Roger A. Grimes

Columnist

Roger A. Grimes is a contributing editor. Roger holds more than 40 computer certifications and has authored ten books on computer security. He has been fighting malware and malicious hackers since 1987, beginning with disassembling early DOS viruses. He specializes in protecting host computers from hackers and malware, and consults to companies from the Fortune 100 to small businesses. A frequent industry speaker and educator, Roger currently works for KnowBe4 as the Data-Driven Defense Evangelist.

The fix for IT supply chain attacks

Why I don’t believe Bloomberg’s Chinese spy chip report

Why I don’t believe Bloomberg’s Chinese spy chip report

China can and has stolen the information it wants from US companies without using secretly embedded hardware, so why would it jeopardize its massive semiconductor industry?

What is the future of authentication? Hint: It’s not passwords, passphrases or MFA

What is the future of authentication? Hint: It’s not passwords, passphrases or MFA

Passphrases and MFA are not password saviors. Ultimately, authentication will rely on algorithms to determine user identity and detect fraudulent actions.

Are long passphrases the answer to password problems?

Are long passphrases the answer to password problems?

Passphrases can be more secure than passwords, but there are limitations and hackers will eventually master cracking them.

The best password advice right now

The best password advice right now

Short and crackable vs. long, complex and prone to reuse? The password debate rages on.

Wanted: Data breach risk ratings, because not all breaches are equal

Wanted: Data breach risk ratings, because not all breaches are equal

We need a system for data breaches that rates the real risk associated with the compromised data.

Do you still need a firewall?

Do you still need a firewall?

Traditional firewall software no longer provides meaningful security, but the latest generation now offers both client-side and network protection.

10 topics every security training program should cover

10 topics every security training program should cover

A thorough end-user education program is a necessary weapon in the battle to protect your perimeter. These 10 topics are the baseline of what to include in an awareness training program.

5 hard truths every CISO should know

5 hard truths every CISO should know

Security professionals ignore these truths at their own peril. The common theme across all five: Don't underestimate the risk of social engineering and poor patching policies.

12 things every IT security professional should know

12 things every IT security professional should know

Fighting the good fight takes specialized knowledge. Here's the baseline of what all security pros should know.

What is WebAuthN? Possibly the answer to all web authentication

What is WebAuthN? Possibly the answer to all web authentication

With strong support from Google, Microsoft and other vendors, WebAuthN is poised to become a true standard for passwordless authentication over the web.

Why you should consider crowdsourcing IT security services

Why you should consider crowdsourcing IT security services

Whether you need a pentesting team, a bug bounty program, or a vulnerability disclosure plan, several crowdsourcing platforms can take the risk and pain from the process.

Load More