J.M. Porup

Senior Writer

J.M. Porup got his start in security working as a Linux sysadmin in 2002. Since then he's covered national security and information security for a variety of publications, and now calls CSO Online home. He previously reported from Colombia for four years, where he wrote travel guidebooks to Latin America, and speaks Spanish fluently with a hilarious gringo-Colombian accent. He holds a Masters degree in Information and Cybersecurity (MICS) from UC Berkeley.

Making the case for hardware 2FA in the enterprise

Making the case for hardware 2FA in the enterprise

Hardware 2FA tokens are the best and cheapest defense against phishing and credential stuffing attacks, but there are some gotchas.

Kali Linux explained: A pentester’s toolkit

Kali Linux explained: A pentester’s toolkit

Kali Linux is the most popular penetration testing Linux distro, and jam packed with almost every offensive security tool you can think of.

11 penetration testing tools the pros use

11 penetration testing tools the pros use

Penetration testing is a simulated cyber attack where professional ethical hackers break into corporate networks to find weaknesses ... before attackers do.

What's the difference between the deep web and the dark web?

What's the difference between the deep web and the dark web?

We hear the terms "deep web" and "dark web" thrown around a lot... but what do they actually mean? And what's the difference between the two? CSO Online writer J.M. Porup joins Juliet to dispel rumors and discuss what sets the deep...

5 things you should know about cybersecurity insurance

5 things you should know about cybersecurity insurance

Understanding what it can and can't do for your business is critical to getting the most out of a cyber insurance policy.

8 steps to being (almost) completely anonymous online

8 steps to being (almost) completely anonymous online

The universe may believe in encryption, but it doesn't believe in anonymity. You're going to have to work for it.

With email security, some things can't be outsourced

With email security, some things can't be outsourced

You can outsource your email, but a good chunk of securing that email remains in-house. Here's what you need to know.

How Adobe monitors cloud deployments to control shadow IT

How Adobe monitors cloud deployments to control shadow IT

Keeping an eye on your cloud deployments is key to preventing yet another data breach. Adobe's MAVLink program does just that.

Inspecting TLS-encrypted traffic with mitmproxy

Inspecting TLS-encrypted traffic with mitmproxy

The free, open-source mitmproxy tool makes it easy to inspect TLS-encrypted app and web traffic to see exactly who your phone is talking to.

How to stop email spoofing of parked domains

How to stop email spoofing of parked domains

Publishing a DMARC record for unused domains is a good idea. Here's how.

Backdoors and Breaches incident response card game makes tabletop exercises fun

Backdoors and Breaches incident response card game makes tabletop exercises fun

New Backdoors and Breaches card game makes it easy to build a random, realistic incident as part of a tabletop exercise.

Are we running out of time to fix aviation cybersecurity?

Are we running out of time to fix aviation cybersecurity?

A new report from the Atlantic Council on aviation cybersecurity underscores the poor state of aviation security — and worse, how poorly understood the problem is within the industry.

"Penn Test" challenge helps infosec team think like attackers

At Penn Medicine, gamifying security training builds skills, drives employee retention.

How a nuclear plant got hacked

How a nuclear plant got hacked

India's Kudankulam Nuclear Power Plant (KNPP) publicly admitted they discovered malware on their networks. It likely could have been easily avoided.

How a bank got hacked

How a bank got hacked

Notorious hacker Phineas Phisher claims to have netted hundreds of thousands of pounds sterling in a 2016 hack of the Cayman National Isle of Man Bank. Here's how he did it and why it's cause for concern.

What is Shodan? The search engine for everything on the internet

What is Shodan? The search engine for everything on the internet

Defenders find this simple tool valuable for finding vulnerable devices attached to the web that need to be secured.

Can Security Onion replace your commercial IDS?

Can Security Onion replace your commercial IDS?

Security Onion is a free intrusion detection system (IDS), security monitoring, and log management solution. Just one catch: You need skilled employees to manage it.

Boeing's poor information security posture threatens passenger safety, national security, researcher says

Boeing's poor information security posture threatens passenger safety, national security, researcher says

The aircraft maker failed to perform minimum due diligence in securing its networks, then tried to cover it up, security researcher Chris Kubecka tells Aviation Cyber Security conference attendees.

Stop ignoring printer security: It's time for CSOs to take control

Stop ignoring printer security: It's time for CSOs to take control

Despite shipping with mature security features, most printer deployments are insecure because of misplaced financial and organizational incentives.

What is the Tor Browser? And how it can help protect your identity

What is the Tor Browser? And how it can help protect your identity

The Tor Browser is a web broswer that anonymizes your web traffic using the Tor network, making it easy to protect your identity online.

Load More