J.M. Porup

Senior Writer

J.M. Porup got his start in security working as a Linux sysadmin in 2002. Since then he's covered national security and information security for a variety of publications, and now calls CSO Online home. He previously reported from Colombia for four years, where he wrote travel guidebooks to Latin America, and speaks Spanish fluently with a hilarious gringo-Colombian accent. He holds a Masters degree in Information and Cybersecurity (MICS) from UC Berkeley.

How to stop email spoofing of parked domains

How to stop email spoofing of parked domains

Publishing a DMARC record for unused domains is a good idea. Here's how.

Backdoors and Breaches incident response card game makes tabletop exercises fun

Backdoors and Breaches incident response card game makes tabletop exercises fun

New Backdoors and Breaches card game makes it easy to build a random, realistic incident as part of a tabletop exercise.

Are we running out of time to fix aviation cybersecurity?

Are we running out of time to fix aviation cybersecurity?

A new report from the Atlantic Council on aviation cybersecurity underscores the poor state of aviation security — and worse, how poorly understood the problem is within the industry.

"Penn Test" challenge helps infosec team think like attackers

At Penn Medicine, gamifying security training builds skills, drives employee retention.

How a nuclear plant got hacked

How a nuclear plant got hacked

India's Kudankulam Nuclear Power Plant (KNPP) publicly admitted they discovered malware on their networks. It likely could have been easily avoided.

How a bank got hacked

How a bank got hacked

Notorious hacker Phineas Phisher claims to have netted hundreds of thousands of pounds sterling in a 2016 hack of the Cayman National Isle of Man Bank. Here's how he did it and why it's cause for concern.

What is Shodan? The search engine for everything on the internet

What is Shodan? The search engine for everything on the internet

Defenders find this simple tool valuable for finding vulnerable devices attached to the web that need to be secured.

Can Security Onion replace your commercial IDS?

Can Security Onion replace your commercial IDS?

Security Onion is a free intrusion detection system (IDS), security monitoring, and log management solution. Just one catch: You need skilled employees to manage it.

Boeing's poor information security posture threatens passenger safety, national security, researcher says

Boeing's poor information security posture threatens passenger safety, national security, researcher says

The aircraft maker failed to perform minimum due diligence in securing its networks, then tried to cover it up, security researcher Chris Kubecka tells Aviation Cyber Security conference attendees.

Stop ignoring printer security: It's time for CSOs to take control

Stop ignoring printer security: It's time for CSOs to take control

Despite shipping with mature security features, most printer deployments are insecure because of misplaced financial and organizational incentives.

What is the Tor Browser? And how it can help protect your identity

What is the Tor Browser? And how it can help protect your identity

The Tor Browser is a web broswer that anonymizes your web traffic using the Tor network, making it easy to protect your identity online.

Presidential campaign websites fail at privacy, new study shows

Presidential campaign websites fail at privacy, new study shows

A non-partisan analysis of 23 presidential campaign websites reveals glaring privacy issues.

5 OT security takeaways CISOs need to communicate to stakeholders

5 OT security takeaways CISOs need to communicate to stakeholders

Operational technology security requires a different approach than IT security. Here are key takeaways CSOs need to communicate to other executives and boards of directors.

Speaker disinvites at CyberCon spark controversy

Speaker disinvites at CyberCon spark controversy

NSA whistleblower Thomas Drake and Australian academic Dr. Suelette Dreyfus disinvited from speaking at CyberCon a week before the conference.

Voting machine security: What to look for and what to look out for

Voting machine security: What to look for and what to look out for

The US Senate approved $250 million to help states purchase more secure voting equipment — but includes no provisions for what "secure" means. Our buying guide will help state election officials spend taxpayer money wisely.

5 top cybersecurity masters degrees: Which is right for you?

5 top cybersecurity masters degrees: Which is right for you?

New cyber masters degrees are popping up all over the place. Here's our unscientific rundown of the top five.

6 questions candidates should ask at every security job interview

6 questions candidates should ask at every security job interview

The cybersecurity skills shortage means security pros can be picky about where they work. Here's how to suss out bad employers.

IoT vendors ignore basic security best practices, CITL research finds

IoT vendors ignore basic security best practices, CITL research finds

New measurements by the CITL mass fuzzing project show just how bad things really are--and how IoT device makers could radically increase binary security with one day of engineering work.

ICS as a cloud service is coming: Will the benefits outweigh the risks?

ICS as a cloud service is coming: Will the benefits outweigh the risks?

Plugging industrial control and operational technology equipment into cloud-based monitoring and remote management systems increases visibility, but it also takes away their security by obscurity.

Improving BGP routing security by minding your MANRS

Improving BGP routing security by minding your MANRS

Enterprises can improve their routing security for modest costs, according to the Mutually Agreed Norms for Routing Security (MANRS) project.

Load More