Filter By:

Recent Blogs & Podcasts

17 Results for: "Jason Gillam"

 



July 18, 2017 | AppDev Frameworks
By Jason Gillam, IANS Faculty

 Agile, DevOps and Security: A Primer

As more organizations adopt DevOps and Agile development methodologies, security needs to both understand and participate in the transition. In this Ask-an-Expert written response, IANS Faculty Jason Gillam provides an overview of Agile and DevOps, as well as tips for ensuring security is seamlessly integrated and aligned in the process going forward.

Read More »


July 11, 2017 | Software Development Lifecycle (SDLC)
By Jason Gillam, IANS Faculty

 Get Up to Speed on the Agile SDLC

Shifting from Waterfall to Agile can be frustrating for security teams that aren't well versed in Agile's nuances. In this Ask-an-Expert written response, IANS Faculty Jason Gillam explains the philosophy behind Agile, details the SDLC and shows how it can be used to improve software security over time. 

Read More »


June 9, 2017 | Penetration Testing and Red Teaming
By Jason Gillam, IANS Faculty

 Add Phishing to Your Red Team’s Playbook

While phishing can be a good way to gain an initial foothold in a target network, some red team phishing attempts are more successful than others. In this Ask-an-Expert written response, IANS Faculty Jason Gillam explains how to get the most from some common phishing tools and offers tips for crafting successful phishing attacks.

Read More »


May 12, 2017 | Application Development and Testing
By Jason Gillam, IANS Faculty

 Outsourcing Application Security Testing

Outsourcing dynamic application security testing (DAST), especially since it involves automated tools like AppScan and Burp, should be relatively straightforward. That is, until you consider the importance of the human element. In this Ask-an-Expert live interaction, IANS Faculty Jason Gillam suggests staff augmentation and developer training as more cost-effective and efficient ways to free up internal staff.

Read More »


April 7, 2017 | Password Management
By IANS Faculty, IANS Faculty

 Poll: What Are the Best Password Strategies?

Password guidelines seems to change all the time. With new recommendations from NIST and vendors like Microsoft cropping up, how can enterprises determine the best approach? In this Faculty Viewpoint report, IANS Faculty Rich Guida, John Galda, Jason Gillam, Kevin Beaver, Marcus Ranum and Stephen McHenry offer their opinions and some rules of thumb for creating strong, enforceable password policies.

Read More »


March 9, 2017 | AppDev Frameworks
By Jason Gillam, IANS Faculty

 Deploying Containers Securely

Developers love containers because they are quick, simple to use and allow for easier scaling of hardware resources, but few pay much attention to the security issues they present. With containers in the mix, how can security organizations ensure their developers aren’t continually copying and pasting security issues across the environment? In this report, IANS Faculty Jason Gillam steps you through the worst of the pitfalls to ensure your organization rolls out more secure containerized solutions.

Read More »


January 18, 2017 | Directory Services
By Jason Gillam, IANS Faculty

 Selecting an Access Management Solution

Access management within an organization can often be non-standardized, decentralized, mismanaged and unreliable. In this Ask-an-Expert written response, IANS Faculty Jason Gillam describes three potential solutions to this problem of access management and offers recommendations for when organizations should consider leveraging vendor solutions. 

Read More »


November 21, 2016 | Application Development and Testing
By Jason Gillam, IANS Faculty

 Secure Development Practices for Mobile Applications

Best practices around the secure development of mobile applications are still evolving because of the rapid evolution of the mobile platforms themselves. In this Ask-an-Expert written response, IANS Faculty Jason Gillam outlines the key differences between the secure development of mobile and web applications, and details standard accepted practices around encryption and authentication.

Read More »


October 31, 2016 | Application Development and Testing
By Jason Gillam, IANS Faculty

 Application-Level DoS: Are You Ready?

Application-level DoS attacks can be difficult to detect, challenging to diagnose, and when effectively exploited, they can render your application completely inaccessible. In this report, IANS Faculty Jason Gillam explains how application-level DoS works and offers some key mitigation strategies. 

Read More »