Engineers don’t often last as long in a cybersecurity focus as they do in other disciplines. If this is your path, you should understand why and how to beat the odds. by Eric Mann

One of the most foundational elements of security is clear communication. If we fail to use the correct language to communicate, we risk being misunderstood and making critical software mistakes. by Eric Mann

Authentication by way of a username and password is well understood. Adding an extra authentication factor—like a smartphone—to the mix helps strengthen a login flow. But what exactly is an authentication factor, and what are the trade-offs between each one? by Eric Mann

Every application will, one day, be exposed to a cybersecurity risk. Learning how to categorize and rate those risks is critical to keeping your team focused on the things that matter most.

One of the terrifying new developments in technology is the high prevalence of ransomware—criminals using software to hold your data or information systems hostage. by Eric Mann

It is remarkably easy to grow complacent in the digital world, but a lapse in security best practices inevitably leads to a lapse in security itself.

In the physical world, it’s relatively easy to understand what a supply chain looks like—the security of physical goods in transit is a straightforward concept. This kind of security in the digital world can be harder to recognize but is just as critical.

Every career track starts somewhere. Cybersecurity doesn’t always begin where you’d expect. by Eric Mann

A remote code execution vulnerability discovered in the widely used Log4J library exposed billions of machines to malicious actors in December. Unfortunately, fixing this bug was not straightforward and left much of the Internet exposed to bad actors for over a week. by Eric Mann

One of the updated risks enumerated by the OWASP Top Ten is using an older component with a known vulnerability. Engineers need to remember that this extends to ancillary systems, not just PHP. by Eric Mann