They say you can only have two of three — fast, good and cheap. When it comes to developing cloud-based applications, I think that a fourth criteria should be added: secure. But, I honestly don’t think that this common advice to project managers who work in today’s market. Successful developers…

Software supply chain attacks are not new, but as we’ve seen recently, if executed successfully they can have huge payoffs for sophisticated attackers. Detecting malicious code inserted into a trusted vendor’s security updates is extremely difficult to do at scale, and for most organizations, impractical given the time required to…

The phrase ‘future-proof’ is seductive. We want to believe technology prepares us for the future. But with threat actors and developers in an arms race to breach and protect, cybersecurity risk — and cybersecurity risk management — are always changing. As a recent report by World Economic Forum shows, businesses…

Three years after I left my former job, I got an official letter telling me the organization suffered a data breach. My personal information was at risk of identity theft. I shouldn’t have been surprised. That job’s offboarding process hadn’t been the best. For years after leaving, I had access…