J.M. Porup

Senior Writer

J.M. Porup has been a security geek since 2002, when he got his first job in IT. Since then he's covered national security and information security for a variety of publications, and now calls CSOonline home. He previously reported from Colombia for four years, where he wrote travel guidebooks to Latin America, and speaks Spanish fluently with a hilarious gringo-Colombian accent.

IoT vendors ignore basic security best practices, CITL research finds

IoT vendors ignore basic security best practices, CITL research finds

New measurements by the CITL mass fuzzing project show just how bad things really are--and how IoT device makers could radically increase binary security with one day of engineering work.

ICS as a cloud service is coming: Will the benefits outweigh the risks?

ICS as a cloud service is coming: Will the benefits outweigh the risks?

Plugging industrial control and operational technology equipment into cloud-based monitoring and remote management systems increases visibility, but it also takes away their security by obscurity.

Improving BGP routing security by minding your MANRS

Improving BGP routing security by minding your MANRS

Enterprises can improve their routing security for modest costs, according to the Mutually Agreed Norms for Routing Security (MANRS) project.

The best and worst of Black Hat 2019

The best and worst of Black Hat 2019

Security rock stars? Fake science? This year's Black Hat had it all.

Black Hat keynote: Why security culture needs to change

Black Hat keynote: Why security culture needs to change

Dino Dai Zovi tells Black Hat audience to embrace a culture where security is everyone's job and risks are shared. Automation with feedback loops also key to solving security challenges at scale

Inside the 2014 hack of a Saudi embassy

Inside the 2014 hack of a Saudi embassy

According to documents seen by CSO, an unknown attacker took control of the official email account of the Saudi embassy in The Netherlands and demanded a ransom of $50 million for ISIS.

7 must-see talks at Black Hat and DEF CON 2019

7 must-see talks at Black Hat and DEF CON 2019

Information security is fundamentally political. It's refreshing to see so many talks this year that merge policy and technology.

What is a zero day? A powerful but fragile weapon

What is a zero day? A powerful but fragile weapon

A zero day is a security flaw that has not yet been patched by the vendor and can be exploited. These vulnerabilities fetch high prices on the black market

11 top DEF CON and Black Hat talks of all time

11 top DEF CON and Black Hat talks of all time

Hacker summer camp in Vegas is almost upon us again. Here are some of the best talks of all time. Will this year's talks measure up to these legends?

Why getting election security right for 2020 matters

Why getting election security right for 2020 matters

The U.S. is moving at glacial speed to secure election systems against possible interference by foreign adversaries. We're not even close to ready, and that could call contests into question.

Secure elections scorecard: Grading the candidate and Congressional proposals

Secure elections scorecard: Grading the candidate and Congressional proposals

After 2016's election security debacle, there's a push to secure America's electronic voting infrastructure. Some of the proposals are good. Others fall short. CSO investigates.

Safely deploying TLS certificates: 5 common mistakes to avoid

Safely deploying TLS certificates: 5 common mistakes to avoid

A properly configured TLS cert is the first layer of defense for data in transit. Here are some tips to ensure a secure deployment.

6 questions to ask before buying an ICS / OT security monitoring tool

6 questions to ask before buying an ICS / OT security monitoring tool

Shopping for an ICS / OT monitoring solution? Here's what you need to know about evaluating the vendors.

10 penetration testing tools the pros use

10 penetration testing tools the pros use

Penetration testing is a simulated cyber attack where professional ethical hackers break into corporate networks to find weaknesses ... before attackers do.

IT services giant HCL left employee passwords, other sensitive data exposed online

IT services giant HCL left employee passwords, other sensitive data exposed online

HCL left employee passwords, customer project details, and other sensitive information exposed online with no authentication.

Will the U.S. government draft cybersecurity professionals?

Will the U.S. government draft cybersecurity professionals?

A Congressional commission might soon recommend conscription of cybersecurity professionals to serve in both the military and civil service. Will the government force security pros to work for Uncle Sam?

200 million-record breach: Why collecting too much data raises risk

200 million-record breach: Why collecting too much data raises risk

Avoid the siren song of big data and collect only what you need. This is the big takeaway from a 200-million record direct marketing list, including home address, telephone, religious affiliation and financial information now...

How to get started using Ghidra, the free reverse engineering tool

How to get started using Ghidra, the free reverse engineering tool

The Ghidra reverse engineering tool is free to download and use and is a worthy alternative to incumbent IDA Pro. Here's what you need to know to get started. (Some assembly required.)

Why your business continuity and disaster recovery plans should account for EMP attacks and GMD events

Why your business continuity and disaster recovery plans should account for EMP attacks and GMD events

A new executive order from the White House directs critical infrastructure to prepare for electromagnetic pulse (EMP) attacks, but geomagnetic disturbance (GMD) events caused by solar flares are a greater threat to the enterprise.

How New York City plans to become a cybersecurity hub

How New York City plans to become a cybersecurity hub

America's largest city has been hit hard by the cybersecurity skills shortage and is working to grow its cybersecurity workforce.

Load More