Mary K. Pratt

Contributing writer

Mary K. Pratt is a freelance writer based in Massachusetts.

How Carrier’s product security team delivers the ‘right support for the right product’

How Carrier’s product security team delivers the ‘right support for the right product’

Carrier CPSO John Deskurakis developed a framework for product security that works for the lifecycle of all products across all business lines

7 critical steps for successful security onboarding

7 critical steps for successful security onboarding

Creating a culture of security starts on day one, say veteran security leaders. Here’s their advice for making that initial security training more effective.

How ABM built a cohesive security program around zero trust

How ABM built a cohesive security program around zero trust

CISO Stephanie Franklin-Thomas advances ABM’s security program with a holistic approach to zero trust, putting equal emphasis on people, process, and technology.

How OKRs keep security programs on track

How OKRs keep security programs on track

This goal-setting framework can help security teams stay focused on priorities, but success requires a commitment to implementing supporting practices.

MITRE Engage: a framework for deception

MITRE Engage: a framework for deception

The new framework helps security teams understand their adversaries by creating engagement opportunities that keep defenders in control, says MITRE CISO Bill Hill.

6 security analyst job description red flags that make hiring harder

6 security analyst job description red flags that make hiring harder

With security professionals in short supply, it pays to ensure your job postings aren’t turning away good candidates. Here are six things experts say to avoid and what to do instead.

Locked in: How long is too long for security vendor contracts?

Locked in: How long is too long for security vendor contracts?

Security moves fast. Here’s how experts say you should find the right balance among agility, stability, and price.

How Code42 automates insider risk response

How Code42 automates insider risk response

When insiders exhibit risky behaviors, good-natured bots reach out to provide support in this CSO50 award-winning project.

How Visa fights fraud

How Visa fights fraud

The financial services company has made massive investments in data and analytics to better detect and prevent fraud.

6 tips for effective security job postings (and 6 missteps to avoid)

6 tips for effective security job postings (and 6 missteps to avoid)

With demand for security professionals outstripping supply, employers need to ensure their job postings hit the mark. Here’s how to write a security job posting that attracts qualified candidates.

For one software maker, an SBOM adds value to the product

For one software maker, an SBOM adds value to the product

At Instant Connect, an SBOM has become part of the product offering, says Chief Product Officer Wes Wells.

Vulnerability management mistakes CISOs still make

Vulnerability management mistakes CISOs still make

These common missteps and misconceptions may be keeping your vulnerability management from being the best it can be.

Raytheon’s John DeSimone on building the offensive line

Raytheon’s John DeSimone on building the offensive line

Security teams need to become more proactive and go after malware, says DeSimone.

12 steps to building a top-notch vulnerability management program

12 steps to building a top-notch vulnerability management program

Security experts share their best advice for the essential ingredients of a solid vulnerability management program, including foundational elements to put in place, workflows to establish, who to involve, and metrics to track.

Equifax’s Jamil Farshchi: Security shouldn’t be a trade secret

Equifax’s Jamil Farshchi: Security shouldn’t be a trade secret

Farshchi joined the credit reporting agency in 2018 with a mandate for change following the company’s high-profile data breach. Today, he’s calling for greater transparency and collaboration in the security community, with Equifax...

Security leaders chart new post-CISO career paths

Security leaders chart new post-CISO career paths

The evolution and growing prominence of the CISO role gives holders more options on where to go next in their careers.

Is your security organization ripe for a reorg?

Is your security organization ripe for a reorg?

CISOs should revisit organizational structure as part of their overall strategic plans and after big shifts in enterprise needs. But experts warn that reorganizing alone isn’t a recipe for success.

Who is your biggest insider threat?

Who is your biggest insider threat?

Phishing simulations aren't enough for identifying your organization’s most vulnerable insiders or minimizing their risk.

MassMutual’s Ariel Weintraub on bringing more intelligence to security

MassMutual’s Ariel Weintraub on bringing more intelligence to security

For the insurance company CISO, a do-it-yourself approach to security analytics and SOC staffing, pays off in increased agility and quicker responses to threats.

VMware’s Karen Worstell: This isn’t a black swan world anymore

VMware’s Karen Worstell: This isn’t a black swan world anymore

Over the past 30 years, several disruptive events have completely changed the practice of security. The challenge for CISOs: take the lessons of the past and apply them to the future.

Load More