Home / Archives For Rick McElroy

Rick McElroy, security strategist for Carbon Black, has more than 15 years of information security experience educating and advising organisations on reducing their risk posture and tackling tough security challenges. He has held security positions with the U.S. Department of Defense, and in several industries, including retail, insurance, entertainment, cloud-computing, and higher education. McElroy’s experience ranges from performing penetration testing to building and leading security programs. He is a Certified Information Systems Security Professional (CISSP), a Certified Information Security Manager (CSIM), and Certified in Risk and Information Systems Control (CRISC). As a United States Marine, McElroy’s work included physical security and counter-terrorism services.

It’s Good To Talk: Key Takeaways From RSA Conference 2018

Every year the cybersecurity community gathers to share its collective wisdom on the threats we face and the innovative ways that we’re trying to get ahead of them. RSA Conference is an intense experience but – just like with endpoint security – once you analyse all the unfiltered data coming at you, you get a great insight into where security is headed and what your priorities as a network defender should be. So now that we’re coming down off the high of spending five days with 40,000 people who live and breathe security, what were the key themes and what should we be expecting over the next 12 months? First is an observation about the way the sector is maturing. Back in the early days, and for a long time after that, security people were paid to not take risks. They were expe...

The Digital Gold Rush: The Dark Side Of Cryptocurrency Adds To The Infosec Challenge

As the general public tried to get its head around the concept of cryptocurrency and blockchain at the back-end of 2017, infosecurity professionals were facing one of the universal truths of our industry: whenever there is an innovation in technology or society, those who want to exploit it for illicit gain are never far behind. In the case of cryptocurrency, its current high profile is legitimising a means of exchange that, until recently, was mostly the preserve of the deep and dark web as the preferred payment method from victims of ransomware attacks. So, while Joe Public began a twenty-first century gold rush to try and make a killing in the fluctuating cryptocurrency markets, the cybercriminal community started putting its own ideas of how to get its hands on the digital gold into ac...

5 On-The-Ground Insights On Implementing Endpoint Security In The Cloud

Today’s “access-everything-anywhere-anytime” mobile data environment is great news for business productivity and performance but on the flipside it’s also a huge opportunity for cybercriminals. The increasing multitude of endpoints represents an ever-expanding playground in which to develop new ways of infiltrating corporate networks and making off with the digital goods. Malware, ransomware and a rising incidence of fileless attacks all constantly chip away at the perimeter while security pros now have to secure an environment that can comprise thousands of potential attack points. So, it’s not surprising that getting smarter about endpoint security is high on the CISO agenda and we’re seeing many turning to the cloud to cope with the scale and complexity of the task.   At Carbon Black we...

Cryptomining Rules Endpoints Around Me

The saga continues for the ownership of endpoints. Organisations purchase them, manage them, update, support, and protect them. However, the bad actors “own” them all the time. In the last half of 2017, cryptojacking became popularised. This led to a predictable shift from cyber criminals not only cryptojacking, but also installing malware with the sole purpose of using an endpoint that isn’t theirs to mine cryptocurrency. It’s a smart strategy if you’re a cyber criminal. Why try and ransom someone’s system and wait for them to pay you when you can print money? There are a number of ways to use cryptojacking to take control of an endpoint, but one of the more pervasive models comes in the form of a script created by CoinHive. Think of the normal web-based marketing model: it serves ads on ...

Risk Management: 5 Questions Every CEO Should Be Asking

I don’t believe there is a CEO on the planet that doesn’t have security high on their agenda at the start of 2018. The combination of escalating cyberattacks and new privacy legislation means that CEOs are being held accountable for the resilience of their organisation and the safety of their customer’s data like never before. This is undoubtedly a good thing: as CEO you set the culture of an organisation through your leadership and the priorities that you communicate to management teams. While we don’t expect CEOs to be on the front line of network monitoring and response, we do need them to be setting the culture and expectations under which those who are on the front line operate. These are the questions that CEOs should be asking their teams that will create an environment of proactive...

1 2