Brian Contos

Want to Join?

Over the last two decades Brian Contos helped build some of the most successful and disruptive cybersecurity companies in the world. He is a published author and proven business leader.

After getting his start in security with the Defense Information Systems Agency (DISA) and later Bell Labs, Brian began the process of building security startups and taking multiple companies through successful IPOs and acquisitions including: Riptech, ArcSight, Imperva, McAfee and Solera Networks. Brian has worked in over 50 countries across six continents and is a fellow with the Ponemon Institute and ICIT.

The opinions expressed in this blog are those of Brian Contos and do not necessarily represent those of IDG Communications Inc. or its parent, subsidiary or affiliated companies.

Congrats - you’re the new CISO…now what

Before you buy another cybersecurity buzzword

Before you buy another cybersecurity buzzword

Your security posture should not be based on assumptions. It should be based on empiric evidence. That empiric evidence can be derived by validating your controls with security instrumentation solutions. You may very well discover...

What some cybersecurity vendors don’t want you to know

What some cybersecurity vendors don’t want you to know

When evaluating security products, you might be doing it wrong if you’re not incorporating assurance testing.

What football teaches us about cybersecurity

What football teaches us about cybersecurity

You wouldn’t expect your football team, that never practices, to win the Super Bowl but we expect our cybersecurity professionals win every day.

Inadequate intelligence integration

Inadequate intelligence integration

Threat intelligence can add value to your security posture but it usually doesn’t.

SIEMs sometimes suck

SIEMs sometimes suck

By leveraging these capabilities your SIEM rules won’t be based on “hope” but rather empiric evidence. You will be sure you are getting the right source data and preforming the relevant correlations necessary to trigger on real...

Defensive regression in cybersecurity

Defensive regression in cybersecurity

There has been a lot of talk lately about defensive regression in cybersecurity. But what exactly is defensive regression? It's not the regression that Sigmund Freud talks about, although there are plenty of folks that don't act like...

Diversity, STEM and Ada Lovelace Day

Diversity, STEM and Ada Lovelace Day

Celebrate diversity. Get kids interested in STEM. Help them become aware of the people that are changing the world.

Man in the middle attacks on mobile apps

Man in the middle attacks on mobile apps

Man in the middle attacks (MiTM) are a popular method for hackers to get between a sender and a receiver. MiTM attacks, which are a form of session hijacking are not new. However, what might not be known is that mobile devices are...

Mobile app reversing and tampering

Mobile app reversing and tampering

Mobile applications are, well, applications. And like any application they need to be protected. I’ve been blogging about attacks on mobile like mobile malware, mobile pharming and mobile phishing and I even wrote a blog on data...

Data at rest encryption for mobile devices

Data at rest encryption for mobile devices

Data at rest encryption is about as far from a cutting-edge topic as one can get. But while encrypting inactive data that is stored digitally is regarded by most security professionals as a must have, as well as data in use and...

Mobile malware – same attacks – different pathogens

Mobile malware – same attacks – different pathogens

I’ve been blogging about mobile attacks and how they can be different than attacks on more traditional platforms. For example, I wrote about: Mobile phishing – same attacks – different hooks Mobile pharming – same attacks –...

Load More