Josh Fruhlinger

Contributing writer

Josh Fruhlinger is a writer and editor who lives in Los Angeles.

Opsec examples: 6 spectacular operational security failures

Opsec examples: 6 spectacular operational security failures

Even savvy dark web denizens sometimes fail to cover their tracks.

Certified ethical hacker: CEH certification cost, training, and value

Certified ethical hacker: CEH certification cost, training, and value

Learn how CEH certification will impact your job and salary and how to decide if this cert is right for you.

CompTIA Security+: Prerequisites, objectives, and cost

CompTIA Security+: Prerequisites, objectives, and cost

Learn how CompTIA Security+ certification will impact your job and salary and how to decide if this cert is right for you.

Tabletop exercises: Six sample scenarios

Tabletop exercises: Six sample scenarios

Tabletop exercises are a low-stress, high-impact way to test your plans for handling a crisis. Here are some tips for getting the most out of the process, plus six scenarios you can use to start your journey.

15 top open-source intelligence tools

15 top open-source intelligence tools

OSINT (open-source intelligence) is the practice of collecting information from published or otherwise publicly available sources. These tools will help you find sensitive public info before bad guys do.

Tabletop exercises explained: Definition, examples, and objectives

Tabletop exercises explained: Definition, examples, and objectives

A tabletop exercise is an informal, discussion-based session in which a team or discusses their roles and responses during an emergency, walking through one or more example scenarios.

10 old software bugs that took way too long to squash

10 old software bugs that took way too long to squash

As these examples show, vulnerabilities can lurk within production code for years or decades—and attacks can come at any time.

HITRUST explained: One framework to rule them all

HITRUST explained: One framework to rule them all

HITRUST is a cybersecurity framework that seeks to unify the rules for many other existing regulatory and industry frameworks, including HIPAA, GDPR, PCI-DSS, and more.

The CSO role today: Responsibilities and requirements for the top security job

The CSO role today: Responsibilities and requirements for the top security job

The CSO is the executive responsible for the organization's entire security posture, both physical and cyber, and has the big picture view of the company's operational risk.

5 tips for getting started with SOAR

5 tips for getting started with SOAR

Security orchestration, automation, and response (SOAR) platforms coordinate information produced by a wide range of security tools and automate much of their analysis and protective responses.

How single sign on (SSO) works: Definition, examples, and solutions

How single sign on (SSO) works: Definition, examples, and solutions

Single sign-on (SSO) is a centralized session and user authentication service in which one set of login credentials can be used to access multiple applications.

The password hall of shame (and 10 tips for better password security)

The password hall of shame (and 10 tips for better password security)

Banish these common passwords now and employ these tips for better password security.

Zero days explained: How unknown vulnerabilities become gateways for attackers

Zero days explained: How unknown vulnerabilities become gateways for attackers

A zero day is a security flaw that has not yet been patched by the vendor and can be exploited. The name evokes a scenario where an attacker has gotten the jump on a software vendor, implementing attacks that exploit the flaw before...

How the CISO role is evolving

How the CISO role is evolving

The chief information security officer (CISO) is the executive responsible for an organization's information and data security. Learn what it takes to land a CISO job and how to be successful in the role.

Does it matter who the CISO reports to?

Does it matter who the CISO reports to?

Reporting relationships are more than lines on an org chart, they're lines of authority. Ultimately, who the CISO reports to may say more about an organization's maturity than it does about an individual's effectiveness.

FISMA basics: What federal agencies and contractors need to know

FISMA basics: What federal agencies and contractors need to know

FISMA, or the Federal Information Security Management Act, is a U.S. federal law passed in 2002 that seeks to establish guidelines and cybersecurity standards for government tech infrastructure, and in so doing protect government...

The HITECH Act explained: Definition, compliance, and violations

The HITECH Act explained: Definition, compliance, and violations

The Health Information Technology for Economic and Clinical Health (HITECH) Act aims to expand the use of electronic health records through incentives to health care providers and consumers. It also tightens rules on providers to...

DDoS explained: How distributed denial of service attacks are evolving

DDoS explained: How distributed denial of service attacks are evolving

A distributed denial of service (DDoS) attack is when attackers attempt to make it impossible for a service to be delivered, typically by drowning a system with requests for data. They have been part of the criminal toolbox for twenty...

COPPA explained: How this law protects children's privacy

COPPA explained: How this law protects children's privacy

The Children's Online Privacy Protection Act is a U.S. law that aims to protect the privacy and personally identifying information of children under the age of 13 who use online services.

FIDO explained: How this industry initiative aims to make passwords obsolete

FIDO explained: How this industry initiative aims to make passwords obsolete

The FIDO Alliance is an industry association that promotes the use of public-key cryptography to bring strong authentication to the Web.

Load More