Roger A. Grimes

Columnist

Roger A. Grimes is a contributing editor. Roger holds more than 40 computer certifications and has authored ten books on computer security. He has been fighting malware and malicious hackers since 1987, beginning with disassembling early DOS viruses. He specializes in protecting host computers from hackers and malware, and consults to companies from the Fortune 100 to small businesses. A frequent industry speaker and educator, Roger currently works for KnowBe4 as the Data-Driven Defense Evangelist.

5 reasons users hate cybersecurity awareness training, and how to make them love it

8 ways your patch management policy is broken (and how to fix it)

8 ways your patch management policy is broken (and how to fix it)

These eight patching best practices mistakes get in the way of effective risk mitigation. Here's how to fix them.

Quantum supremacy might be here, upending conventional encryption

Quantum supremacy might be here, upending conventional encryption

Last week Google posted and quickly took down a report announcing a stunning quantum computing milestone. Regardless of whether the report was premature, conventional encryption’s days are numbered.

What is OAuth? How the open authorization framework works

What is OAuth? How the open authorization framework works

OAuth is an open-standard authorization protocol or framework that describes how unrelated servers and services can safely allow authenticated access to their assets. It is widely accepted, but be aware of its vulnerabilities.

10 signs you're being socially engineered

10 signs you're being socially engineered

Scammers will try to trick you and your organization's users into giving up credentials or other sensitive date. Be skeptical if you see any of these signs.

The 5 CIS controls you should implement first

The 5 CIS controls you should implement first

The CIS Critical Security Controls list (formerly the SANS Top 20 controls) has been the gold standard for security defense advice. These are the tasks you should do first.

Why you need a cybersecurity incident response specialist

Why you need a cybersecurity incident response specialist

If your cyber insurance provider gives you the number of an incident response specialist, call them now. It will save time when an attack occurs.

What is personally identifiable information (PII)? How to protect it under GDPR

What is personally identifiable information (PII)? How to protect it under GDPR

The EU's General Data Protection Regulation requires companies to protect the privacy of their EU customers. That means keeping personally identifiable information (PII) safe. Here's what you need to know.

Why giving users two separate systems won't improve security

Why giving users two separate systems won't improve security

Red/green systems, which give users one system for work and another for other tasks, no longer makes sense from a security and cost perspective. There are alternatives.

Beware rogue email rules and forms

Beware rogue email rules and forms

Creating malicious rules and forms in a compromised email client is an old but effective hacker trick that evades traditional antimalware software. Here’s how to make sure you can detect it.

12 things every computer security pro should know

12 things every computer security pro should know

Fighting the good fight takes specialized knowledge. Here's the baseline of what all security pros should know.

Top cyber security certifications: Who they're for, what they cost, and which you need

Top cyber security certifications: Who they're for, what they cost, and which you need

Expand your skills, know-how and career horizons with these highly respected cybersecurity certifications.

Load More