Rapid7 Blog

CISOs  

CISO Guidance on Building the Team: Part II

Haven't read part one of this blog? TL;DR:The security talent gap is real.Creating and promoting strong company culture attracts and retains top performers.Security professionals should always be actively recruiting – both internally and externally.With that gross oversimplification under our belts,…

CISO Guidance on Building the Team

If I had a nickel for every time I read about the “security skills shortage”…well, suffice to say that everyone seems to lament the lack of strong talent in this industry, and the low number of eager young graduates seeking to…

Security Budget Tips [PART 2], from CISOs, for CISOs

CISO Series: Budgeting Part II Hopefully you've read (and maybe even benefitted from) Part I of my CISO Budgeting blog. To recap, I interviewed a group of CISOs about how they use budgetary discussions for career growth, and what advice they'd give to others looking…

Security Budget Tips, from CISOs, for CISOs

CISO Series: Budgeting I have provided a brief overview of the genesis of the CISO series, and now it is time to tackle our first topic: security budgets. Whether you're the CISO of a large public company or leading security at an early-stage startup, rich…

Introducing the CISO Blog Series

Since joining Rapid7 I've gotten to work on some pretty cool projects, the most recent of which is capturing a body of knowledge for the community… by CISOs, for CISOs.The evolution of the CISO role, of course, is nothing new, and there's plenty…

Push vs Pull Security

I woke up from a dream this morning. Maybe you can help me figure out what it means.Your company hired me to build a security program. They had in mind a number of typical things. Build a secure software development lifecycle so app developers…

Security in Energy & Utilities

Energy and utilities (E&U) companies must comply with standards such as NERC, protect their SCADA systems against compromise, and cope with the expansion of the smart grid as home energy systems become increasingly connected to the Internet of Things. So how do these…

CISOs: Do you have enough locks on your doors?

In a previous blog post, I referenced some research on how people plan for, or rather how they fail to plan for, natural disasters like floods. At the end of the blog post I mentioned that people who have poor mental models about disasters fail…

Insiders and Outsiders in Security

“Those fools. They didn't even bother to do X. And everyone knows you have to do X.”If you've been in Infosec for even a short time, you've seen this sort of statement, whether explicit or implicit, about something in the news. It…

Introducing the CISO in Residence

At the start of 2010 I started as Twitter's first security hire. You may recall a number of security challenges we were facing at that time. We had to build out a number of teams to deal with the entire spectrum of security issues. Today…

Top 3 Takeaways from "CyberSecurity Awareness Panel: Taking it to the C-Level and Beyond"

Hi, I'm Meredith Tufts. I recently joined Rapid7 and if you were on the live Oct. 30th's webcast, “CyberSecurity Awareness Panel: Taking to the C-Level and Beyond” – I was your moderator. It's nice to be here on SecurityStreet, and this week I'm…

Cyber Security Awareness Month: Data Custodianship

By now, you know that October is Cyber Security Awareness Month in the US and across the European Union. We know many SecurityStreet readers work in information security and are already “aware” - so this year we're equipping you for executive tier cyber…

A CISOs Cloudy Reality

An OverviewFor many organizations, especially fast-paced hyper growth companies like Rapid7, the appropriate use of Cloud services can be the difference between success and failure.  As these products and solutions revolutionize the way we do business, CISOs must contemplate what constitutes appropriate use. In…

Featured Research

National Exposure Index 2017

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More

Toolkit

Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Featured Research

Quarterly Threat Report

Rapid7’s Quarterly Threat Report leverages intelligence from our extensive network—including the Insight platform, managed detection and response engagements, Project Sonar, Heisenberg Cloud, and the Metasploit community—to put today’s shifting threat landscape into perspective. It gives you a clear picture of the threats that you face within your unique industry, and how those threats change throughout the year.

Learn More