Cynthia Brumfield

Cynthia Brumfield is a veteran communications and technology analyst who is currently focused on cybersecurity. She runs a cybersecurity news destination site, Metacurity.com, consults with companies through her firm DCT-Associates, and is the author of the book published by Wiley, Cybersecurity Risk Management: Mastering the Fundamentals Using the NIST Cybersecurity Framework.

Recent cases highlight need for insider threat awareness and action

D&O insurance not yet a priority despite criminal trial of Uber’s former CISO

D&O insurance not yet a priority despite criminal trial of Uber’s former CISO

The cost is too high and the risk too low to offer CISOs directors-and-officers insurance at many companies. Protective governance policies might make more sense.

International cooperation is key to fighting threat actors and cybercrime

International cooperation is key to fighting threat actors and cybercrime

Western intelligence and national security leaders emphasize the importance of collaborating to better prepare and respond to cybersecurity threats.

US OMB releases guidance on federal agency software security requirements

US OMB releases guidance on federal agency software security requirements

The guidance aims to improve the security of software federal agencies use, but expects self-attestation for compliance.

U.S. government offensive cybersecurity actions tied to defensive demands

U.S. government offensive cybersecurity actions tied to defensive demands

Current and former U.S. government officials explain the country's "defense forward" and offensive cybersecurity policies and their risks.

CISA launches incident, ransomware reporting rulemaking RFI

CISA launches incident, ransomware reporting rulemaking RFI

The U.S. Cybersecurity and Infrastructure Security Agency seeks input on a common set of cybersecurity incident reporting regulations.

Russia-linked cyberattacks on Ukraine: A timeline

Russia-linked cyberattacks on Ukraine: A timeline

Cyber incidents are playing a central role in the Russia-Ukraine conflict. Here's how events are unfolding along with unanswered questions.

NIST CSF 2.0 Workshop emphasizes global appeal, metrics and assessment

NIST CSF 2.0 Workshop emphasizes global appeal, metrics and assessment

About 7,000 international workshop attendees heard discussions of NIST's plans for Cybersecurity Framework 2.0, which aims to offer more guidance on supply chain security, measurement, and implementation, among other topics.

FTC begins sweeping commercial surveillance and lax data security rulemaking process

FTC begins sweeping commercial surveillance and lax data security rulemaking process

While some praise the FTC's efforts, some in Congress worry that it overlaps with and possibly jeopardizes the passing of the American Data Privacy and Protection Act.

How a Venezuelan disinformation campaign swayed voters in Colombia

How a Venezuelan disinformation campaign swayed voters in Colombia

A Black Hat presentation explains how Russia-aligned Venezuela influenced the presidential election in Colombia to its political benefit.

How harm reduction can more effectively reduce employee risky behavior

How harm reduction can more effectively reduce employee risky behavior

Black Hat speaker proposes framework to reduce the negative consequences of risky user actions and encourage them to follow security's advice.

The Secret Service’s missing text messages: Lessons for IT security

The Secret Service’s missing text messages: Lessons for IT security

The drama in Washington shines a light on the challenges in securing mobile communications and the role that document destruction and retention policies play in organizational security.

Load More