David Strom

David Strom writes and speaks about security, networking and communications topics for CSO Online, Network World, Computerworld, and other publications. He can be reached through his web site, or on Twitter @dstrom.

What is MITRE's ATT&CK framework? What red teams need to know

How to find the right testing tool for Okta, Auth0, and other SSO solutions

How to find the right testing tool for Okta, Auth0, and other SSO solutions

Implementing a single sign-on solution can be complicated, especially if you have apps that are not in the SSO vendor's catalog. These tools can simplify the process.

Mitre D3FEND explained: A new knowledge graph for cybersecurity defenders

Mitre D3FEND explained: A new knowledge graph for cybersecurity defenders

D3FEND is a new schema released by Mitre last month to establish a common language to help cyber defenders share strategies and methods. It is a companion project to the company’s ATT&CK framework.

CSPM explained: Filling the gaps in cloud security

CSPM explained: Filling the gaps in cloud security

Cloud security posture management (CSPM) provides threat intelligence, detection, and remediation for complex cloud environments.

How to hack 2FA: 5 attack methods explained

How to hack 2FA: 5 attack methods explained

As two-factor authentication becomes more widespread, criminals seek novel ways to subvert it. Here's what you need to know.

What is IAM? Identity and access management explained

What is IAM? Identity and access management explained

IAM products provide IT managers with tools and technologies for controlling user access to critical information within an organization.

Top 7 security mistakes when migrating to cloud-based apps

Top 7 security mistakes when migrating to cloud-based apps

As organizations rush key apps to the cloud to support remote workers, they often create opportunities for attackers. These are the most common mistakes to avoid.

Homomorphic encryption tools find their niche

Homomorphic encryption tools find their niche

Current homomorphic encryption offerings require fewer specialized skills and are proving themselves effective in some use cases.

10 common cloud security mistakes that put your data at risk

10 common cloud security mistakes that put your data at risk

Yes, the cloud offers many security advantages over on-premises, especially for smaller organizations, but only if you avoid these mistakes around cloud configuration, monitoring and patching.

Securing Microsoft Teams: The options are limited

Securing Microsoft Teams: The options are limited

The popular messaging and video conferencing platform comes with security and privacy risks. These are your limited native and third-party options for protecting users and data.

What is application security? A process and tools for securing software

What is application security? A process and tools for securing software

Application security is the process of making apps more secure by finding, fixing, and enhancing the security of apps. Checking for security flaws in your applications is essential as threats become more potent and prevalent.

Is now the time to deploy passwordless options?

Is now the time to deploy passwordless options?

Viable options are now available to supplement or eliminate (almost) the need for password authentication. Here are reasons why passwordless might work for you.

Load More