CISO Thoughts with David Lindner
CISO Thoughts with David Lindner
David Lindner, Chief Information Security Officer
David is an experienced application security professional with over 20 years in cybersecurity. In addition to serving as the chief information security officer, David leads the Contrast Labs team that is focused on analyzing threat intelligence to help enterprise clients develop more proactive approaches to their application security programs. Throughout his career, David has worked within multiple disciplines in the security field—from application development, to network architecture design and support, to IT security and consulting, to security training, to application security. Over the past decade, David has specialized in all things related to mobile applications and securing them. He has worked with many clients across industry sectors, including financial, government, automobile, healthcare, and retail. David is an active participant in numerous bug bounty programs.
Subscribe to the Contrast Blog
By subscribing to our blog you will stay on top of all the latest appsec news and devops best practices. You will also be informed of the latest Contrast product news and exciting application security events.
Insight #1
The number one thing an organization can do today to help prevent the next major breach is to implement multi-factor authentication (MFA) on all things. According to research by Microsoft, MFA can block over 99.9 percent of account compromise attacks.
Insight #2
The second thing an organization can do today to help prevent the next major breach is to patch, patch, patch. Whether it is their open-source, operating systems, purchased software, etc. Every single bit of software being used in your organization will at some point have known security vulnerabilities that pave a path for malicious actors into your environment. Patching is critical.
Insight #3
The third thing an organization can do today to help prevent the next major breach is to close up your egress access from your environment. Only allowing external access to known good sources will limit an attacker’s ability to more easily exfiltrate data and/or communicate to other locations. How often do you review your firewall egress rules or cloud security groups?
*** This is a Security Bloggers Network syndicated blog from AppSec Observer authored by David Lindner, Director, Application Security. Read the original post at: https://www.contrastsecurity.com/security-influencers/ciso-thoughts-with-david-lindner
