UNITED STATES
×
Close
J.M. Porup

J.M. Porup

Senior Writer

J.M. Porup got his start in security working as a Linux sysadmin in 2002. Since then he's covered national security and information security for a variety of publications, and now calls CSO Online home. He previously reported from Colombia for four years, where he wrote travel guidebooks to Latin America, and speaks Spanish fluently with a hilarious gringo-Colombian accent. He holds a Masters degree in Information and Cybersecurity (MICS) from UC Berkeley.

The Latest from J.M.
Dear future victim, please panic
Opinion

Dear future victim, please panic

I am the opportunistic infection, THE DORMANT CYBER PATHOGEN now awakes! While you're worried about COVID-19 infection, I'm already inside your networks!

4 steps to build redundancy into your security team
Feature

4 steps to build redundancy into your security team

A biological virus infecting your critical security staff could wreak havoc on your business. These practices will reduce your risk.

Open-source options offer increased SOC tool interoperability
News Analysis

Open-source options offer increased SOC tool interoperability

Too many security tools in your SOC, and none of them talk to each other, but new vendor-supported open-source projects might lead to greater interoperability.

Making the case for hardware 2FA in the enterprise
Feature

Making the case for hardware 2FA in the enterprise

Hardware 2FA tokens are the best and cheapest defense against phishing and credential stuffing attacks, but there are some gotchas.

Kali Linux explained: A pentester’s toolkit
Feature

Kali Linux explained: A pentester’s toolkit

Kali Linux is the most popular penetration testing Linux distro, and jam packed with almost every offensive security tool you can think of.

5 things you should know about cybersecurity insurance
Feature

5 things you should know about cybersecurity insurance

Understanding what it can and can't do for your business is critical to getting the most out of a cyber insurance policy.

8 steps to being (almost) completely anonymous online
Analysis

8 steps to being (almost) completely anonymous online

The universe may believe in encryption, but it doesn't believe in anonymity. You're going to have to work for it.

With email security, some things can't be outsourced
Feature

With email security, some things can't be outsourced

You can outsource your email, but a good chunk of securing that email remains in-house. Here's what you need to know.

How Adobe monitors cloud deployments to control shadow IT
Feature

How Adobe monitors cloud deployments to control shadow IT

Keeping an eye on your cloud deployments is key to preventing yet another data breach. Adobe's MAVLink program does just that.

Inspecting TLS-encrypted traffic with mitmproxy
Feature

Inspecting TLS-encrypted traffic with mitmproxy

The free, open-source mitmproxy tool makes it easy to inspect TLS-encrypted app and web traffic to see exactly who your phone is talking to.

How to stop email spoofing of parked domains
How-To

How to stop email spoofing of parked domains

Publishing a DMARC record for unused domains is a good idea. Here's how.

Backdoors and Breaches incident response card game makes tabletop exercises fun
Review

Backdoors and Breaches incident response card game makes tabletop exercises fun

New Backdoors and Breaches card game makes it easy to build a random, realistic incident as part of a tabletop exercise.

Are we running out of time to fix aviation cybersecurity?
News Analysis

Are we running out of time to fix aviation cybersecurity?

A new report from the Atlantic Council on aviation cybersecurity underscores the poor state of aviation security — and worse, how poorly understood the problem is within the industry.

Feature

"Penn Test" challenge helps infosec team think like attackers

At Penn Medicine, gamifying security training builds skills, drives employee retention.

How a nuclear plant got hacked
Feature

How a nuclear plant got hacked

India's Kudankulam Nuclear Power Plant (KNPP) publicly admitted they discovered malware on their networks. It likely could have been easily avoided.

How a bank got hacked
News Analysis

How a bank got hacked

Notorious hacker Phineas Phisher claims to have netted hundreds of thousands of pounds sterling in a 2016 hack of the Cayman National Isle of Man Bank. Here's how he did it and why it's cause for concern.

Can Security Onion replace your commercial IDS?
Feature

Can Security Onion replace your commercial IDS?

Security Onion is a free intrusion detection system (IDS), security monitoring, and log management solution. Just one catch: You need skilled employees to manage it.

Boeing's poor information security posture threatens passenger safety, national security, researcher says
News

Boeing's poor information security posture threatens passenger safety, national security, researcher says

The aircraft maker failed to perform minimum due diligence in securing its networks, then tried to cover it up, security researcher Chris Kubecka tells Aviation Cyber Security conference attendees.

Stop ignoring printer security: It's time for CSOs to take control
Feature

Stop ignoring printer security: It's time for CSOs to take control

Despite shipping with mature security features, most printer deployments are insecure because of misplaced financial and organizational incentives.

What is the Tor Browser? And how it can help protect your identity
Feature

What is the Tor Browser? And how it can help protect your identity

The Tor Browser is a web broswer that anonymizes your web traffic using the Tor network, making it easy to protect your identity online.

Load More