J.M. Porup

Senior Writer

J.M. Porup has been a security geek since 2002, when he got his first job in IT. Since then he's covered national security and information security for a variety of publications, and now calls CSOonline home. He previously reported from Colombia for four years, where he wrote travel guidebooks to Latin America, and speaks Spanish fluently with a hilarious gringo-Colombian accent.

8 security tools and tips for journalists

8 security tools and tips for journalists

Journalists have a giant red target on their backs. How can we defend ourselves?

Insecure by design: What you need to know about defending critical infrastructure

Insecure by design: What you need to know about defending critical infrastructure

Patching is useless most of the time, industrial control systems (ICS) security expert tells Senate committee.

New Cyber Security Style Guide helps bridge the communication gap

New Cyber Security Style Guide helps bridge the communication gap

Poor communication is a security flaw. Time to patch.

Another massive DDoS internet blackout could be coming your way

Another massive DDoS internet blackout could be coming your way

A massive internet blackout similar to the Dyn DNS outage in 2016 could easily happen again, despite relatively low-cost countermeasures, according to a new study out of Harvard University.

What is SQL injection? This oldie but goodie can make your web applications hurt

What is SQL injection? This oldie but goodie can make your web applications hurt

SQL injection attacks are well-understood and easily preventable, and the priority for risk mitigation should be preventing SQL injection attacks in the first place. Listen to Little Bobby Tables and sanitize your database inputs.

Security lessons from the 2018 Pyeongchang Winter Olympics

Security lessons from the 2018 Pyeongchang Winter Olympics

Shiny buttons that go "ping!" considered harmful.

What does the GDPR and the

What does the GDPR and the "right to explanation" mean for AI?

Security teams increasingly rely on machine learning and artificial intelligence to protect assets. Will a requirement to explain how they make decisions make them less effective?

The Qubes high-security operating system gains traction in the enterprise

The Qubes high-security operating system gains traction in the enterprise

Qubes OS defends at-risk enterprise users from targeted attacks, as well as drive-by malware and the Meltdown exploit.

Are the BSDs dying? Some security researchers think so

Are the BSDs dying? Some security researchers think so

To few eyeballs on code is a security issue. Can FreeBSD, OpenBSD, and NetBSD survive?

Are bad analogies killing your security training program?

Are bad analogies killing your security training program?

Humans make irrational decisions under pressure. Security training needs to focus on changing behavior, not just raising awareness. Using effective analogies can help.

Rating software security Consumer Reports-style

Rating software security Consumer Reports-style

The Cyber Independent Testing Lab (CITL) is fuzzing binaries at scale and building a checklist of compile-time security best practices.

Meltdown and Spectre patches: Where to start and what to expect

Meltdown and Spectre patches: Where to start and what to expect

You need to apply Meltdown and Spectre patches to pretty much everything in your enterprise. And you need to start now. We help you prioritize.

Meltdown and Spectre affect the smartphone in your pocket. Should you be worried?

Meltdown and Spectre affect the smartphone in your pocket. Should you be worried?

Android and iOS devices are vulnerable to the latest hardware security flaw, and not all are easily patched. The good news: Exploits are hard (maybe) and so far none are known.

What is cyber security? How to build a cyber security strategy

What is cyber security? How to build a cyber security strategy

Organizations face many threats to their information systems and data. Understanding all the basic elements to cyber security is the first step to meeting those threats.

AWS raises machine learning expectations for cloud security

AWS raises machine learning expectations for cloud security

AWS's new GuardDuty and Macie offerings unleash the power of machine learning to secure your data. Are they right for your enterprise?

Is source code inspection a security risk? Maybe not, experts say

Is source code inspection a security risk? Maybe not, experts say

Some information security insiders raised a red flag when Russian requests to review security software code became known. The controversy may be a tempest in a teapot.

Load More