J.M. Porup

Senior Writer

J.M. Porup got his start in security working as a Linux sysadmin in 2002. Since then he's covered national security and information security for a variety of publications, and now calls CSO Online home. He previously reported from Colombia for four years, where he wrote travel guidebooks to Latin America, and speaks Spanish fluently with a hilarious gringo-Colombian accent. He holds a Masters degree in Information and Cybersecurity (MICS) from UC Berkeley.

The Latest from J.M.

Feature

How and why deepfake videos work — and what is at risk

Once the bailiwick of Hollywood special effects studios with multi-million-dollar budgets, now anyone can download deepfake software and use machine learning to make believable fake videos. This makes a lot of people nervous.

Feature

11 top DEF CON and Black Hat talks of all time

Hacker summer camp is almost upon us again. Here are some of the best talks of all time. Will this year's virtual talks measure up to these legends?

News Analysis

Why abandoned domain names are so dangerous

Abandoned domain names are low-hanging fruit for attackers, who can use them to access sensitive email or customer data.

Feature

Should you deploy a TLS 1.3 middlebox?

Organizations moving to the TLS 1.3 protocol must decide whether to deploy middleboxes that intercept network traffic for greater visibility, but doing so presents security and regulatory risks.

Feature

5 examples of security theater and how to spot them

Security theater is a term coined by Bruce Schneier to describe security measures that satisfy our emotional need to take action, but don’t actually improve security. Rooting these out can save considerable time and money -- and make...

Feature

Hashcat explained: How this password cracker works

Hashcat is a popular and effective password cracker widely used by both penetration testers and sysadmins as well as criminals and spies. At its most basic level, hashcat guesses a password, hashes it, and then compares the resulting...

Feature

Make simple software security checks part of your purchasing process

A few hours of due diligence when evaluating software for purchase is cheaper than incident response clean up.

Feature

Email spoofing explained: Who does it and how?

Forging email has been with us since the beginning of the internet, but new security kludges are making it a lot harder.

Today in Tech by J.M. Porup

Podcast: Is end-to-end encryption for videoconferencing important?

Podcast: Why new remote work policies attract hackers

With widespread mandated work from home policies due to the coronavirus, many employees are working remotely for the first time. In some cases, employers had never intended their employees to be remote-only, and they may lack key work...

Feature

Bug bounty platforms buy researcher silence, violate labor laws, critics say

The promise of crowdsourced cybersecurity, fueled by "millions of hackers," turns out to be a pipe dream, despite high-octane marketing from the bug bounty platforms.

Popular Resources

eBook
Sponsored

5 Ways that SD-WAN Transforms Your Network
Video/Webcast
Sponsored

Accelerate the wave of innovation with Cisco CX Cloud.
White Paper

A Deep Dive into Business Analytics
eGuide
Sponsored

Breaking free of Broadcom
White Paper

Research Report: Executive Competencies for InfoSec Leaders

See All

Once the bailiwick of Hollywood special effects studios with multi-million-dollar budgets, now anyone can download deepfake software and use machine learning to make believable fake videos. This makes a lot of people nervous.

Hacker summer camp is almost upon us again. Here are some of the best talks of all time. Will this year's virtual talks measure up to these legends?

Abandoned domain names are low-hanging fruit for attackers, who can use them to access sensitive email or customer data.

Organizations moving to the TLS 1.3 protocol must decide whether to deploy middleboxes that intercept network traffic for greater visibility, but doing so presents security and regulatory risks.

Security theater is a term coined by Bruce Schneier to describe security measures that satisfy our emotional need to take action, but don’t actually improve security. Rooting these out can save considerable time and money -- and make...

Hashcat is a popular and effective password cracker widely used by both penetration testers and sysadmins as well as criminals and spies. At its most basic level, hashcat guesses a password, hashes it, and then compares the resulting...

A few hours of due diligence when evaluating software for purchase is cheaper than incident response clean up.

Forging email has been with us since the beginning of the internet, but new security kludges are making it a lot harder.

More people are relying on videoconferencing software to do their jobs and chat with friends and family. This uptick in use highlighted some security concerns like “Zoombombing” and the lack of end-to-end encryption in popular...

With widespread mandated work from home policies due to the coronavirus, many employees are working remotely for the first time. In some cases, employers had never intended their employees to be remote-only, and they may lack key work...

The promise of crowdsourced cybersecurity, fueled by "millions of hackers," turns out to be a pipe dream, despite high-octane marketing from the bug bounty platforms.