2 min
Security Strategy
The One Aspect of Selling Security That You Don't Want to Miss
This is a guest post from our frequent contributor Kevin Beaver
[/author/kevinbeaver/]. You can read all of his previous guest posts here
[/author/kevinbeaver/].
When it comes to being successful in security, you must master the ability to
“sell” what you're doing. You must sell new security initiatives to executive
management. You must sell security policies and controls to users. You even have
to sell your customers and business partners on what you're doing to minimize
information risks. Thi
4 min
Security Strategy
UX Research: Steps & Methodologies to Inform Product Redesign
The user experience (UX) design and research teams are preparing to revamp
Rapid7's customer learning and online help. As such, I thought I would take the
opportunity to provide our community insight into the role UX research plays in
bringing new designs – of both new and existing features and experiences – to
fruition.
Before I begin, I'll tell you a little bit about our “research” team. The Rapid7
UX research team, which sits within the greater UX team, consists of myself and
my colleague Ge
2 min
InsightIDR
4 Tips to Help Model Your Security Program to the Attack Chain
When building out next year's security initiatives, how do you prioritize and
choose projects? At Rapid7, we recommend modeling your security program to the
Attack Chain, a graphical representation of the steps required to breach a
company.
For every successful breach, whether it be from a credential-based attack,
malware, or the exploitation of a vulnerability, attackers need to perform at
least one or multiple steps in the chain. If you can detect, investigate, and
remediate the attack earl
4 min
Security Strategy
Using Color within Data Visualization
Admit It, You Love Color!
Any of the Rapid7 products you use involves interacting to some extent with
color. Living in a achromatic world would be dull, compared to a world drenched
in colors. Why? Because, color helps us in a number of ways. It can:
* Help us to distinguish one object from another
* Cause actions and reactions
* Influence our thinking
* Play an important role in conveying quantitative information.
Imagine an air traffic control center whereby the colors used to convey dat
6 min
CISOs
CISOs: Do you have enough locks on your doors?
In a previous blog post
[/2015/07/09/ciso-in-residence-series-shocked-but-not-surprised], I referenced
some research on how people plan for, or rather how they fail to plan for,
natural disasters like floods. At the end of the blog post I mentioned that
people who have poor mental models about disasters fail to prepare fully. I keep
coming back to the idea of mental models because it starts to explain why we
have such a gap between security practitioners and senior executives.
I asked one CISO
3 min
Compliance
Disclosure, Destruction, and Denial
A few years ago while I was working at Defense Cybercrime Center (DC3), one of
my colleagues Terrence Lillard talked about the DDD triad in regards to what
attackers want to do to organization's assets. I haven't heard anyone outside of
him using that term, but I think it's worth sharing. I participated in an
awesome mini-conference event last week with the Metasploit Developement team
and this came up during my talk on Risk Management. When I asked the audience of
seasoned security practicioner