Roger A. Grimes

Columnist

Roger A. Grimes is a contributing editor. Roger holds more than 40 computer certifications and has authored ten books on computer security. He has been fighting malware and malicious hackers since 1987, beginning with disassembling early DOS viruses. He specializes in protecting host computers from hackers and malware, and consults to companies from the Fortune 100 to small businesses. A frequent industry speaker and educator, Roger currently works for KnowBe4 as the Data-Driven Defense Evangelist.

Experience an RDP attack? It’s your fault, not Microsoft’s

The fix for IT supply chain attacks

The fix for IT supply chain attacks

Bloomberg's China spy chip story underscores weaknesses in computer supply chain security. The solution needs to be global.

Why I don’t believe Bloomberg’s Chinese spy chip report

Why I don’t believe Bloomberg’s Chinese spy chip report

China can and has stolen the information it wants from US companies without using secretly embedded hardware, so why would it jeopardize its massive semiconductor industry?

Wanted: Data breach risk ratings, because not all breaches are equal

Wanted: Data breach risk ratings, because not all breaches are equal

We need a system for data breaches that rates the real risk associated with the compromised data.

Do you still need a firewall?

Do you still need a firewall?

Traditional firewall software no longer provides meaningful security, but the latest generation now offers both client-side and network protection.

10 topics every security training program should cover

10 topics every security training program should cover

A thorough end-user education program is a necessary weapon in the battle to protect your perimeter. These 10 topics are the baseline of what to include in an awareness training program.

12 things every IT security professional should know

12 things every IT security professional should know

Fighting the good fight takes specialized knowledge. Here's the baseline of what all security pros should know.

Why you should consider crowdsourcing IT security services

Why you should consider crowdsourcing IT security services

Whether you need a pentesting team, a bug bounty program, or a vulnerability disclosure plan, several crowdsourcing platforms can take the risk and pain from the process.

4 scams that illustrate the one-way authentication problem

4 scams that illustrate the one-way authentication problem

These scams rely on tricking consumers into believing they are interacting with a trusted vendor. Here’s how vendors can prevent the scams.

Why you need centralized logging and event log management

Why you need centralized logging and event log management

Collecting too much log data overwhelms systems and staff. Centralized event log management lets you filter for the most significant security data.

How to evaluate web authentication methods

How to evaluate web authentication methods

Authentication evaluation white paper includes popular and obscure methods and outlines a framework for assessing their security effectiveness.

Are regulations keeping you from using good passwords?

Are regulations keeping you from using good passwords?

Most companies are using password "best practices" that are out of date and ineffective. Regulations are getting in the way of changing them.

Load More