Cynthia Brumfield

Cynthia Brumfield is a veteran communications and technology analyst who is currently focused on cybersecurity. She runs a cybersecurity news destination site, Metacurity.com, consults with companies through her firm DCT-Associates, and is the author of the book published by Wiley, Cybersecurity Risk Management: Mastering the Fundamentals Using the NIST Cybersecurity Framework.

FTC begins sweeping commercial surveillance and lax data security rulemaking process

How a Venezuelan disinformation campaign swayed voters in Colombia

How a Venezuelan disinformation campaign swayed voters in Colombia

A Black Hat presentation explains how Russia-aligned Venezuela influenced the presidential election in Columbia to its political benefit.

How harm reduction can more effectively reduce employee risky behavior

How harm reduction can more effectively reduce employee risky behavior

Black Hat speaker proposes framework to reduce the negative consequences of risky user actions and encourage them to follow security's advice.

The Secret Service’s missing text messages: Lessons for IT security

The Secret Service’s missing text messages: Lessons for IT security

The drama in Washington shines a light on the challenges in securing mobile communications and the role that document destruction and retention policies play in organizational security.

Spyware infections continue as the U.S. federal government takes notice

Spyware infections continue as the U.S. federal government takes notice

As more high-profile instances of spyware misuse come to light, the U.S. government begins to take action to address the threat.

Spate of pending U.S. privacy initiatives could significantly impact businesses

Spate of pending U.S. privacy initiatives could significantly impact businesses

Bolstered by the overturned Roe v. Wade decision, several privacy initiatives could force businesses to review how they process, store, and protect data.

Cyber Safety Review Board warns that Log4j event is an “endemic vulnerability”

Cyber Safety Review Board warns that Log4j event is an “endemic vulnerability”

The CSRB report predicts the Log4J risk will continue for years and offers best practices for mitigating the threat.

U.S. NDAA heads into the home stretch with significant cybersecurity amendments pending

U.S. NDAA heads into the home stretch with significant cybersecurity amendments pending

The main defense spending bill might enact the most significant pieces of U.S. cybersecurity legislation this year.

An updated pipeline security directive is underway, reflecting TSA struggles

An updated pipeline security directive is underway, reflecting TSA struggles

The TSA directives issued after the Colonial Pipeline attack have been widely criticized, but the agency is working with the industry to improve them.

Microsoft's Defending Ukraine report offers fresh details on digital conflict and disinformation

Microsoft's Defending Ukraine report offers fresh details on digital conflict and disinformation

Russia will use what it learned from its destructive cyber actions in Ukraine for other operations. "There is no going back to normal."

5 years after NotPetya: Lessons learned

5 years after NotPetya: Lessons learned

NotPetya vastly broadened the scope of damage that malware attacks could do and forced CISOs and security researchers to rethink their approach.

U.S. data privacy and security solutions emerging at the federal level

U.S. data privacy and security solutions emerging at the federal level

The American Data Privacy and Protection Act bill faces a tough battle for passage, but the Biden administration is considering actions of its own.

Load More