J.M. Porup

Senior Writer

J.M. Porup has been a security geek since 2002, when he got his first job in IT. Since then he's covered national security and information security for a variety of publications, and now calls CSOonline home. He previously reported from Colombia for four years, where he wrote travel guidebooks to Latin America, and speaks Spanish fluently with a hilarious gringo-Colombian accent.

Safely deploying TLS certificates: 5 common mistakes to avoid

Safely deploying TLS certificates: 5 common mistakes to avoid

A properly configured TLS cert is the first layer of defense for data in transit. Here are some tips to ensure a secure deployment.

6 questions to ask before buying an ICS / OT security monitoring tool

6 questions to ask before buying an ICS / OT security monitoring tool

Shopping for an ICS / OT monitoring solution? Here's what you need to know about evaluating the vendors.

10 penetration testing tools the pros use

10 penetration testing tools the pros use

Penetration testing is a simulated cyber attack where professional ethical hackers break into corporate networks to find weaknesses ... before attackers do.

IT services giant HCL left employee passwords, other sensitive data exposed online

IT services giant HCL left employee passwords, other sensitive data exposed online

HCL left employee passwords, customer project details, and other sensitive information exposed online with no authentication.

Will the U.S. government draft cybersecurity professionals?

Will the U.S. government draft cybersecurity professionals?

A Congressional commission might soon recommend conscription of cybersecurity professionals to serve in both the military and civil service. Will the government force security pros to work for Uncle Sam?

200 million-record breach: Why collecting too much data raises risk

200 million-record breach: Why collecting too much data raises risk

Avoid the siren song of big data and collect only what you need. This is the big takeaway from a 200-million record direct marketing list, including home address, telephone, religious affiliation and financial information now...

How to get started using Ghidra, the free reverse engineering tool

How to get started using Ghidra, the free reverse engineering tool

The Ghidra reverse engineering tool is free to download and use and is a worthy alternative to incumbent IDA Pro. Here's what you need to know to get started. (Some assembly required.)

Why your business continuity and disaster recovery plans should account for EMP attacks and GMD events

Why your business continuity and disaster recovery plans should account for EMP attacks and GMD events

A new executive order from the White House directs critical infrastructure to prepare for electromagnetic pulse (EMP) attacks, but geomagnetic disturbance (GMD) events caused by solar flares are a greater threat to the enterprise.

How New York City plans to become a cybersecurity hub

How New York City plans to become a cybersecurity hub

America's largest city has been hit hard by the cybersecurity skills shortage and is working to grow its cybersecurity workforce.

What is a side channel attack? How these end-runs around encryption put everyone at risk

What is a side channel attack? How these end-runs around encryption put everyone at risk

Side channel attacks on cryptography break confidentiality by exploiting information produced by the encryption — such as van Eck phreaking in a TEMPEST attack, courtesy the van across the street.

How and why deepfake videos work — and what is at risk

How and why deepfake videos work — and what is at risk

Once the bailiwick of Hollywood special effects studios with multi-million-dollar budgets, now anyone can download deepfake software and use machine learning to make believable fake videos. This makes a lot of people nervous.

9 top hacker movies and TV shows of all time

9 top hacker movies and TV shows of all time

Movies and TV shows have long influenced how lawmakers and society think about information security. We all have our personal favorite we're obsessed with. What's yours?

What is Metasploit? And how to use this popular hacking tool

What is Metasploit? And how to use this popular hacking tool

Metasploit is a widely used penetration testing tool that makes hacking way easier than it used to be. It has become an indispensable tool for both red team and blue team.

SoftNAS Cloud 0day found: Upgrade ASAP

SoftNAS Cloud 0day found: Upgrade ASAP

SoftNAS Cloud users should upgrade immediately following a report by Digital Defense that the virtual cloud appliance is vulnerable to a session management security issue.

City of Raleigh implements ICS monitoring tool for water treatment plants

City of Raleigh implements ICS monitoring tool for water treatment plants

Securing operational technology systems is a different game than IT, but the City of Raleigh has deployed a CSO50 award-winning network monitoring solution that gives them greater visibility into its PLCs.

Preserving the privacy of large data sets: Lessons learned from the Australian census

Preserving the privacy of large data sets: Lessons learned from the Australian census

Preserving the privacy of large data sets is hard, as the Australian Bureau of Statistics found out. These are the big takeaways for the upcoming U.S. census and others dealing with large amounts of personal data.

What is Mimikatz? And how to defend against this password stealing tool

What is Mimikatz? And how to defend against this password stealing tool

Mimikatz is a leading post-exploitation tool that dumps passwords from memory, as well as hashes, PINs and Kerberos tickets.

Better, badder, bigger SIEM coming your way, folks, courtesy of Google

Better, badder, bigger SIEM coming your way, folks, courtesy of Google

Google/Alphabet's Chronicle cybersecurity moonshot has a doozy of a mega-gargantuan SIEM with huge pluses--and minuses. Take note.

Bruce Schneier takes his pitch for public-interest security to RSA Conference

Bruce Schneier takes his pitch for public-interest security to RSA Conference

Bruce Schneier's new all-day track at the RSA Conference explores idea that security pros, like lawyers, should be expected to engage in a certain amount of pro bono work.

8 cheap or free cybersecurity training resources

8 cheap or free cybersecurity training resources

Use these free and cheap resources to train employees in entry-level cybersecurity skills, and to help job seekers "hack through the HR firewall."

Load More