Ilia Kolochenko
star Advisor
IDG Contributor Network
Want to Join?
Opinions expressed by ICN authors are their own.
Ilia Kolochenko is a Swiss application security expert and entrepreneur. Ilia holds a BS (Hons.) in Mathematics and Computer Science, and is currently performing his Master of Legal Studies degree at Washington University in St. Louis.
Starting his career as a penetration tester, he later founded web security company High-Tech Bridge, headquartered in Geneva. Under his management, High-Tech Bridge won SC Awards Europe 2017 and was named a Gartner Cool Vendor 2017 among numerous other prestigious awards for innovation in application security and machine learning.
Ilia is a contributing writer for SC Magazine UK, Dark Reading and Forbes, mainly writing about cybercrime and application security. He is also a member of the Forbes Technology Council.
The opinions expressed in this blog are those of Ilia Kolochenko and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.
Five most common myths about Web security
Running behind trendy APTs we tend to forget about common-sense approach and holistic risk assessment.
Blackhole exploit kit author sent to jail: Pyrrhic victory for the cybersecurity industry
The imprisonment is rather a defeat than a victory for our industry if we carefully look into the details.
Cybersecurity spending: more does not necessarily mean better
Cybersecurity is not something you can just buy, but something you should thoroughly build.
Why PCI DSS cannot replace common sense and holistic risk assessment
Cybersecurity compliance is not designed to eliminate data breaches or stop cybercrime.
Web Application Firewall: a must-have security control or an outdated technology?
Can WAF be an efficient security control for modern web applications?
Five rules to conduct a successful cybersecurity RFP
It’s too early to speak about a cybersecurity bubble, however, it becomes more and more difficult to distinguish genuine security companies, with solid in-house technologies, and experts with flashy marketing and FUD (Fear,...
Facebook scandal or can bug bounties replace traditional web security?
Can crowd-sourcing approach to web security testing work for your corporate applications?
How to calculate ROI and justify your cybersecurity budget
If you speak with management about money – speak their language and you will definitely get what you need.
Five reasons why hackers easily get in
Vulnerable web application is a great gift for hackers, as it significantly reduces their time, cost and efforts to get into corporate network. Why companies fail to secure their web apps?
Spending millions on APT defense? Don’t forget about Third Party Risk Management
Being a large company, you have a risk when hiring a third-party consultant - you condemn them to be hacked instead of you.
DDoS attacks: a perfect smoke screen for APTs and silent data breaches
Growing DDoS attacks more and more frequently try to distract incident response teams in order to hide much bigger security incidents.
How to secure the Internet of Things and who should be liable for it?
How to secure connected devices before it will be too late?
CTF players versus professional penetration testers
I decided to write this post after several friends of mine, CISOs within different organizations, asked me if Capture the Flag (CTF) experience makes any difference when evaluating incoming CVs for internal IT security auditor or...
The Oracle blog mess is missing a global business perspective
Lot of interesting opinions were expressed about recent Oracle's CSO blog post, however not many of them covered the business background of the story. Let's try to fix it.
Continuous monitoring and web security: Are you competitive with Black Hats?
Nowadays security companies have to compete not only with other vendors, but also with sophisticated cyber gangs. If you will fail to detect and patch security vulnerabilities in a timely manner – Black Hats will do it for you, but...
Modern APTs start at your corporate website
Have you ever though which role your corporate web applications may play in an APT attack against your company?
Cybersecurity and geopolitics are intertwined
Have you ever thought how the global economy and geopolitics influence cybersecurity and cybercrime? Some people may think that these are two completely different domains, however they are strongly and permanently related.
Think your website isn’t worth anything to hackers? Think again
Many people think that if their website is not an e-banking application or e-commerce platform, hackers have nothing to steal. They think that a hacked website can be quickly and easily repaired, and nobody will ever remember the...