Again","authors":["Raymond Pompon"],"authorPaths":["/content/f5-labs-v2/en/authors/raymond-pompon"],"contributors":["Erik Pierson","Mike Hamilton","Mary Gardner"],"contributorPaths":["/content/f5-labs-v2/en/authors/erik-pierson","/content/f5-labs-v2/en/authors/mike-hamilton","/content/f5-labs-v2/en/authors/mary-gardner"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/if-i-had-it-to-do-over-again","mappedPath":"/labs/articles/cisotociso/if-i-had-it-to-do-over-again","description":"Learn from CISOs who describe how they would “do it over” again in some of their early security program deployments.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/strategies","url":"/labs/search?q\u003dStrategies","name":"strategies","title":"Strategies","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/career-path","url":"/labs/search?q\u003d%22Career+Path%22","name":"career-path","title":"Career Path","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"industry:healthcare","url":"/labs/search?q\u003dHealthcare","name":"healthcare","title":"Healthcare","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/governance","url":"/labs/search?q\u003dGovernance","name":"governance","title":"Governance","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/Risk","url":"/labs/search?q\u003dRisk","name":"Risk","title":"Risk","isTopic":false}],"backgroundImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a11/article-background-hero-image.png","thumbnailImage":"/content/dam/f5-labs-v2/article/backgrounds/a11/article-thumbnail-image.png","backgroundTileImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a11/optimize/article-tile-image.jpg","type":"blog","appTierAffected":[]}],"firstName":"Mike","id":2133310420},{"name":"Aaron Zander","summary":"\u003cp\u003eAaron Zander is the Head of IT at HackerOne. Aaron is an Information Technology professional with more than 10 years of IT networking and security experience. Aaron is dedicated towards creating business efficient processes that increase ROI and create better experiences for end users and teams. Prior to HackerOne, Aaron served in technical IT leadership roles at Sitecore and Drop.\u0026nbsp; Aaron is based in San Francisco, California. He oversees IT for all of HackerOne’s global offices including Singapore, Europe and the UK.\u003c/p\u003e\r\n","imageReference":"/content/dam/f5-labs-v2/_author-headshots/Aaron_Zander.png","searchLink":"/content/f5-labs-v2/en/labs/search.author_Aaron+Zander.html","jobTitle":"Head of IT","companyName":"HackerOne","companyPageUrl":"https://www.hackerone.com/blog","articles":[{"topic":"Controls","topicPath":"/content/cq:tags/f5-labs-v2/ciso/controls","topicSearchPath":"/labs/search?q\u003dControls","date":"June 09, 2020","contentDuration":"8 min. read","publishDate":"Jun 9, 2020 1:12:00 PM","title":"Using Zero Trust to Secure Your Company When Going Remote","authors":["Aaron Zander"],"authorPaths":["/content/f5-labs-v2/en/authors/aaron-zander"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/using-zero-trust-to-secure-your-company-when-going-remote","mappedPath":"/labs/articles/cisotociso/using-zero-trust-to-secure-your-company-when-going-remote","description":"How to move your workforce securely to remote access with zero trust networking.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/controls","url":"/labs/search?q\u003dControls","name":"controls","title":"Controls","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/ciso","url":"/labs/search?q\u003dCISO","name":"ciso","title":"CISO","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/controls/defense-strategies/defending-clients","url":"/labs/search?q\u003d%22Defending+Clients%22","name":"defending-clients","title":"Defending Clients","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:Keywords/remote-access","url":"/labs/search?q\u003d%22Remote+Access%22","name":"remote-access","title":"Remote Access","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/controls/article-focus/innovation","url":"/labs/search?q\u003dInnovation","name":"innovation","title":"Innovation","isTopic":false}],"backgroundImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a03/article-background-hero-image.png","thumbnailImage":"/content/dam/f5-labs-v2/article/backgrounds/a03/article-thumbnail-image.png","backgroundTileImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a03/optimize/article-tile-image.jpg","type":"blog","appTierAffected":[]}],"firstName":"Aaron","id":-235695977},{"name":"Kip Boyle","summary":"\u003cp\u003eKip Boyle is the CEO of Cyber Risk Opportunities, whose mission is to help executives become better cyber risk managers. He has over 24 years of cybersecurity experience serving in such roles as Chief Information Security Officer (CISO) for PEMCO Insurance and Director of Wide Area Network Security for the F-22 Raptor. In addition to his work with many large, global organizations at the Stanford Research Institute, Kip has also held other cyber risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.\u003c/p\u003e\r\n","imageReference":"/content/dam/f5-labs-v2/_author-headshots/Kip_Boyle.png","searchLink":"/content/f5-labs-v2/en/labs/search.author_Kip+Boyle.html","jobTitle":"CEO","companyName":"Cyber Risk Opportunities","companyPageUrl":"https://www.cyberriskopportunities.com/","articles":[{"topic":"Strategies","topicPath":"/content/cq:tags/f5-labs-v2/ciso/strategies","topicSearchPath":"/labs/search?q\u003dStrategies","date":"May 17, 2018","contentDuration":"7 min. read","publishDate":"May 17, 2018 12:00:00 AM","title":"Managing Compliance Issues within the Value Chain","authors":["Kip Boyle"],"authorPaths":["/content/f5-labs-v2/en/authors/kip-boyle"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/managing-compliance-issues-within-the-value-chain","mappedPath":"/labs/articles/cisotociso/managing-compliance-issues-within-the-value-chain","description":"Align your compliance requirements with your other business requirements so you can distinguish what you must do from what’s nice to do.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/strategies","url":"/labs/search?q\u003dStrategies","name":"strategies","title":"Strategies","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/third-party-liability","url":"/labs/search?q\u003d%22third+party+liability%22","name":"third-party-liability","title":"third party liability","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/third-party-security","url":"/labs/search?q\u003d%22third+party+security%22","name":"third-party-security","title":"third party security","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/ciso","url":"/labs/search?q\u003dCISO","name":"ciso","title":"CISO","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/compliance","url":"/labs/search?q\u003dcompliance","name":"compliance","title":"compliance","isTopic":false}],"backgroundImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a03/article-background-hero-image.png","thumbnailImage":"/content/dam/f5-labs-v2/article/backgrounds/a03/article-thumbnail-image.png","backgroundTileImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a03/optimize/article-tile-image.jpg","type":"blog","appTierAffected":["Services Tier"]}],"firstName":"Kip","id":782047147},{"name":"Erik Pierson","summary":"\u003cp\u003eErik Pierson is the Director of Information Security at Slalom Consulting, with over 20 years experience in the field.\u003c/p\u003e\r\n","imageReference":"/content/dam/f5-labs-v2/_author-headshots/Erik_Pierson.png","searchLink":"/content/f5-labs-v2/en/labs/search.author_Erik+Pierson.html","jobTitle":"Director of Information Security","companyName":"Slalom Consulting","companyPageUrl":"https://www.slalom.com/","articles":[{"topic":"Strategies","topicPath":"/content/cq:tags/f5-labs-v2/ciso/strategies","topicSearchPath":"/labs/search?q\u003dStrategies","date":"January 15, 2019","contentDuration":"5 min. read","publishDate":"Jan 15, 2019 3:34:00 PM","title":"If I Had to Do It Over Again","authors":["Raymond Pompon"],"authorPaths":["/content/f5-labs-v2/en/authors/raymond-pompon"],"contributors":["Erik Pierson","Mike Hamilton","Mary Gardner"],"contributorPaths":["/content/f5-labs-v2/en/authors/erik-pierson","/content/f5-labs-v2/en/authors/mike-hamilton","/content/f5-labs-v2/en/authors/mary-gardner"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/if-i-had-it-to-do-over-again","mappedPath":"/labs/articles/cisotociso/if-i-had-it-to-do-over-again","description":"Learn from CISOs who describe how they would “do it over” again in some of their early security program deployments.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/strategies","url":"/labs/search?q\u003dStrategies","name":"strategies","title":"Strategies","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/career-path","url":"/labs/search?q\u003d%22Career+Path%22","name":"career-path","title":"Career Path","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"industry:healthcare","url":"/labs/search?q\u003dHealthcare","name":"healthcare","title":"Healthcare","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/governance","url":"/labs/search?q\u003dGovernance","name":"governance","title":"Governance","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/Risk","url":"/labs/search?q\u003dRisk","name":"Risk","title":"Risk","isTopic":false}],"backgroundImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a11/article-background-hero-image.png","thumbnailImage":"/content/dam/f5-labs-v2/article/backgrounds/a11/article-thumbnail-image.png","backgroundTileImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a11/optimize/article-tile-image.jpg","type":"blog","appTierAffected":[]}],"firstName":"Erik","id":-43669857},{"name":"Wendy Nather","summary":"\u003cp\u003eWendy Nather is Principal Security Strategist at Duo Security. She was previously the Research Director at the Retail ISAC, as well as Research Director of the Information Security Practice at independent analyst firm 451 Research. Wendy led IT security for the EMEA region of the investment banking division of Swiss Bank Corporation (now UBS), and served as CISO of the Texas Education Agency. She speaks regularly on topics ranging from threat intelligence to identity and access management, risk analysis, incident response, data security, and societal and privacy issues. Wendy is co-author of \u003ci\u003eThe Cloud Security Rules\u003c/i\u003e, and was listed as one of SC Magazine\u0027s Women in IT Security \u0026quot;Power Players\u0026quot; in 2014. \u003c/p\u003e\r\n","imageReference":"/content/dam/f5-labs-v2/_author-headshots/Wendy_Nather.png","searchLink":"/content/f5-labs-v2/en/labs/search.author_Wendy+Nather.html","jobTitle":"Principal Security Strategist","companyName":"Duo Security","companyPageUrl":"https://duo.com/blog/post-author/wnather","articles":[{"topic":"Controls","topicPath":"/content/cq:tags/f5-labs-v2/ciso/controls","topicSearchPath":"/labs/search?q\u003dControls","date":"July 24, 2017","contentDuration":"6 min. read","publishDate":"Apr 4, 2017 12:00:00 AM","title":"Wait, Don’t Throw Out Your Firewalls!","authors":["Wendy Nather"],"authorPaths":["/content/f5-labs-v2/en/authors/wendy-nather"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/wait-dont-throw-out-your-firewalls-25982","mappedPath":"/labs/articles/cisotociso/wait-dont-throw-out-your-firewalls-25982","description":"Yes, the perimeter has shifted, but firewalls still have a place in your network. They’re just not alone anymore.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/controls","url":"/labs/search?q\u003dControls","name":"controls","title":"Controls","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/ciso","url":"/labs/search?q\u003dCISO","name":"ciso","title":"CISO","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/security-architecture","url":"/labs/search?q\u003d%22security+architecture%22","name":"security-architecture","title":"security architecture","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:Keywords/MFA","url":"/labs/search?q\u003dMFA","name":"MFA","title":"MFA","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/firewall","url":"/labs/search?q\u003dfirewall","name":"firewall","title":"firewall","isTopic":false}],"backgroundImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a14/article-background-hero-image.png","thumbnailImage":"/content/dam/f5-labs-v2/article/backgrounds/a14/article-thumbnail-image.png","backgroundTileImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a14/optimize/article-tile-image.jpg","type":"blog","appTierAffected":["Client"]}],"firstName":"Wendy","id":-1943454051},{"name":"Ravila White","summary":"\u003cp\u003eRavila White is currently a Deputy Director of Enterprise Security Architecture at a global healthcare company. She has over 15 years of experience in Information Technology and Information Security with a career spanning non-profit, healthcare, e-commerce and educations sectors. She has experience as a whitehat, strategist, architect, auditor, incident handler and various leadership roles.  She applies reverse engineering and logic-based information modeling to her work. Ravila carries CISSP, CISM, CISA, CIPP, GCIH and ITIL v3 certifications along with a MSc information Security from the University of Royal Holloway. She regularly presents at local and national events on information assurance topics and is published on a national and global level. She is also a member of the PacCISO and Agora.\u003c/p\u003e\r\n","imageReference":"/content/dam/f5-labs-v2/_author-headshots/Ravila_White.png","searchLink":"/content/f5-labs-v2/en/labs/search.author_Ravila+White.html","jobTitle":"Deputy Director of Enterprise Security Architecture","articles":[{"topic":"Strategies","topicPath":"/content/cq:tags/f5-labs-v2/ciso/strategies","topicSearchPath":"/labs/search?q\u003dStrategies","date":"January 12, 2018","contentDuration":"4 min. read","publishDate":"Dec 26, 2017 12:00:00 AM","title":"Achieving Multi-Dimensional Security Through Information Modeling—Modeling Inversion Part 5","authors":["Ravila White"],"authorPaths":["/content/f5-labs-v2/en/authors/ravila-white"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/achieving-multi-dimensional-security-through-information-modelingmodeling-inversion-part-5","mappedPath":"/labs/articles/cisotociso/achieving-multi-dimensional-security-through-information-modelingmodeling-inversion-part-5","description":"In Part 5 of this blog series, we use inversion modeling techniques to develop a high-level protection strategy.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/strategies","url":"/labs/search?q\u003dStrategies","name":"strategies","title":"Strategies","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/ciso","url":"/labs/search?q\u003dCISO","name":"ciso","title":"CISO","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/compliance","url":"/labs/search?q\u003dcompliance","name":"compliance","title":"compliance","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/security-architecture","url":"/labs/search?q\u003d%22security+architecture%22","name":"security-architecture","title":"security architecture","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/information-modeling","url":"/labs/search?q\u003d%22information+modeling%22","name":"information-modeling","title":"information modeling","isTopic":false}],"backgroundImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a04/article-background-hero-image.png","thumbnailImage":"/content/dam/f5-labs-v2/article/backgrounds/a04/article-thumbnail-image.png","backgroundTileImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a04/optimize/article-tile-image.jpg","type":"blog","appTierAffected":["Client"]},{"topic":"Strategies","topicPath":"/content/cq:tags/f5-labs-v2/ciso/strategies","topicSearchPath":"/labs/search?q\u003dStrategies","date":"January 02, 2018","contentDuration":"5 min. read","publishDate":"Nov 28, 2017 12:00:00 AM","title":"Achieving Multi-Dimensional Security Through Information Modeling—Unwrapping Controls Part 4","authors":["Ravila White"],"authorPaths":["/content/f5-labs-v2/en/authors/ravila-white"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/achieving-multi-dimensional-security-through-information-modelingunwrapping-controls-part-4","mappedPath":"/labs/articles/cisotociso/achieving-multi-dimensional-security-through-information-modelingunwrapping-controls-part-4","description":"In Part 3 of this blog series, we demonstrated modeling the threat landscape along with executive threat-modeling. In this blog, we discuss the importance of defining controls.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/strategies","url":"/labs/search?q\u003dStrategies","name":"strategies","title":"Strategies","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/ciso","url":"/labs/search?q\u003dCISO","name":"ciso","title":"CISO","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/compliance","url":"/labs/search?q\u003dcompliance","name":"compliance","title":"compliance","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/security-architecture","url":"/labs/search?q\u003d%22security+architecture%22","name":"security-architecture","title":"security architecture","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/information-modeling","url":"/labs/search?q\u003d%22information+modeling%22","name":"information-modeling","title":"information modeling","isTopic":false}],"backgroundImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a15/article-background-hero-image.png","thumbnailImage":"/content/dam/f5-labs-v2/article/backgrounds/a15/article-thumbnail-image.png","backgroundTileImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a15/optimize/article-tile-image.jpg","type":"blog","appTierAffected":["Client"]},{"topic":"Strategies","topicPath":"/content/cq:tags/f5-labs-v2/ciso/strategies","topicSearchPath":"/labs/search?q\u003dStrategies","date":"October 10, 2017","contentDuration":"5 min. read","publishDate":"Aug 23, 2017 12:00:00 AM","title":"Achieving Multi-Dimensional Security Through Information Modeling—Executive Threat Modeling Part 3","authors":["Ravila White"],"authorPaths":["/content/f5-labs-v2/en/authors/ravila-white"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/achieving-multi-dimensional-security-through-information-modelingexecutive-threat-modeling-part-3","mappedPath":"/labs/articles/cisotociso/achieving-multi-dimensional-security-through-information-modelingexecutive-threat-modeling-part-3","description":"How InfoSec leaders can build successful threat models by defining the threat landscape and its component resources, then asking simple, situational questions.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/strategies","url":"/labs/search?q\u003dStrategies","name":"strategies","title":"Strategies","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/ciso","url":"/labs/search?q\u003dCISO","name":"ciso","title":"CISO","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/compliance","url":"/labs/search?q\u003dcompliance","name":"compliance","title":"compliance","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/security-architecture","url":"/labs/search?q\u003d%22security+architecture%22","name":"security-architecture","title":"security architecture","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/information-modeling","url":"/labs/search?q\u003d%22information+modeling%22","name":"information-modeling","title":"information modeling","isTopic":false}],"backgroundImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a01/article-background-hero-image.png","thumbnailImage":"/content/dam/f5-labs-v2/article/backgrounds/a01/article-thumbnail-image.png","backgroundTileImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a01/optimize/article-tile-image.jpg","type":"blog","appTierAffected":["Client"]},{"topic":"Strategies","topicPath":"/content/cq:tags/f5-labs-v2/ciso/strategies","topicSearchPath":"/labs/search?q\u003dStrategies","date":"August 03, 2017","contentDuration":"7 min. read","publishDate":"Jun 22, 2017 12:00:00 AM","title":"Achieving Multi-Dimensional Security Through Information Modeling—The Master Model Part 2","authors":["Ravila White"],"authorPaths":["/content/f5-labs-v2/en/authors/ravila-white"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/achieving-multi-dimensional-security-through-information-modelingthe-master-model-part-2","mappedPath":"/labs/articles/cisotociso/achieving-multi-dimensional-security-through-information-modelingthe-master-model-part-2","description":"Understanding the customer segment of your organization is critical to developing a strategy that ensures regulatory compliance.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/strategies","url":"/labs/search?q\u003dStrategies","name":"strategies","title":"Strategies","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/ciso","url":"/labs/search?q\u003dCISO","name":"ciso","title":"CISO","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/compliance","url":"/labs/search?q\u003dcompliance","name":"compliance","title":"compliance","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/security-architecture","url":"/labs/search?q\u003d%22security+architecture%22","name":"security-architecture","title":"security architecture","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/information-modeling","url":"/labs/search?q\u003d%22information+modeling%22","name":"information-modeling","title":"information modeling","isTopic":false}],"backgroundImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a04/article-background-hero-image.png","thumbnailImage":"/content/dam/f5-labs-v2/article/backgrounds/a04/article-thumbnail-image.png","backgroundTileImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a04/optimize/article-tile-image.jpg","type":"blog","appTierAffected":["Client"]}],"firstName":"Ravila","id":-640364060},{"name":"Masako Long","summary":"\u003cp\u003eMasako Long is a Senior Sales Executive at DefenseStorm, where she empowers financial institutions to take control of their cybersafety and soundness through understanding and appropriate action. She is passionate about making security an everyday conversation and enjoys bridging the technical gap.\u003c/p\u003e\r\n\u003cp\u003eThroughout her technology sales career, Masako has supported a wide range of industries from seafood, aerospace, healthcare, high tech, finance, critical infrastructure, with some of the biggest companies to small local companies. She attributes her knowledge primary to listening (A LOT!), taking good notes (although often illegible), and participating in a few security organizations.\u003c/p\u003e\r\n\u003cp\u003eTo contact Masako, email at \u003ca href\u003d\"mailto:masako.long@defensestorm.com\" target\u003d\"_blank\"\u003emasako.long@defensestorm.com\u003c/a\u003e or find her on LinkedIn: \u003ca href\u003d\"https://www.linkedin.com/in/masako/\" target\u003d\"_blank\"\u003ehttps://www.linkedin.com/in/masako/\u003c/a\u003e\u003c/p\u003e\r\n","imageReference":"/content/dam/f5-labs-v2/_author-headshots/Masako_Long.png","searchLink":"/content/f5-labs-v2/en/labs/search.author_Masako+Long.html","jobTitle":"Senior Sales Executive","companyName":"DefenseStorm","companyPageUrl":"https://www.defensestorm.com/","articles":[{"topic":"Strategies","topicPath":"/content/cq:tags/f5-labs-v2/ciso/strategies","topicSearchPath":"/labs/search?q\u003dStrategies","date":"October 25, 2018","contentDuration":"7 min. read","publishDate":"Oct 25, 2018 10:15:00 AM","title":"“Fire the CISO!”","authors":["Masako Long"],"authorPaths":["/content/f5-labs-v2/en/authors/masako-long"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/--fire-the-ciso--","mappedPath":"/labs/articles/cisotociso/--fire-the-ciso--","description":"Managing cybersecurity and protecting the business should be a team effort, so don’t let your CISO become the easy scapegoat when things go wrong.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/strategies","url":"/labs/search?q\u003dStrategies","name":"strategies","title":"Strategies","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/ciso","url":"/labs/search?q\u003dCISO","name":"ciso","title":"CISO","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/risk-communication","url":"/labs/search?q\u003d%22risk+communication%22","name":"risk-communication","title":"risk communication","isTopic":false}],"backgroundImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a15/article-background-hero-image.png","thumbnailImage":"/content/dam/f5-labs-v2/article/backgrounds/a15/article-thumbnail-image.png","backgroundTileImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a15/optimize/article-tile-image.jpg","type":"blog","appTierAffected":[]}],"firstName":"Masako","id":-322724156},{"name":"Paul Farrall","summary":"\u003cp\u003ePaul Farrall currently holds the position of Vice President \u0026amp; Chief Information Security Officer at Skytap, a Cloud Infrastructure provider headquartered in Seattle, WA. For the past 15 years, Paul has been focused on Information Security and IT Operations at a variety of organizations ranging from Fortune 500 companies to small technology startups. Prior to Skytap, he was VP of Operations and Information Security for Big Fish Games, where he had overall responsibility for Information Security and IT Operations. Paul’s current interests include the emerging intersection of privacy and cybersecurity; integrating agile security into Devops; and developing cybersecurity best practices for cloud services providers.\u003c/p\u003e\r\n","imageReference":"/content/dam/f5-labs-v2/_author-headshots/Paul_Farrall.png","searchLink":"/content/f5-labs-v2/en/labs/search.author_Paul+Farrall.html","jobTitle":"Vice President and CISO","companyName":"Skytap","articles":[{"topic":"Strategies","topicPath":"/content/cq:tags/f5-labs-v2/ciso/strategies","topicSearchPath":"/labs/search?q\u003dStrategies","date":"April 18, 2019","contentDuration":"6 min. read","publishDate":"Apr 18, 2019 7:51:00 AM","title":"If I Had To Do It Over Again, Part 3","authors":["Raymond Pompon"],"authorPaths":["/content/f5-labs-v2/en/authors/raymond-pompon"],"contributors":["Paul Farrall","Preston Hogue","Taeil Goh"],"contributorPaths":["/content/f5-labs-v2/en/authors/paul-farrall","/content/f5-labs-v2/en/authors/preston-hogue","/content/f5-labs-v2/en/authors/taeil-goh"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/if-i-had-to-do-it-over-again--part-3","mappedPath":"/labs/articles/cisotociso/if-i-had-to-do-it-over-again--part-3","description":"More stories from CISOs who describe how they would “do it over” again in some of their early security program deployments.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/strategies","url":"/labs/search?q\u003dStrategies","name":"strategies","title":"Strategies","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/career-path","url":"/labs/search?q\u003d%22Career+Path%22","name":"career-path","title":"Career Path","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"industry:healthcare","url":"/labs/search?q\u003dHealthcare","name":"healthcare","title":"Healthcare","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/governance","url":"/labs/search?q\u003dGovernance","name":"governance","title":"Governance","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/Risk","url":"/labs/search?q\u003dRisk","name":"Risk","title":"Risk","isTopic":false}],"backgroundImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a12/article-background-hero-image.png","thumbnailImage":"/content/dam/f5-labs-v2/article/backgrounds/a12/article-thumbnail-image.png","backgroundTileImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a12/optimize/article-tile-image.jpg","type":"blog","appTierAffected":[]}],"firstName":"Paul","id":1449513714},{"name":"Todd Plesco","summary":"\u003cp\u003eTodd Plesco is the Chief Information Security Officer of PrescribeWellness.  PrescribeWellness\u0027s cloud-based platform is used by pharmacies and other healthcare professionals to provide more effective, preventive healthcare services, which improve medication adherence, chronic disease management, transitions in care, and population health.\u003cbr /\u003e\r\n\u003cbr /\u003e\r\nMr. Plesco is responsible for developing and executing cyber security strategy and leading teams focused on risk management, security engineering, application security, cyber security operations and policy, and company-wide cyber security resiliency. His mission promotes a vigilant culture which places a high value on the protection of privacy and security for information resources and protection of personal health information entrusted to PrescribeWellness.\u003c/p\u003e\r\n\u003cp\u003e\u003ca href\u003d\"http://www.infosecurity.pro/\"\u003ehttp://www.infosecurity.pro/\u003c/a\u003e\u003c/p\u003e\r\n","imageReference":"/content/dam/f5-labs-v2/_author-headshots/Todd_Plesco.png","searchLink":"/content/f5-labs-v2/en/labs/search.author_Todd+Plesco.html","jobTitle":"CISO","companyName":"PrescribeWellness","articles":[{"topic":"Strategies","topicPath":"/content/cq:tags/f5-labs-v2/ciso/strategies","topicSearchPath":"/labs/search?q\u003dStrategies","date":"February 06, 2019","contentDuration":"4 min. read","publishDate":"Feb 6, 2019 8:28:00 AM","title":"If I Had to Do It Over Again, Part 2","authors":["Raymond Pompon"],"authorPaths":["/content/f5-labs-v2/en/authors/raymond-pompon"],"contributors":["Sara Boddy","Mike Simon","Todd Plesco","Kate Wakefield"],"contributorPaths":["/content/f5-labs-v2/en/authors/sara-boddy","/content/f5-labs-v2/en/authors/mike-simon","/content/f5-labs-v2/en/authors/todd-plesco","/content/f5-labs-v2/en/authors/kate-wakefield"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/if-i-had-it-to-do-over-again-part-2","mappedPath":"/labs/articles/cisotociso/if-i-had-it-to-do-over-again-part-2","description":"More lessons learned from CISOs about “fire and forget,” physical security, the human factor, and audit logging.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/strategies","url":"/labs/search?q\u003dStrategies","name":"strategies","title":"Strategies","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/career-path","url":"/labs/search?q\u003d%22Career+Path%22","name":"career-path","title":"Career Path","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"industry:healthcare","url":"/labs/search?q\u003dHealthcare","name":"healthcare","title":"Healthcare","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/governance","url":"/labs/search?q\u003dGovernance","name":"governance","title":"Governance","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/strategies/Risk","url":"/labs/search?q\u003dRisk","name":"Risk","title":"Risk","isTopic":false}],"backgroundImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a11/article-background-hero-image.png","thumbnailImage":"/content/dam/f5-labs-v2/article/backgrounds/a11/article-thumbnail-image.png","backgroundTileImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a11/optimize/article-tile-image.jpg","type":"blog","appTierAffected":[]},{"topic":"Strategies","topicPath":"/content/cq:tags/f5-labs-v2/ciso/strategies","topicSearchPath":"/labs/search?q\u003dStrategies","date":"July 18, 2017","contentDuration":"4 min. read","publishDate":"May 25, 2017 12:00:00 AM","title":"How I Learned to Love Cyber Security","authors":["Todd Plesco"],"authorPaths":["/content/f5-labs-v2/en/authors/todd-plesco"],"path":"/content/f5-labs-v2/en/labs/articles/cisotociso/how-i-learned-to-love-cyber-security-26951","mappedPath":"/labs/articles/cisotociso/how-i-learned-to-love-cyber-security-26951","description":"Cyber security can be a difficult and thankless job, but you can learn to love it when you know how to go about it.","tags":[{"TAG_ID_PARAM":"tagId","weight":5,"tagId":"f5-labs-v2:ciso/strategies","url":"/labs/search?q\u003dStrategies","name":"strategies","title":"Strategies","isTopic":true},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:category/ciso","url":"/labs/search?q\u003dCISO","name":"ciso","title":"CISO","isTopic":false},{"TAG_ID_PARAM":"tagId","weight":0,"tagId":"f5-labs-v2:ciso/C2C-Keywords/leadership","url":"/labs/search?q\u003dleadership","name":"leadership","title":"leadership","isTopic":false}],"backgroundImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a08/article-background-hero-image.png","thumbnailImage":"/content/dam/f5-labs-v2/article/backgrounds/a08/article-thumbnail-image.png","backgroundTileImagePath":"/content/dam/f5-labs-v2/article/backgrounds/a08/optimize/article-tile-image.jpg","type":"blog","appTierAffected":["Client"]}],"firstName":"Todd","id":343613065}]
BIO
CISO Spotlight
Gail Coury
CISO F5

As F5's CISO, Gail has three primary responsibilities:

  1. Implement and operate F5’s enterprise IT security program
  2. Establish company-wide standards and programs for product and service security
  3. Showcase to customers and the industry the use of F5 security technologies

Previously, Gail served as Vice President and General Manager of F5 Silverline, where she led product management, marketing, architecture, engineering, and customer success for F5’s cloud-based Silverline managed service offering. Before joining F5, Coury was CISO of Oracle Cloud, PeopleSoft and J.D. Edwards. She brings more than 20 years of experience both as a CISO and as a security product leader.

Gail has an Executive MBA from Stanford University and a bachelor’s degree in computer science from Clarke University.  She is also a member of the following boards:

  • One In Tech, an ISACA Foundation, Board Chair
  • Clarke University Board of Trustees
  • Coalfire Cloud Security Advisory Board
Featured Topic: Vulnerability Management
Prioritizing Vulnerability Management Using Machine Learning
What Cybersecurity Can Learn from UX Design
The New Insider Threat: Automation Frameworks

CISO Content

No filters selected
CISO Categories

No articles found matching your filter criteria

Hundreds of apps will be attacked by the time you read this.

So, we get to work. We obsess over effective attack methods. We monitor the growth of IoT and its evolving threats. We dive deep into the latest crypto-mining campaigns. We analyze banking Trojan targets. We dissect exploits. We hunt for the latest malware. And then our team of experts share it all with you. For more than 20 years, F5 has been leading the app delivery space. With our experience, we are passionate about educating the security community-providing the intel you need to stay informed so your apps can stay safe.

Every

9 hrs

a critical vulnerability—with the potential for remote code execution—is released.