Development Training The Secure Way

Even the best athletes need a coach to maximize their performance, so it is not a far stretch to believe that having a development coach for your software engineering team would push them to great levels. Not just in productivity and performance, but in ensuring everything developed is also secure and the likelihood for cybercriminals to breach is minimized.

BLOG Aug 03

Welcome to The New And Improved

We wanted to give you more reasons to come back to frequently, so we have revamped and relaunched our website. In addition to the latest nVisium offerings for Security Assessments, Software Assurance and Training you can now find more resources and timely content to keep you informed and educated on what’s important for you to succeed in your role in the application, cloud or IoT development process.

BLOG Jul 27

DevSec For IoT

It seems that every day we wake up to new devices being made “smart” by attaching them to the internet and giving them computational capabilities to collect, monitor, analyze and report on data. Did you ever wonder that while these new devices are adding value to your life are they in fact creating even more security vulnerabilities in the process?

BLOG Jul 20

Digital Transformation For Developers

Believe it or not, the concept of digitization was introduced back in 1703 when Gottfried Wilhelm von Leibniz published “Explication de l'Arithmétique Binaire”, but didn’t realize it’s modern potential until the introduction of computers in 1939. Since then we have transcended the digitization of information to the digitization of industries to the digitization of societies. This leads us to today’s ever-changing requirements for more, better and faster.

BLOG Jul 13

DevSecOps Matter

The current social media frenzy is clearly buzzing around #BlackLivesMatter and that has spawned a myriad of copycats ranging from #AllLivesMatter to #MyCatMatters. So, not to be outdone and certainly not to diminish the importance of those previously mentioned social media movements, we would like to offer a sentiment directed to the c-suite in enterprises to better understand the emergence of new roles in the security department. Specifically, #DevSecOpsMatter.

BLOG Jul 06

DDoS Attacks Demystified

Most CISOs are familiar with the 10 most common cyber-attacks including: Malware, Birthday, Eavesdropping, Cross-site scripting (XSS), SQL injection, Password, Drive-by, Phishing/Spear Phishing, Man-in-the-middle and Denial-of-Service/Distributed Denial-of-Service. The recent headlines reporting on the last in this list warrants further exploration of the subject.

BLOG Jun 29

Why 6 Security Assessments Are Better Than 1

In addition to helping the world deal with pandemics like COVID-19, the CDC recommends that you get annual health checkups. For many this is a way to prevent illness or catch potential problems before they become too bad. Taking a page from personal health and applying it to the health of your IT infrastructure means that you should consider annual checkups for security vulnerabilities as well. The corollary for a Chief Information Security Officer (CISO) is a security assessment.

BLOG Jun 22

Understanding 5 Threat Actors And 7 Threat Actions

Actors and their actions are not always a function of Hollywood movies. If you use the Oscars as a measurement of public taste, then Hollywood seems to reward the villains more often than not. While you may have loved the Joker or even Hannibal Letcher, the threat actors and actions that impact corporations daily are as far from award winning as they come.

BLOG Jun 15

5 Reasons To Train In DevSec

Ongoing training is mandatory to maintain and improve your skillset period.  It doesn’t make a difference if this is a world class athlete, business executive or average employee, all will benefit from ongoing training. Unfortunately, there is one group that often gets overlooked when it comes to ongoing training and that is your developers.

BLOG Jun 08

Uncovering Security Vulnerabilities Before You Become A Headline

Some believe that “what you don’t know won’t hurt you.” Others emphatically proclaim that “what you don’t know can (and will) hurt you.” While we would all like to believe the former, the reality is that the latter has proven time and time again to be the case, especially when it comes to security vulnerabilities inadvertently coded into applications, networks, IoT, mobile and cloud infrastructure.

BLOG Jun 01