J.M. Porup

Senior Writer

J.M. Porup has been a security geek since 2002, when he got his first job in IT. Since then he's covered national security and information security for a variety of publications, and now calls CSOonline home. He previously reported from Colombia for four years, where he wrote travel guidebooks to Latin America, and speaks Spanish fluently with a hilarious gringo-Colombian accent.

City of Raleigh implements ICS monitoring tool for water treatment plants

City of Raleigh implements ICS monitoring tool for water treatment plants

Securing operational technology systems is a different game than IT, but the City of Raleigh has deployed a CSO50 award-winning network monitoring solution that gives them greater visibility into its PLCs.

Preserving the privacy of large data sets: Lessons learned from the Australian census

Preserving the privacy of large data sets: Lessons learned from the Australian census

Preserving the privacy of large data sets is hard, as the Australian Bureau of Statistics found out. These are the big takeaways for the upcoming U.S. census and others dealing with large amounts of personal data.

What is Mimikatz? And how to defend against this password stealing tool

What is Mimikatz? And how to defend against this password stealing tool

Mimikatz is a leading post-exploitation tool that dumps passwords from memory, as well as hashes, PINs and Kerberos tickets.

Better, badder, bigger SIEM coming your way, folks, courtesy of Google

Better, badder, bigger SIEM coming your way, folks, courtesy of Google

Google/Alphabet's Chronicle cybersecurity moonshot has a doozy of a mega-gargantuan SIEM with huge pluses--and minuses. Take note.

Bruce Schneier takes his pitch for public-interest security to RSA Conference

Bruce Schneier takes his pitch for public-interest security to RSA Conference

Bruce Schneier's new all-day track at the RSA Conference explores idea that security pros, like lawyers, should be expected to engage in a certain amount of pro bono work.

8 cheap or free cybersecurity training resources

8 cheap or free cybersecurity training resources

Use these free and cheap resources to train employees in entry-level cybersecurity skills, and to help job seekers "hack through the HR firewall."

HP gives software robots their own IDs to audit their activities

HP gives software robots their own IDs to audit their activities

What are your robots up to? HP's new in-house Digital ID for software robots, a CSO50 award winner, makes it easier to keep track of robotic process automation (RPA).

Add cybersecurity to Doomsday Clock concerns, says Bulletin of Atomic Scientists

Add cybersecurity to Doomsday Clock concerns, says Bulletin of Atomic Scientists

The Doomsday Clock, once a ritual feature of the Cold War, warns that cybersecurity issues like IoT and cyber-enabled information warfare endanger humanity.

How ADP identifies and reduces third-party risk

How ADP identifies and reduces third-party risk

CSO50 award winner ADP's third-party assurance program helps it manage and mitigate risks posed by suppliers and contractors.

OSCP cheating allegations a reminder to verify hacking skills when hiring

OSCP cheating allegations a reminder to verify hacking skills when hiring

A former student’s claim of widespread cheating on the OSCP exam underscores need to test security job candidates.

Why America is not prepared for a Stuxnet-like cyber attack on the energy grid

Why America is not prepared for a Stuxnet-like cyber attack on the energy grid

The U.S. energy grid continues to be vulnerable to Aurora-like attacks that could cause blackouts lasting a year or more.

4 tips to mitigate Slack security risks

4 tips to mitigate Slack security risks

A Slack breach would be a nightmare in terms of exposed sensitive data. Here's how to lock down your Slack workspaces.

Three encrypted Slack alternatives worth a look

Three encrypted Slack alternatives worth a look

Slack is not end-to-end encrypted, leaving workplaces that use the popular collaboration tool vulnerable to both hackers and nation-state attacks. These encrypted alternatives will keep your team chats private.

What is Australia's AA Bill and how will it affect US companies?

What is Australia's AA Bill and how will it affect US companies?

Australia's new AA Bill turns Australian employees and vendors into a supply chain security risk.

Fear and loathing defending ICS security at DoE's CyberForce Competition

Fear and loathing defending ICS security at DoE's CyberForce Competition

Defending critical infrastructure from determined attackers is not an easy task, CSO reporter J.M. Porup learned competing in the Department of Energy's CyberForce Competition 2018, a cyber security training initiative.

BlackBerry's acquisition of Cylance raises eyebrows in the security community

BlackBerry's acquisition of Cylance raises eyebrows in the security community

BlackBerry's move into the endpoint security game may create public safety issues, given the company's history with encryption backdoors, experts say.

Cylance researchers discover powerful new nation-state APT

Cylance researchers discover powerful new nation-state APT

A new APT, dubbed White Company, is flexing its muscle on the world stage, and it has security researchers worried.

Learn to play defense by hacking these broken web apps

Learn to play defense by hacking these broken web apps

OWASP's Broken Web Applications Project makes it easy to learn how to hack web applications--a critical skill for web application developers playing defense, junior penetration testers, and security-curious management.

Doctored Jim Acosta video shows why fakes don’t need to be deep to be dangerous

Doctored Jim Acosta video shows why fakes don’t need to be deep to be dangerous

White House promotion of an allegedly doctored press conference video shows how "shallow fakes" can manipulate opinion.

Critical authentication flaw in DJI drone web app fixed

Critical authentication flaw in DJI drone web app fixed

Check Point researcher finds vulnerability that could have allowed attackers to spy on drone fleets in real time.

Load More