Roger A. Grimes

Columnist

Roger A. Grimes is a contributing editor. Roger holds more than 40 computer certifications and has authored ten books on computer security. He has been fighting malware and malicious hackers since 1987, beginning with disassembling early DOS viruses. He specializes in protecting host computers from hackers and malware, and consults to companies from the Fortune 100 to small businesses. A frequent industry speaker and educator, Roger currently works for KnowBe4 as the Data-Driven Defense Evangelist.

Assume breach is for losers: These steps will stop data breaches

6 ways to fight deploy and decay

6 ways to fight deploy and decay

Even your best security controls will weaken over time after deployment, much to hackers' delight. Take these steps to slow down or get ahead of that decay.

These two books explain how to fix our broken security industry

These two books explain how to fix our broken security industry

Organizations spend billions each year on security, but much of that spend is on the wrong things. These books will point you in the right direction.

What your antivirus software doesn’t tell you, and how to get that data

What your antivirus software doesn’t tell you, and how to get that data

Antivirus software detects and removes malware, but how fast and how accurate? Here's no-cost way to find out and hold antivirus vendors accountable.

7 keys to a successful IT security career

7 keys to a successful IT security career

Learn these traits and realities of being an IT security professional if you want a long, successful and happy career in the field.

My two favorite companies from RSA Conference 2019

My two favorite companies from RSA Conference 2019

The Media Trust offers website owners a way to detect malicious code coming from third parties, and DarkOwl scans the dark web for signs that a company has been compromised.

How to hack a smartcard to gain privileged access

How to hack a smartcard to gain privileged access

Using smartcards in a Microsoft Active Directory environment makes them vulnerable to this privilege escalation attack.

What is ethical hacking? How to get paid to break into computers

What is ethical hacking? How to get paid to break into computers

Ethical hacking is legally breaking into computers and devices to test an organization's defenses. Here’s what ethical hacking entails and the certifications and training you need to become an ethical hacker.

The best password advice right now (Hint: It's not the NIST guidelines)

The best password advice right now (Hint: It's not the NIST guidelines)

Short and crackable vs. long, complex and prone to reuse? The password debate rages on, but this columnist has a change of mind.

Are zero-day exploits the new norm?

Are zero-day exploits the new norm?

Research from Microsoft's Matt Miller shows that every actively exploited Windows vulnerability in 2017 was first done using a zero-day attack. Other research shows this trend extends across the IT landscape.

Beware of phony or misleading malware rescue web pages

Beware of phony or misleading malware rescue web pages

A search on an unfamiliar executable file brings you to a malware rescue page that says it's bad and you should download their software to remove. Here's how to tell if it's real.

What is an advanced persistent threat (APT)? And 5 signs you've been hit with one

What is an advanced persistent threat (APT)? And 5 signs you've been hit with one

An advanced persistent threat (APT) is a cyberattack executed by criminals or nation-states with the intent to steal data or surveil systems over an extended time period. Here's how to know if you've been hit with one.

Load More