Leslie K. Lambert

Leslie K. Lambert, CISSP, CISM, CISA, CRISC, CIPP/US/G, former CISO for Juniper Networks and Sun Microsystems, has over 30 years of experience in information security, IT risk and compliance, security policies, standards and procedures, incident management, intrusion detection, security awareness and threat vulnerability assessments and mitigation. She received CSO Magazine’s 2010 Compass Award for security leadership and was named one of Computerworld’s Premier 100 IT Leaders in 2009. An Anita Borg Institute Ambassador since 2006, Leslie has mentored women across the world in technology. Leslie has also served on the board of the Bay Area CSO Council since 2005. Lambert holds an MBA in Finance and Marketing from Santa Clara University and an MA and BA in Experimental Psychology.

The opinions expressed in this blog are those of Leslie K. Lambert and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

Beyond risk scoring

Bridging the CIO and CISO divide

Bridging the CIO and CISO divide

Why identity and access management is at the core of the gulf between these two C-suite roles.

Pain in the PAM

Pain in the PAM

In order to prevent security breaches, insider attacks and comply with regulatory mandates, organizations must proactively monitor and manage privileged access. As the compromise and misuse of identity is often at the core of modern...

Security by the people

Security by the people

Sometimes it takes a village. In the case of information security, sometimes it takes an employee. Forward thinking enterprises can go beyond simply providing IT security awareness training and hygiene tips for their users, and enlist...

Catching a RAT by the tail

Catching a RAT by the tail

Last month I examined how machine learning could be used to detect low and slow insider threats. In this, the final installment of my trilogy on real-world use cases from the recent Verizon Data Breach Digest, I’ll discuss how remote...

Detecting low and slow insider threats

Detecting low and slow insider threats

In my last post I discussed how machine learning could be used to detect phishing-based account compromise attacks using a real-world use case from the recent Verizon Data Breach Digest. This time I’ll examine how to detect insider...

Machine learning and social engineering attacks

Machine learning and social engineering attacks

In my last post I promised to use some real-world use cases from the recent Verizon Data Breach Digest report to illustrate potential ways that machine learning be can used to detect or prevent similar incidents in the future. For my...

Machine learning is reshaping security

Machine learning is reshaping security

At the recent RSA Conference it was virtually impossible to find a vendor that was not claiming to use machine learning. Both new and established companies are now touting “machine learning” as a major component of the data science...

Cloud blurs personal and corporate identities

Cloud blurs personal and corporate identities

When hackers posted online contact lists and other documents stolen from the AOL account of CIA Director John Brennan, they not only exposed a security breach with national security implications. They also shined a light on a glaring...

Why we need behavior-centric detection and response

Why we need behavior-centric detection and response

According to the Verizon 2015 Data Breach Investigations Report (DBIR), 60 percent of the time, attackers were able to compromise an organization within minutes. Meanwhile, in more than 75 percent of the cases, the average time to...

Identity theft in the enterprise

Identity theft in the enterprise

Identity theft, historically considered a consumer threat, is expanding its horizons. Looking for bigger game, attackers are targeting the enterprise with similar tactics used to hijack online and financial accounts belonging to...

What can we learn from JPMorgan’s insider breaches?

What can we learn from JPMorgan’s insider breaches?

Another former JPMorgan Chase & Co. (JPMC) employee was recently arrested by the FBI on charges of stealing customer data and trying to sell it. Similar incidents have occurred multiple times at JPMC over the past few years. Upon...

Load More