Cynthia Brumfield

Cynthia Brumfield is a veteran communications and technology analyst who is currently focused on cybersecurity. She runs a cybersecurity news destination site, Metacurity.com, consults with companies through her firm DCT-Associates, and is the author of the book published by Wiley, Cybersecurity Risk Management: Mastering the Fundamentals Using the NIST Cybersecurity Framework.

Biden memo aims to bolster cybersecurity in national security systems

Russia-linked cyberattacks on Ukraine: A timeline

Russia-linked cyberattacks on Ukraine: A timeline

Cyber incidents are playing a central role in the Russia-Ukraine conflict. Here's how events are unfolding along with unanswered questions.

Tech sector embraces public-private collaboration on open-source software security

Tech sector embraces public-private collaboration on open-source software security

Participants in a White House meeting on securing open-source software expressed optimism for working effectively with government to help prevent Log4j-like events.

CISA sees no significant harm from Log4j flaws but worries about future attacks

CISA sees no significant harm from Log4j flaws but worries about future attacks

The U.S. cybersecurity agency can't rule out that adversaries are using Log4j to gain persistent access to launch attacks later.

FTC, SEC raise legal risks surrounding the log4j flaw

FTC, SEC raise legal risks surrounding the log4j flaw

The U.S. Federal Trade Commission also threatened possible legal action for companies that don't address the risk from the Log4j vulnerabilities.

Security leaders on how to cope with stress of Log4j

Security leaders on how to cope with stress of Log4j

The Log4j vulnerability puts great pressure on security teams already stretched thin dealing with ransomware and other attacks. This advice will help them cope.

NIST gears up for software security and IoT labeling pilot programs

NIST gears up for software security and IoT labeling pilot programs

Intended to help consumer make more secure software and IoT device purchases, the labeling guidelines are voluntary and self-policing at this time.

U.S. Cyber Command’s actions against ransomware draw support and criticism

U.S. Cyber Command’s actions against ransomware draw support and criticism

The actions, which temporarily took down REvil, raise questions about using the military to combat ransomware.

NIST workshop provides clues to upcoming software supply chain security guidelines

NIST workshop provides clues to upcoming software supply chain security guidelines

Experts at a NIST-sponsored workshop weigh in on what might be in the final version of the Biden executive-order-mandated supply chain security guidelines.

Cyberwar’s global players—it’s not always Russia or China

Cyberwar’s global players—it’s not always Russia or China

Research reveals that countries such as Belarus, India, and Colombia are responsible for significant cyberattacks.

Pentagon announces version 2.0 of its controversial CMMC program

Pentagon announces version 2.0 of its controversial CMMC program

CMMC 2.0 simplifies the process for SMBs, but critics say the verification process relies too much on self-attestation.

Infrastructure bill includes $1.9 billion for cybersecurity

Infrastructure bill includes $1.9 billion for cybersecurity

Passage of the infrastructure bill includes $1.9 billion for cybersecurity, and more could be on the way with the Build Back Better and other bills working their way through Congress.

Load More