For today’s remote workforce, security professionals need technical security awareness education distinct from the rest of the company’s “don’t click a phishing link” training. Security analysts know how to recognize phishing emails and set secure passwords. However, where does that leave them when it comes to security awareness month?

Maintaining an online business presence nowadays means that malicious actors are going to target and likely exploit any application vulnerabilities they can find sooner or later. According to the 2021 Mid Year Data Breach Report, although the number of breaches has declined by 24%, the staggering number of records that were exposed (18.8 billion) means that there is still room for improvement.

As cyberattacks become more sophisticated across ever-expanding attack surfaces, it’s easy to assume the security team will take care of risk management and mitigation. Indeed, employees—both within the agency and across the contractor community—are one of the greatest risks to the government’s security postures.

CFEngine and Ansible are two

Bubble wrap®. That obsessively addictive plastic material, made up of hundreds of small air-filled bubbles we all love to squeeze. Although I tend to think of Bubble Wrap as the original fidget toy—melting away our anxieties with every satisfying pop—most people associate it with helping to protect their most precious collectibles when in transit or being placed in long-term storage.

In my interactions at industry events like AWS re:invent and KubeCon, I talk with a lot of developers. Devs often tell stories of things that prevent them from working quickly and efficiently. Many involve frustrating interactions with sys admins, SREs, or DevOps colleagues. One story I have heard several times involves a conversation like this: dev: Hey, SRE team. My build is failing and I don’t know what’s happening with the app in the build node.

Like a football or soccer team, security also has two lineups that must be continuously managed. One lineup involves protecting the digital assets and data of a business. The other: managing the security risk and vulnerability exposure of these environments and endpoints. The tension between these two lineups keep security and IT very busy. There is a critical shortage of expert security professionals, which means no expanding the bench of talent, even if you can afford it.

Since we launched Puppet Comply last year, we’ve been working hard to build out the solution’s capabilities so that we can provide our customers with more options in implementing a continuous compliance program, and become more proactive and efficient in how they manage compliance. A key activity in any strong continuous compliance program is remediation.

When we discuss cybersecurity and the threat of cyber attacks, many may conjure up the image of skillful hackers launching their attacks by way of undiscovered vulnerabilities or using cutting-edge technology. While this may be the case for some attacks, more often than not, vulnerabilities are revealed as a result of careless configuration and inattention to detail. Doors are left open and provide opportunities for attacks.

Welcome back to the incredible and majestic Pandora FMS blog. In today’s post, we are going to deal with an event belonging to the month of October, that depressing month in which we become aware of fall, it is colder and someone keeps cutting short our daylight hours. If April is the month of flowers and November the month of the male mustache for testicular cancer, October is the Cybersecurity Awareness Month.