J.M. Porup

Senior Writer

J.M. Porup has been a security geek since 2002, when he got his first job in IT. Since then he's covered national security and information security for a variety of publications, and now calls CSOonline home. He previously reported from Colombia for four years, where he wrote travel guidebooks to Latin America, and speaks Spanish fluently with a hilarious gringo-Colombian accent.

Inside the 2014 hack of a Saudi embassy

Inside the 2014 hack of a Saudi embassy

According to documents seen by CSO, an unknown attacker took control of the official email account of the Saudi embassy in The Netherlands and demanded a ransom of $50 million for ISIS.

9 top hacker movies and TV shows of all time

9 top hacker movies and TV shows of all time

Movies and TV shows have long influenced how lawmakers and society think about information security. We all have our personal favorite we're obsessed with. What's yours?

What is Metasploit? And how to use this popular hacking tool

What is Metasploit? And how to use this popular hacking tool

Metasploit is a widely used penetration testing tool that makes hacking way easier than it used to be. It has become an indispensable tool for both red team and blue team.

SoftNAS Cloud 0day found: Upgrade ASAP

SoftNAS Cloud 0day found: Upgrade ASAP

SoftNAS Cloud users should upgrade immediately following a report by Digital Defense that the virtual cloud appliance is vulnerable to a session management security issue.

City of Raleigh implements ICS monitoring tool for water treatment plants

City of Raleigh implements ICS monitoring tool for water treatment plants

Securing operational technology systems is a different game than IT, but the City of Raleigh has deployed a CSO50 award-winning network monitoring solution that gives them greater visibility into its PLCs.

Preserving the privacy of large data sets: Lessons learned from the Australian census

Preserving the privacy of large data sets: Lessons learned from the Australian census

Preserving the privacy of large data sets is hard, as the Australian Bureau of Statistics found out. These are the big takeaways for the upcoming U.S. census and others dealing with large amounts of personal data.

What is Mimikatz? And how to defend against this password stealing tool

What is Mimikatz? And how to defend against this password stealing tool

Mimikatz is a leading post-exploitation tool that dumps passwords from memory, as well as hashes, PINs and Kerberos tickets.

Better, badder, bigger SIEM coming your way, folks, courtesy of Google

Better, badder, bigger SIEM coming your way, folks, courtesy of Google

Google/Alphabet's Chronicle cybersecurity moonshot has a doozy of a mega-gargantuan SIEM with huge pluses--and minuses. Take note.

Bruce Schneier takes his pitch for public-interest security to RSA Conference

Bruce Schneier takes his pitch for public-interest security to RSA Conference

Bruce Schneier's new all-day track at the RSA Conference explores idea that security pros, like lawyers, should be expected to engage in a certain amount of pro bono work.

8 cheap or free cybersecurity training resources

8 cheap or free cybersecurity training resources

Use these free and cheap resources to train employees in entry-level cybersecurity skills, and to help job seekers "hack through the HR firewall."

HP gives software robots their own IDs to audit their activities

HP gives software robots their own IDs to audit their activities

What are your robots up to? HP's new in-house Digital ID for software robots, a CSO50 award winner, makes it easier to keep track of robotic process automation (RPA).

Add cybersecurity to Doomsday Clock concerns, says Bulletin of Atomic Scientists

Add cybersecurity to Doomsday Clock concerns, says Bulletin of Atomic Scientists

The Doomsday Clock, once a ritual feature of the Cold War, warns that cybersecurity issues like IoT and cyber-enabled information warfare endanger humanity.

How ADP identifies and reduces third-party risk

How ADP identifies and reduces third-party risk

CSO50 award winner ADP's third-party assurance program helps it manage and mitigate risks posed by suppliers and contractors.

OSCP cheating allegations a reminder to verify hacking skills when hiring

OSCP cheating allegations a reminder to verify hacking skills when hiring

A former student’s claim of widespread cheating on the OSCP exam underscores need to test security job candidates.

Why America is not prepared for a Stuxnet-like cyber attack on the energy grid

Why America is not prepared for a Stuxnet-like cyber attack on the energy grid

The U.S. energy grid continues to be vulnerable to Aurora-like attacks that could cause blackouts lasting a year or more.

4 tips to mitigate Slack security risks

4 tips to mitigate Slack security risks

A Slack breach would be a nightmare in terms of exposed sensitive data. Here's how to lock down your Slack workspaces.

Three encrypted Slack alternatives worth a look

Three encrypted Slack alternatives worth a look

Slack is not end-to-end encrypted, leaving workplaces that use the popular collaboration tool vulnerable to both hackers and nation-state attacks. These encrypted alternatives will keep your team chats private.

What is Australia's AA Bill and how will it affect US companies?

What is Australia's AA Bill and how will it affect US companies?

Australia's new AA Bill turns Australian employees and vendors into a supply chain security risk.

Fear and loathing defending ICS security at DoE's CyberForce Competition

Fear and loathing defending ICS security at DoE's CyberForce Competition

Defending critical infrastructure from determined attackers is not an easy task, CSO reporter J.M. Porup learned competing in the Department of Energy's CyberForce Competition 2018, a cyber security training initiative.

BlackBerry's acquisition of Cylance raises eyebrows in the security community

BlackBerry's acquisition of Cylance raises eyebrows in the security community

BlackBerry's move into the endpoint security game may create public safety issues, given the company's history with encryption backdoors, experts say.

Load More