For an information security analyst or security consultant, it is your primary mission to identify and prioritize risk and then focus your efforts on getting the greatest risk return. Before we discuss how to rank security findings, let's elaborate on the idea of...

  Welcome to our OWASP Top 10 series. This series aims at equipping you with foundational security concerns that exist in today's cybersecurity landscape. The best resource to use for this is the OWASP Top 10. If you haven't seen it, take some time to visit the page....

When I work with a client,  that has no formal information security plan or framework, the first thing I recommend getting started on is a security awareness program. This is a fancy way of saying "training staff how to identify, reduce, and react to suspicious...