J.M. Porup

Senior Writer

J.M. Porup got his start in security working as a Linux sysadmin in 2002. Since then he's covered national security and information security for a variety of publications, and now calls CSO Online home. He previously reported from Colombia for four years, where he wrote travel guidebooks to Latin America, and speaks Spanish fluently with a hilarious gringo-Colombian accent. He holds a Masters degree in Information and Cybersecurity (MICS) from UC Berkeley.

Why abandoned domain names are so dangerous

Hashcat explained: Why you might need this password cracker

Hashcat explained: Why you might need this password cracker

Hashcat is a popular and effective password cracker widely used by both penetration testers and sysadmins as well as criminals and spies.

Email spoofing explained: Who does it and how?

Email spoofing explained: Who does it and how?

Forging email has been with us since the beginning of the internet, but new security kludges are making it a lot harder.

Bug bounty platforms buy researcher silence, violate labor laws, critics say

Bug bounty platforms buy researcher silence, violate labor laws, critics say

The promise of crowdsourced cybersecurity, fueled by "millions of hackers," turns out to be a pipe dream, despite high-octane marketing from the bug bounty platforms.

4 steps to build redundancy into your security team

4 steps to build redundancy into your security team

A biological virus infecting your critical security staff could wreak havoc on your business. These practices will reduce your risk.

Open-source options offer increased SOC tool interoperability

Open-source options offer increased SOC tool interoperability

Too many security tools in your SOC, and none of them talk to each other, but new vendor-supported open-source projects might lead to greater interoperability.

Backdoors and Breaches incident response card game makes tabletop exercises fun

Backdoors and Breaches incident response card game makes tabletop exercises fun

New Backdoors and Breaches card game makes it easy to build a random, realistic incident as part of a tabletop exercise.

Are we running out of time to fix aviation cybersecurity?

Are we running out of time to fix aviation cybersecurity?

A new report from the Atlantic Council on aviation cybersecurity underscores the poor state of aviation security — and worse, how poorly understood the problem is within the industry.

How a nuclear plant got hacked

How a nuclear plant got hacked

India's Kudankulam Nuclear Power Plant (KNPP) publicly admitted they discovered malware on their networks. It likely could have been easily avoided.

How a bank got hacked

How a bank got hacked

Notorious hacker Phineas Phisher claims to have netted hundreds of thousands of pounds sterling in a 2016 hack of the Cayman National Isle of Man Bank. Here's how he did it and why it's cause for concern.

What is Shodan? The search engine for everything on the internet

What is Shodan? The search engine for everything on the internet

Defenders find this simple tool valuable for finding vulnerable devices attached to the web that need to be secured.

Boeing's poor information security posture threatens passenger safety, national security, researcher says

Boeing's poor information security posture threatens passenger safety, national security, researcher says

The aircraft maker failed to perform minimum due diligence in securing its networks, then tried to cover it up, security researcher Chris Kubecka tells Aviation Cyber Security conference attendees.

Load More