Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Trey Ford  

AUTHOR STATS:

41

Farewell and Thank You

Surrounding yourself with excellence is a key strategy for success in both one's personal and professional lives.As some may have heard, last week was my last at Rapid7. Leaving my team was a difficult decision to make. Over the last two years, I've had…

CISO Guidance on Building the Team: Part II

Haven't read part one of this blog? TL;DR:The security talent gap is real.Creating and promoting strong company culture attracts and retains top performers.Security professionals should always be actively recruiting – both internally and externally.With that gross oversimplification under our belts,…

CISO Guidance on Building the Team

If I had a nickel for every time I read about the “security skills shortage”…well, suffice to say that everyone seems to lament the lack of strong talent in this industry, and the low number of eager young graduates seeking to…

Trey's InfoSec SitRep [16 Nov 2015]

First, if you aren't listening to the Risky Business podcast, fix that. Patrick Gray is my go-to source for infosec news. In the News: The insight we get into breaches is sparse, so be armed with these stories. JPMorgan's 2014 Hack Tied to Largest Cyber…

Security Budget Tips [PART 2], from CISOs, for CISOs

CISO Series: Budgeting Part II Hopefully you've read (and maybe even benefitted from) Part I of my CISO Budgeting blog. To recap, I interviewed a group of CISOs about how they use budgetary discussions for career growth, and what advice they'd give to others looking…

What is SQL Injection?

The SQL Injection is one of the oldest and most embarrassing vulnerabilities web enabled code faces. It is so old that there really is no excuse for only a niche of people (namely web security professionals) to understand how it works. Every time I think…

Getting Started with VERIS

We did a webcast with @hrbrmstr @gdbassett from the Verizon team last week, discussing how to get started VERIS, the Vocabulary for Event Recording and Incident Sharing. If you missed that webcast- check it out! If you joined us, thanks for coming out. We've attached…

Trey's InfoSec SitRep [09 Nov 2015]

In the News Man Who Tried to Hire Hacker to Wipe Out Court Fines Sentenced to 2-4 Years in Prison| SoftPedia Hackers Claim Million-Dollar Bounty for iOS Zero Day Attack | Wired (Just in case you missed this publicity stunt...) The cost of immaturity | The Economist…

Security Budget Tips, from CISOs, for CISOs

CISO Series: Budgeting I have provided a brief overview of the genesis of the CISO series, and now it is time to tackle our first topic: security budgets. Whether you're the CISO of a large public company or leading security at an early-stage startup, rich…

Trey's InfoSec SitRep [02 Nov 2015]

In the News: Further confusion at TalkTalk claims it was hit by 'sequential attack' | The Register Talk Talk got hit by SQLi- an unforgiving web application vulnerability that gets missed, then found, then gets you free and embarrassing press. TalkTalk hack: What to do if…

What is VERIS?

If you'd like to understand more of the nuts and bolts about VERIS, join us for a webcast November 5 2015 at 2pm ET: Understanding VERIS: the DBIR's Secret Decoder Ring Data driven security is all the rage, and laughably few of us encode and…

Introducing the CISO Blog Series

Since joining Rapid7 I've gotten to work on some pretty cool projects, the most recent of which is capturing a body of knowledge for the community… by CISOs, for CISOs.The evolution of the CISO role, of course, is nothing new, and there's plenty…

Trey's InfoSec SitRep [26 Oct 2015]

I keep getting asked about what's happening in the news. Because I'm so efficient—and that's hacker-speak for lazy—I go to a couple key sources for news. One of my absolute favorites is Patrick Gray's Risk.bizSince I'm often sharing links of…

Building an Effective Security Team

Concluding our National Cyber Security Awareness Month webcast series, next week I'll be joining a discussion around how to develop, nurture, and retain good security staff:Building an Effective Security TeamWednesday, October 28th at 11am ET/ 8am PT and 4pm BSTChris Calvert, Senior Strategy Manager,…

The Black Hat Attendee Guide Part 5a - The Magic of People

Joining us for the first time? This post is part of a series that starts right here.So this post is a bit of a bonus. I've asked my dear friend Quinton Jones to share some wisdom and inspiration on how he injects passion and…