Request a Demo of Tessian Today.
Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.
Tessian Culture
How We Created a D&I Strategy to Maximize Impact
By Amina Godfrey
19 April 2021
You might have read about our D&I learning journey, the start of our journey to create a better Tessian and a better world. After such an illuminating learning series, it was tempting to dive straight into initiatives and solutions. But if we want to tackle such significant and impactful challenges, we can’t work on everything all at once. We need focus.  So we made an active decision to approach D&I with the rigor we bring to all aspects of work at Tessian…and that means data. We gathered data we knew could inform our broader D&I strategy and help us to narrow down focus areas where we could have sustainable impact.  Gathering the data The aim of our internal research was to understand: What our representation at Tessian looks like; and Whether the experience of Tessians varies according to personal attributes and protected characteristics On a voluntary basis, we asked all our Tessians to submit information about themselves using our engagement platform Peakon. We had great uptake, with 80-90% of Tessians providing information about their personal attributes. This allowed us to understand representation at Tessian, across different aspects of diversity, including gender, sexual orientation, religion, ethnicity, and age. From this we were able to: Segment anonymous employee experience feedback scores to identify groups (based on personal characteristics) who are having a different experience and; Conduct a pay gap and employee retention analysis Determining focus areas You might be thinking…how statistically significant is data when you’re a small company (for reference, we’re currently about 150 people)? We asked ourselves this question A LOT. With so few data points, we were reluctant to draw certain conclusions from our findings. Instead, we have treated our findings as indicators of places we need to go and do further research. The data isn’t the be all and end all of our understanding, but it does provide the signposts.  We paired these data insights with what we hear from the company anecdotally, and what we know to be the case in the tech industry. This gave us a good picture of where Tessian is with D&I today. But we still needed focus. So, we asked ourselves: Where are our biggest concerns? Where can we make a significant impact? These two simple questions helped us to identify the key focus areas of our D&I efforts this year. So…where did we land? Ensure every Tessian continues to feel like they’re supported, valued and belong at Tessian Improve ethnicity and gender representation across all levels of seniority at Tessian We believe by focusing in these areas we can create a long-lasting positive impact on diversity and inclusion, in Tessian and in our industry. Building our strategy Once we had our focus areas, we worked closely with our exec team to build the strategy and tactics we would commit to this year. These discussions with our exec team centred not only on how to make change for a better Tessian, but also initiatives that would help create a more diverse industry.  As the exec team were bouncing ideas on tactics, we were careful to keep in mind every point of the employee life cycle. When thinking about D&I, it’s easy to focus on top of funnel diversity in hiring. Improving representation through hiring is important, but on its own it’s not enough. It matters what Tessians experience once they’re through the door too.
Once we had committed to the steps we’re taking this year, we kicked off by presenting our research and our strategy to the whole of Tessian. Our employees don’t just want to know what we’ve found, they want to know what we’re doing about it and when. So as part of this presentation, we shared this 2021 D&I roadmap.
As we work our way through the roadmap, we will be communicating progress, wins and learnings every two weeks in our employee newsletter. We want every Tessian to stay super engaged in this work, and to have the opportunity to bring ideas and feedback to the table. How our work this year will create long-term solutions It’s no secret that today, the tech industry isn’t that diverse. If we want representation of  diverse people at Tessian, it’s not enough to draw from the existent talent pool, where so many groups are so underrepresented. By this we mean that it’s not enough for us to think about short term wins for Tessian’s stats. We need to be committed to making positive, sustainable change in the long term. And that means changing the whole industry, as well as Tessian.  We want to create opportunities for a range of people to move into tech, and make sure they want to stay! If we don’t, our CFO, Sabrina Castiglione, will tell you how no-one wins in this zero-sum game.  Our long term strategy is about growing and expanding the entry-level talent pool by creating junior jobs for people entering the tech industry, whether that’s in Sales or Engineering. But remember, we don’t just want to bring them in, we want them to stay, learn and grow! Only then will we get representation of diverse voices in senior positions.  To achieve this, we’re prioritizing the development of future leaders through well-defined growth frameworks across the company. Every Tessian creates a detailed growth plan, and by the end of the year, we’ll have a tailored growth framework for every single department at Tessian.  These tactics won’t move the needle on senior representation this year. Probably not next year either. But through them, we can change the game when it comes to diversity in tech. We want to see senior representation, and that means bringing in and building up fresh talent.  How to act today As well as the longer-term goals, we’re taking action on some short-term wins to ensure our business is an equitable and inclusive place for everyone today. Even before that representation has changed.  D&I needs to be baked into the culture of a business. And that doesn’t just mean D&I training alone.  It means we need to interrogate every single one of our People processes and ask “Is there opportunity for bias here?”.  It means we need to inspect our company communications and ask “Who has a voice here?” It means we need to listen to employee feedback and ask “Do people have an equitable experience here?” There’s nothing stopping us asking these questions today. And the good news is — we have the power to have a huge impact on the answers straight away. Want to keep up with our D&I journey? Subscribe to our weekly blog digest to be the first to hear about updates. Or, if you’d rather explore open opportunities at Tessian, click here. 
Tessian Culture
How We Improved Developer Experience in a Rapidly Growing Engineering Team
By Andy Smith
16 April 2021
Developer experience is one of most important things for a Head of Engineering to care about. Is development safe and fast? Are developers proud of their work? Are our processes enabling great collaboration and getting the best out of the team?  But sometimes, developer experience doesn’t get the attention it deserves. It is never the most urgent problem to solve, there are lots of different opinions about how to make improvements, and it seems very hard to measure.  At Tessian the team grows and evolves very quickly; we’ve gone from 20 developers to over 60 in just 3 years.  When the team was smaller, it was straightforward to keep a finger on the pulse of developer experience. With such a large and rapidly growing team, it’s all too easy for developer experience to be overshadowed by other priorities. At the end of 2020, it became clear that we needed a way to get a department-wide view of the perception of our developer experience that we could use to inform decisions and see whether those decisions had an impact. We decided one thing that would really help is a regular survey.  This would help us spot patterns quickly and it would give us a way to know if we were improving or getting worse. Most importantly it gives everyone in the team a chance to have their say and to understand what others are thinking.  Borrowing some ideas from Spotify, we sent the survey out in January to the whole Engineering team to get their honest, anonymized feedback. We’ll be repeating this quarterly.  Here are some of the high-level topics we covered in the survey. Speed and ease To better understand if our developers feel they can work quickly and securely, we asked the following questions: How simple, safe and painless is it to release your work? Do you feel that the speed of development is high? !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js");
You can see we got a big spread of answers, with quite a few detractors. We looked into this more deeply and identified that the primary driver for this is that some changes cannot be released independently by developers; some changes have a dependency on other teams and this can slow down development.  We’d heard similar feedback before running the survey which had led us to start migrating from Amazon ECS to Kubernetes. This would allow our Engineering teams to make more changes themselves. It was great to validate this strategy with results from the survey. More feedback called out a lack of test automation in an important component of our system.  We weren’t taking risks here, but we were using up Engineering time unnecessarily. This led to us deciding to commit to a project that would bring automation here. This has already led to us finding issues 15x quicker than before:
Autonomy and satisfaction We identified two areas of strength revealed by asking the following questions: How proud are you of the work you produce and the impact it has for customers? How much do you feel your team has a say in what they build and how they build it? !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js");
These are two areas that we’ve always worked very hard on because they are so important to us at Tessian. In fact, customer impact and having a say in what is built are the top two reasons that engineers decide to join Tessian.  We’ve recently introduced a Slack channel called #securingthehumanlayer, where our Sales and Customer Success teams share quotes and stories from customers and prospects who have been wowed by their Tessian experience or who have avoided major data breaches (or embarrassing ‘Oh sh*t’ moments!).  We’ve also introduced changes to how OKRs are set, which gives the team much more autonomy over their OKRs and more time to collaborate with other teams when defining OKRs. Recently we launched a new product feature, Misattached File Prevention. Within one hour of enabling this product for our customers, we were able to share an anonymised story of an awesome flag that we’d caught.
What’s next? We’re running the next survey again soon and are excited to see what we learn and how we can make the developer experience at Tessian as great as possible.
Compliance Tessian Culture
Securing SOC 2 Certification
By Trevor Luker
30 March 2021
Building on our existing ISO 27001 security certification, Tessian is excited to announce that we have achieved Service Organization Control 2 Type 2 (SOC 2) compliance in the key domains of Security, Confidentiality and Availability with zero exceptions on our very first attempt. Achieving full SOC 2 Type 2 compliance within 6 months is simply sensational and is a huge achievement for our company. It reinforces our message to customers and prospects that Information Security and protecting customer data is at the very core of everything Tessian does.
The Journey We began the preparations for SOC 2 in September 2020 and initiated the formal process in October. Having previously experienced the pain and trauma of doing SOC 2 manually, we knew that to move quickly, we needed tooling to assist with the evidence gathering and reporting.  Fortunately we were introduced to VANTA, which automates the majority of the information gathering tasks, allowing the Tessian team to concentrate on identifying and closing any gaps we had. VANTA is a great platform, and we would recommend it to any other company undertaking SOC 2 or ISO 27001 certification. For the external audit part of the process, we were especially fortunate to team up with Barr Advisory who proactively helped us navigate the maze of the Trust Service Criteria requirements. They provided skilled, objective advice and guidance along the way, and we would particularly like to thank Cody Hewell and Kyle Helles for their insights, enthusiasm and support. Tessian chose an accelerated three month observation period, which in turn, put a lot of pressure on internal resources to respond to information requests and deliver process changes as required. The Tessian team knew how important SOC 2 was to us strategically and rallied to the challenge. Despite some extremely short timeframes, we were able to deliver the evidence that the auditors needed.  A huge team effort and a great reflection of Tessian’s Craft At Speed value. What Next? Achieving SOC 2 Type 2 is a crucial step for Tessian as we expand further into the large enterprise space. It’s also the basis on which we will further develop our compliance and risk management initiatives, leading to specialized government security accreditation in the US and Europe over the next year or two.
Tessian Culture
Mind Over Matter: Why We Prioritize a Growth Mindset at Tessian
By Samantha Holt
30 March 2021
“I can’t ….” “I’m an anxious person.” “I’m bad with numbers.” “I don’t understand the technical stuff; it’s just not for me!” Sound familiar? These are the limiting beliefs of someone stuck in what Dr. Carol Dweck, Stanford University psychologist and author of Mindsets: The New Psychology of Success, termed “fixed mindset.”  The problem with a fixed mindset If you’re in the “fixed mindset” camp, you most likely avoid challenges, don’t like failure (flag! can be prone to sandbag), ignore feedback, and believe you’re stuck with what you’ve got: your intelligence, talents, and abilities.  You’re simply what you are. People in this camp often rely on talent alone and will spend time looking for praise and recognition vs building on past successes, seeing the silver lining in failures, and getting better. If you say out loud that you’ll never understand the technical stuff … your team will believe it and more importantly, YOU will believe it. The opportunity to learn will end there. The very language we use to describe our limitations makes those limitations a reality.  This can be especially limiting when it comes to doing things out of your comfort zone. Why mindset matters when you’re out of your comfort zone  The mindset you have will likely how you react when you’re out of your comfort zone.  To keep it simple, there are likely only three directions you’ll gravitate towards when you’re out of your comfort zone:  Flight: You’ll freak out and run the other way, seeking shelter and safety  Fight: You’ll get angry, irritated, or annoyed by the situation  Freeze: You’ll freeze in your tracks, not able to move the conversation forward, hoping no one notices  This is where a “growth mindset” comes in.
The learning zone: A growth mindset You want to find space between the trigger and your response (i.e. fleeing, fighting or freezing) where you can plant your feet firmly on the ground, step into the chaos, and try to learn from the difficult situation. If you’re in the “growth mindset” camp, you believe your intelligence, talents, and abilities can grow through Grit & Perseverance (a Tessian value!).  What you’re born with is just the foundation, which cultivates an insatiable desire in you to continue learning and improving.  How is Tessian championing a growth mindset? In the last year, we created a Global Leadership Team (GLT) to help our people work on personal and leadership growth. 
We focused on growth mindset because an essential part of scaling a hyper-growth start-up is building a culture where your people are unafraid to set moonshot goals.  But to set these ambitious moonshot goals, we also need to be comfortable with failing fast, iterating, and continuing to build. As Simon Sinek says “What good is an idea if it remains an idea? Try. Experiment. Iterate. Fail. Try again. Change the world.”  At Tessian we want to change the world of cybersecurity. During our GLT sessions on growth mindset, our biggest takeaway was that we need to change how we view our failures. This change of mindset takes time, but we’ve already begun relishing in challenges, because mistakes and setbacks aren’t a reflection on us — just on our preparation and current ability, which are adaptable. We can grow! Tips to help you adopt a growth mindset We’re creating a culture where our leaders are open to feedback, accountable for their own growth, and resilient to take on new challenges — we are seeing the impact of this with increased creativity, innovation, and bottom-line growth. So, how can you adopt a growth mindset? Here are three of the core “growth mindset” tenants we implemented: Openly recognize and reward the value of learning from failure with your team. Failure is inevitable when it comes to running a team. So when you’re running a retrospective, it’s a good idea to openly speak about your own failures and those of the team, plus the lessons you learned. This will help create a culture where failure is recognized as a learning tool. Result? Your team will be encouraged to grow and take innovative risks. Embed a company or leadership value that focuses on perseverance. A great organization doesn’t grow overnight. The fruits of growth require time, which means perseverance is key. We found having a company value around “Grit & Perseverance” helped to better embed this concept throughout our teams. We speak about it at our Town Halls, Weekly All Hands, and Performance Reviews. The company is clear on how important it to push through failure, treat obstacles as challenges, and persist in spite of difficult situations to produce more impactful results. Pay close attention to the language you use in 1:1s with your direct reports and team meetings. Top tip: Remove the “you can’t” mindset and adopt a “how can you” mindset with your team. Also, think about moving from “this was a failure” to “we failed, this is what we learned, now let’s go make this even better”. Everyone has desires, and most of us can channel our efforts toward diligent work. But the ability to overcome constant failure has proven to be the distinguishing factor between ‘good’ and ‘great’. Language will help motivate your teams to keep coming back from failures; they will feel it’s safe for them to fail. (Hint! This is all about psychological safety). If you want to learn more about growth mindset, here are some of our favorite resources: Everything written by Dr. Dweck is great! But if you’re going to read or listen to anything, we’d recommend you watch this TedTalk or read this HBR article. We found it helpful to check out how other start-ups were using “Growth Mindset” to develop their leaders and found this article on Microsoft helpful We love everything from Farnam Street, and found ourselves coming back to this article, Creating a Growth Mindset in the Workplace again and again Farnam Street has done a great summary of the two different mindsets here Inspired by this article? Share it with your network on LinkedIn and Twitter! Or, if you’re looking for more insights into how we work at Tessian, subscribe to our newsletter below.
Human Layer Security Tessian Culture
Early adoption: Is Now the Time to Invest in the ‘New Breed’ of Security Products?
By Phil O'Hagan
25 February 2021
There’s an (unfair!) perception in the industry that most CISOs are skeptical, or at least conservative, when it comes to adopting the latest security technology. But the role of the CISO is evolving. It’s no longer to simply “own” risk. Today, they’re also tasked with educating and informing everybody within the company – including the C-Suite – on the risks and what can be done to mitigate them.  In this fast moving world, it’s no longer possible to be passive. Only those who are open-minded (and ideally progressive) will protect their company from the most advanced threats. A year of firsts  The security industry is moving in a different direction. We need only look back at the last 12 months to see why: COVID has raised the profile for security.  A greater attack profile has caught the attention of executive teams, and they are looking to CISOs to respond. But, it’s not all bad news. Just as cybercriminals see opportunity in disruption, CISOs have an opportunity to play a bigger role at the executive level. The digital transformation has been accelerated. The shift to remote working means an increased attack surface. Today, security teams must support whole departments of remote workers as they engage with technology in their kitchens, bedrooms, and coffee shops. CISOs need to do more than send the occasional email or facilitate annual training to raise awareness about cyber threats.  Ransomware is an ever-growing threat. In fact, almost a third of victims pay a ransom, which means the stakes are higher than ever.  Attackers have improved the implementation of their encryption schemes, making them harder to crack. And, rather than simply encrypting critical data, some criminals now steal sensitive data and threaten to release it if the ransom is not paid.  With so much changing, CISOs have to adapt fast and adopt new technology to succeed. Gartner calls this period of early adoption a “hype cycle”.  And, for any new innovation, early publicity produces a number of success stories — often accompanied by scores of failures. Some companies take action; many do not. Where do you stand? The technology balance Both inside and outside of security, there are plenty of arguments both for and against new technologies:
Given the rapidly evolving threat landscape, though, CISOs should be pushed harder than most to commit fully to the leading edge of security innovation. After all, “nobody got fired for buying IBM” and “fortune favors the brave“, right? The next generation of security  More and more CISOs are choosing to be brave. Why? It comes down to the modern way this next generation of security is being designed and built.  Today’s security benefits  are focused on cutting the risk out of early participation while amplifying the benefits. At the heart of the change are two related trends:  Next-generation security services  The advancement of machine learning The next generation of security services has removed the need for CISOs to be experts on negotiating IT project. Instead, they can focus on managing the risks to their business.  For example, with cloud services, the costs of infrastructure – and efforts of supporting it – are completely removed as the services you buy are scalable to match the business. Cloud services also require no maintenance or professional assistance beyond an internet browser. The cloud means that the hurdles and expense associated with “trying out something new” are hugely mitigated. And, because these next-gen security services are hosted on the cloud, you’ll always have the latest version.  There is only one “copy” of these software tools. That means upgrade cycles have come down from once a year to multiple times a day. Better still, these services connect to one another. This equates to a shallower learning curve for users, faster time-to-market, and the flexibility to bolt on future tools that suit the way you want to run your operation.
Legacy technology vs. machine learning Whereas legacy technology uses rule-based techniques to secure organizational risks, new providers leverage machine learning to provide accurate, automatic protection, and visibility against advanced risks, otherwise impossible to detect with legacy systems. Machine learning’s goal is to understand the structure of the data and fit theoretical distributions to that data that is well understood. And, because machine learning often uses an iterative approach to learn from data, the learning can be easily automated. Passes are run through the data until a robust pattern is found. In an ever-evolving security world, this allows for the identification of specific risks. By using machine learning algorithms to build models that uncover these connections, organizations can make better decisions without human intervention. For example, identifying anomalous behaviors that form part of the most advanced threats in the enterprise. The benefit for CISOs – and their security teams – is clear. Lower time commitment to identify and remediate issues and more accurate reporting on the risks to the business. These next generation tools also achieve something legacy systems can’t and don’t: they share de-identified data between customers to ensure everyone is protected, even from threats that haven’t (yet) been seen in their own network. The benefit? Organizations continually – and automatically – improve their protection against an ever-changing threat environment. Low risk, high reward  Finally, like never before – and because these services are in the cloud – security leaders are in a position to switch on new services at low risk, without any upfront investment.  With no upfront CapEx, chances are that your first steps will be below any procurement ceiling too – so PoCs become simple to execute. It becomes rational to test a service or strategy with a small team before rolling out more broadly.  And, because the barrier to try (and switch!) for these early adopters is so low, “try before you buy” is a prevalent trend. With low switching costs, the software developers behind the scenes have a wholehearted commitment to making the trial period compelling enough to convince you to take the next step. They have skin in the game and understand that happy customers dictate whether or not a product is successful. This lowering of barriers, enabling of small-scale testing, and offsetting of cost should all make it a little more tempting for CISOs to take the leap and occasionally try for first-mover status. Because adopting innovative practices has never been so low-risk and the rewards are well-worth it.  To name a few… improving your security posture, reducing admin, and protecting your employees from ever-evolving threats.
Tessian Culture
Seriously Tech, It’s Time to Ditch the Zero-Sum Game
By Sabrina Castiglione
06 January 2021
In the spirit of the late-90’s classic, 10 things I hate about you, here are 10 things I hate about how my industry thinks about Diversity: Assuming Diversity = Inclusion 1D-diversity: focus on only one of gender, race, sexuality, etc. Diversity as just a hiring problem Inclusion as just a People/HR team problem Ending the convo after unconscious bias training PR without follow-through Leaving D&I to the affinity groups Assuming Equality = Equity Lack of measurement  The Zero-Sum Game I could talk about any of these, but the zero-sum game is the one that doesn’t get spoken about anywhere near enough. An example: The gender gap in tech
Here’s a simplified version where we take gender as an example.  To make the numbers easier to understand, let’s imagine that the tech industry is 75% male, 25% female (this is generous; women make up c. 24% of Technology positions). Every Tech company:  ‘We want a 50/50 gender balance’  Does dedicated diversity sourcing, asks for diverse shortlists, shouts a lot about diversity, has a fancy policy, etc etc. Also many Tech companies:  Does nothing to improve the gender diversity of the overall industry pool This is crazy. If there were 100 tech workers in the whole world, 25 were female and 75 were male, and there were two 50-person tech companies out there… if one of those companies actually achieved a 50/50 gender split, the other company would be at 0/100.  This is, at best, a local, not global success.  The tech industry’s diversity push is one never ending tug of war, yet this is the zero-sum game and the approach most tech companies take. So what does really caring about diversity look like?  TL;DR: bringing up a more diverse next generation.  Stereotypes are insidious and start at an early age – way before workers enter the workforce, even before students pick their disciplines in school that affect how they enter the workforce. There’s even evidence to suggest these stereotypes are there before children even learn to read.  And these stereotypes tell minorities that technical, high-paying jobs in tech aren’t for people like them. We’re only going to solve the diversity problem in tech by going to the source, where there are two issues:  Not enough diverse people entering the technology workforce (whether out of school or switching later in life); and  The pipeline is leaky – diverse candidates are more likely to exit the tech industry (for caring duties, personal reasons, or discrimination) than those in the majority. Inclusion initiatives should help with the second facet – and there’s been great work by many tech companies to shift to more human-first working patterns, practices and policies to shore up the leaks. But there is a lot of work to do to combat the first challenge & get more people into tech in the first place.
What you can do to support diversity in tech So, tech companies out there, here are three things you can do to get us out of this zero-sum game: 1. Support early-age initiatives Awareness of future career opportunities in diverse populations is a challenge. At Tessian, we’ve been working with organisations such as the WISE Campaign’s Young Professionals’ Board whose mission is to inspire, engage & advocate for the next generation of STEM (science, technology, engineering and maths). Gisela Rossi, Tessian Engineer & WYPB member has been supporting initiatives such as the Tara Binns book series working to break down stereotypes in children aged 5-11, and running competitions to engage children in these industries. There are many great organisations out there such as the WISE Campaign, and STEM.org, but don’t just donate dollars – donate voices, and donate time. 2. Go back to school On that note, volunteering initiatives are powerful. We encourage our Tessians to take volunteer days & outreach to schools to raise the profile of voices in tech, and evangelize that tech can be for anyone. Don’t just leave it to teachers – show the promise of these roles to the next generation, don’t just tell them about it. A quick tip is to reach out to local schools – especially those that lack the resources to explore these subjects. Local alumni speakers who are actually in these industries are a quick and simple way to show children that there are real opportunities out there for all people – including people like them.  3. Grads Grads Grads (& Career Changers) Yes, you need diversity at the top too, but if all your roles demand 5+ years of experience, the next generation of diverse candidates is never going to arrive.  As soon as you reach a critical mass, you need entry-level programs and paid internships – and yes; they have to be paid, because unpaid internships are only viable for those who can already afford not to bring in earnings.  What about at Tessian? At Tessian, we were less than 15 people when we hired our first intern, and we’ve run paid internships (sometimes in full blown programs, sometimes ad-hoc) and brought in young talent ever since. And we’re hiring our next engineering grad intake now. Yes – it’s going to eat up some management time, but in my view, any tech company with a decent cash balance that isn’t running either paid internships or entry-level programs, isn’t taking diversity seriously in a meaningful sense. Doing the right thing, and running a human first company can be hard; the benefit of the initiatives will be felt by the tech industry in 10 or 20 years’ time, not the tech industry of today.  The ROI in your one to three year business plan isn’t going to bear the fruit of these initiatives, but folks, we have to solve this: we have a huge skills gap in tech and cyber security, where there are high paid jobs sitting vacant for lack of interest and training.  As an industry with so much promise and so much investment, we need to stop looking inwards and start looking outwards to the global tech ecosystem, or our diversity initiatives will just be us forever chasing our tail.
Tessian Culture
Why Shutting Down Tessian Was The Best Decision We Ever Made
By Sabrina Castiglione
24 December 2020
When we set out to define our values, we asked our people what being a Tessian meant to them. The value that was born out of this – now our first and foremost value – is Human First.  Human First is the value we’d always had but never captured in words. As soon as it crystallized, it was everywhere. Within weeks you would hear it in every other meeting, it would be the first question in every decision that touched our people, and it merged completely into how we think about our mission; even more than being a cutting-edge technology company, we’re a cutting-edge human company, building for human beings as they are, not how security standards want them to be. So what does it mean to be a Human First company in the age of coronavirus? Like many companies a lifetime ago (March 2020) we went remote overnight. A formerly office-first company, we’d naively expected lower productivity & that everyone would be more relaxed not having to travel to and from the office every day. We were so wrong.
A couple of weeks in, once the novelty of an extra hour in bed had worn off and we had realized that being remote wasn’t stopping work getting done, we started to pick up on themes – people working later and later, more and more questions in our employee engagement platform about mental health, self care, and dealing with stress.  We talked a lot more about our Employee Assistance Program and we told people they should still try & take their paid leave. But compounded by being confined at home, those who managed to take leave found that they couldn’t help but gravitate back to their phone & laptop, with email & messaging pinging throughout the day (and night, since we’re an international team). Our Tessians couldn’t switch off with no-where to go and the spectre of their inboxes piling up and up. We knew we needed to stop saying things, and needed to do something big, fast. So we shut down the Company. (For a day.) Why? Let’s roll back a moment. We asked people why they were struggling to switch off, and we listened to their fears of letting their teammates down with so much work going on, and the creep in hours to find overlap time with their international colleagues.  We realized that unless all our Tessians – from the CEO, to our newest graduates – were all offline, it was hard for anyone to be offline. Enter Refreshian Day.
Refreshian Day is not a vacation or holiday day. It’s a paid day we give to our Tessians, to do what they need to do to take care of themselves, when all Tessians are offline, together. When we know our people have been, or will be, working even harder than usual to bring our vision to life, it’s important to give something back. Our first Refreshian was in July; our second, October. And today we’ve announced our third in February 2021.  We ask only two things of our people on Refreshian day: Don’t work Take time to take care of you Being human means one size never fits all, and our Tessians have variously taken long walks, spa days, watched sunsets, crafted pottery and baked a lot (lot, lot) of bread. Being a human first company means giving our people the space and time to revel in what makes them unique – even if it means shutting everything down from time to time.
How would you spend your Refreshian day? Join us and find out.
Tessian Culture
Our Journey Towards Diversity and Inclusion
By Jade Jarvis
18 December 2020
Over the past few months, Tessian has been taking steps towards creating a more diverse and more inclusive place to work.  Why? Because We’ve acknowledged that we’re not as diverse as we want to be. But, we’re committed to making a change.  Why is this so important to us?  Of course, there are many reasons (just a few mentioned by our very own Tessians) but the two main drivers are for:  The individual: it’s the right thing to do. Diversity is infinite and everyone should feel valued for who they are and have the opportunity to bring this to work.  Our future: With diversity of thought, we can be a better Tessian. This will enable us to not only challenge the status quo and stay ahead of innovations, but also create opportunities for more people to be a part of our journey.  We know this isn’t something we can change overnight, but we’re already making small positive moves in the short-term as we work towards those bigger, long-term changes.  Most importantly, we simply want to make a difference where we can. This is an industry-wide problem. That means it involves every single one of our Tessians. So, where do we start? We believe the first step is understanding and awareness, combined with action and change. This is what prompted us to begin our Diversity and Inclusion learning journey.  The Journey  We partnered with Jeff Turner to build and deliver our D&I learning journey for everyone to experience together – to learn, connect and come together as one company.  Two key aims for the program were:  Shared understanding: Part of the training was to socialize D&I terms; to not only get everyone ‘speaking the same language’, but also to create a safe environment for people to ask questions and learn about each other’s different perspectives.  Building connections: We chat to some of our colleagues every day. But, how many times do you get the response ‘Good, thanks’ when you ask someone how they are? I bet almost every time! We wanted to give people the chance to build connections across departments at Tessian and encourage people to share deep experiences that they otherwise might not have.  The program consisted of three sessions (described very high-level below) and each were delivered two weeks apart:  Diversity: Appreciating our differences and knowing that everyone brings value to the workplace.  Unconscious Bias: Accepting that everyone naturally has their own biases which have formed over time based on our life experiences, preferences, education – all the things that make us who we are. And importantly, recognizing that we can make the unconscious, conscious by challenging our own biases when making decisions.  Building Inclusion: Consciously ensuring our behavior is inclusive and learning how to appropriately call out exclusive behavior including microaggressions.  There were 25+ people involved in each session. Importantly, these people dialed in from all around the world. This enabled the sessions to be interactive. We also learned from feedback that these smaller, diverse groups made people feel safe and encouraged everyone to share their personal experiences. No judgement.  But we didn’t want these sessions to be the only place where people talked about Diversity and Inclusion.  To ensure the conversation continued throughout the business, we sent out pre-reads with three key learning objectives and three things to think about ahead of the session and post-reads with the top three takeaways and suggested follow up actions. 
What did we learn?  We’ve had exceptional feedback following the completion of this program and already feel like it has had a positive impact on our company culture.  The essence of the feedback is that the program genuinely encouraged deep self-reflection and learning. People have told us that not only have they already learned things that will change how they behave going forward, but that it’s been an amazing bonding experience with their colleagues – which means even more in this period of remote worklife.  A few direct quotes from our employees: “Best D&I session I’ve had – it didn’t focus on the more obvious points of diversity but delved much more deeply into what makes each of us different.” “IT WAS BLOODY AWESOME.” “I love these sessions, they challenge your perceptions and make you know other people you work with better. I am honestly sad that there’s only one left.” It doesn’t end there… As we’ve said, there’s no quick fix here. We have to keep working together to enable change.  Our culture is highly collaborative and that’s why it’s so important to us that we’re co-creating solutions and actions with Tessians as we go – to find out what they want, what they need, and how we can learn together along the way.  Here are a few ways we’re continuing to push forward:  Inclusion competition: We’ve asked people to submit their ideas for what we can do to create a more inclusive place to work. Ideas will be judged based on potential impact, scalability, and originality. We’ve already received some great entries so far. Watch this space!  ‘Managing Inclusively’: In 2021, Jeff will be back to deliver an additional session exclusively for our managers. Here we will go even deeper – talking about privilege and the power that we disproportionately hold as managers, and how to use this power to create change. D&I report: For the first time ever, we’ll be internally publishing a D&I report to share key metrics and what these metrics mean. Transparency is an essential component. We expect to uncover a lot of home truths that will lead us to building the right solutions for Tessian. We have a long way to go on this journey of creating a better Tessian and a better world. We will continue to share as we go along, and would love to hear from anyone interested in coming on this journey with us.
Tessian Culture
Customer Success: Lessons Learned in 2020
By Henry Trevelyan Thomas
16 December 2020
What a year! As 2020 draws to a close, we wanted to take some time to reflect on some awesome wins and what we’ve learned through a tumultuous year. I’ll try my best to not mention “Zoom fatigue”, “the new normal” or “unprecedented”.  Here goes nothing. 2020 in numbers 👨‍👨‍👧‍👧 We spent more time with our customers than ever before with >1000 customer review meetings taking place 💻 We onboarded our 200,000th employee on to the Tessian platform  ❌ We detected or prevented 450,000 misdirected emails and advanced spear phishing attacks, and over 2,000,000 data exfiltration attempts for our customers  🌍 We started working with some incredible new customers across the world – Cordaan, GoCardless, and Schroders PW to name just a few 📣 35 customers took to the stage at various Tessian events to speak about their approach to Human Layer Security and security culture
Agility is key The security challenges the pandemic created for our customers were far greater than navigating the overnight transition to remote working. Email sending was up 129%, attackers pivoted quickly to COVID-related attacks, and employee uncertainty led to unconventional (and non-compliant) sending behaviors. We all had to pivot quickly. At Tessian, our CSMs ran consultative health checks with all customers, our Product and Data Science teams updated our end-user warnings to raise employees’ awareness of COVID-related attacks, and our Marketing team launched our remote-working content hub filled with blogs, guides and reports for customers to consult and share with employees. A true embodiment of craft at speed. Security came to the forefront 2020 was another year of security grabbing the attention of boardrooms, investors and mainstream media outlets. Specifically, the trend of having empathy for employees accelerated. This has led to the rise of technologies that work in the background – making employees’ lives easier and unburdening them from the expectation that they must also be security experts. As Tim Fitzgerald (CISO @ Arm) and I reflected on, everyone has gone through so much this year (personally and professionally), that security teams need to lead with an approach that helps empower rather than restrict their employees. What’s more, it was the year that Human Layer Security became widely recognized as the obvious and necessary direction enterprise security is headed, with Tessian being recognized by both Gartner and Forrester for the work we’ve been doing with our customers.  In short, when times got tough, our goal “to stop breaches, not business” became more important than ever.  Visibility of risk takes a whole new meaning in a remote world As we’ve touched on before, security teams have gone from managing a handful of offices around the world to thousands of home offices around the world. In this decentralized working model, visibility is more important than ever before. We identified that early and worked incredibly hard to bring our customers more visibility into their human layer security risks. From our customer conversations it became apparent that security teams were more stressed and stretched than ever. Rather than throwing more data at them, we needed to focus on surfacing the most relevant trends and actionable insights so that security teams could be more effective and efficient in reducing risk. And that led to our launch of our Human Layer Security Intelligence platform.  The best CISOs are culture champions The role of a CISO continues to evolve. No longer is it enough to implement top-down technology and hope for the best. The most forward-thinking security teams are building positive security cultures by appointing security ambassadors and asking management to drive awareness in their teams. More on that with my conversation with Kevin Storli (Partner @ PwC) here and from Mark Logsdon (Head of Cyber Assurance and Oversight @ Prudential) here. Your suppliers’ risk is your risk As Kevin and I also discussed, it’s no longer enough to inwardly think about your risk. You need to engage with your supplier ecosystem to ensure you’re on the same page. We’ve all seen the headlines about a recent high-profile supply-chain attack, and it’s likely that we’ll see more of these in the future. Security is a team sport and we need to all be vested in the security of others. 
Putting the “human” in Human Layer Security Finally, being human-first is one of the core values we live by at Tessian, I’m proud of how my team carried this with them day-to-day.  Before every interaction we asked ourselves two key questions: 1) Are we being genuinely helpful? and 2) Are we being deeply empathetic to our customers’ circumstances?  It’s about recognizing that each new customer win for us has been underpinned by forward-thinking security folks who are fighting to protect their employees against yesterday’s, today’s, and tomorrow’s risks. Each Quarterly Business Review is a story of helping those people who invested in Tessian do a great job and get the recognition they deserve. Each internal meeting is about understanding how we can support each other to succeed together. As a result, our relationships are stronger, and more people are protected by Tessian.  (Shout-out to Nick Mehta, CEO @ Gainsight, for his words of wisdom at our Q2 Town Hall and to Howard Schultz, former CEO at Starbucks,  at our Human Layer Security Summit – two leaders who are truly human-first and always lead by example.) Goodbye 2020, hello 2021 👋 From being hit by a pandemic to developing a more human-first approach to our customer relationships, it’s been a different kind of year. We’ve formed some amazing partnerships and been pushed in all the right ways by our customers. It’s important to reflect on how much we accomplished and learned, and of course, to say thank you to those who helped us along the way. Now, onward to 2021.
Tessian Culture
Introducing Tessian’s New Hybrid Remote Model: Choice First
By Paige Rinke
04 December 2020
We certainly won’t be the first to have made this claim in the last nine months but…the world has changed. Yes – we’ll say it – these are unprecedented times.  That’s why companies around the world are reinventing their approach to engaging with and supporting their people. How has Tessian adapted so far this year? So, what have we done at Tessian? A lot.  We’ve reimagined how we socialize and connect with Tessians all over the world (yes, there’s been bingo!). We’ve set up fully remote onboarding for the first time ever. We’ve even ever-so-briefly re-opened our London office, with super safe protocol and measures put in place to protect those of us who wished to return. We’ve done it all. But undoubtedly the biggest challenge we’ve had to grapple with – and therefore the question we’ve had to answer – is this: What should the new world of work look like for Tessians when things start to return to “normal”?  We know for sure that our office of the future will be very different from our office of the past, but what exactly does it look like? And, more importantly, how do we support  Tessians while the future is still so unclear? It’s been a journey, but we’re excited to finally share Tessian’s plans for the future. It’s looking bright – and full of choice. What does the new world of work look like at Tessian? Some companies pride themselves on being entirely remote. And there are no doubt benefits to this simplified approach. No office politics. And, decisions don’t get made “where the action is” (in the office) because, well, there isn’t one! Others are still trying to retain an office that puts culture first. They want to create a space that fosters collaboration and offers the social benefits that are synonymous with a bustling office.  But we believe that both of these approaches – while possibly easier and with fewer risks to manage – miss out on one of the most important determinants of happiness and wellbeing in our lives: Choice. So, at Tessian, we’re excited to announce our new approach to the future of work: Choice First What is Choice First? Choice First enables Tessians and future Tessians to do their best work, in whatever way is best for them. Put simply, we will be giving our team three options to choose from, with as few caveats as possible:
Why have we landed here (and not remote first, or office first)? We have done extensive internal and external research, and there are three core reasons we believe this is the way forward.  1. Attract (and keep!) world-class talent  We know that the best companies in the world will be adopting remote options for employees while keeping hubs for those employees who prefer being able to work and socialize in the office. It’s about getting the best of both.  We want to be amongst these companies. That way, we can continue to attract and retain the best people.  Internally, having heard from our people (our Culture Council has done some great work here), some Tessians can’t wait to get back to the office.  We want to ensure that we still have this option in the future. In fact, some have even said they wouldn’t want to work for a company that didn’t have this as an option! But some Tessians have experienced an enormously positive change in their lives since skipping the commute to the office every day. We need to ensure that we offer both. Just look at the results of our most recent research report, Securing the Future of Hybrid Working. You can see employees really do want to be able to work from anywhere. !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); 2. Diversity catalyst  This will open doors to new pools of diverse talent and will make room for every potential Tessian. We believe this will support us in creating a more diverse “place” to work by:  Opening up talent pools in different locations around the country (and world!) Allowing those who need to work from home for health reasons, or due to caring or other responsibilities, will be able to join the Tessian experience Enabling those who do want to enjoy the social elements of an office to do so Learn more about why diversity is important at Tessian…from Tessians. Watch the video now. 3. Take care of Tessians and support wellbeing Choice First allows people to be in control of their own working lives.  Which is a good thing. Why? Because what works for one person may not work for another.  Studies have shown that when employees are given the freedom to make the right choices for their career and their life outside of work, their holistic wellbeing will be greater.  Surprisingly, given how difficult this period of working from home has been, our own engagement data is backing up how not being in the office can increase wellbeing. We’ve had a significant (over 10%!) uplift in our company engagement scores against the “health” driver (which measures things like mental and physical wellbeing) since leaving the office back in March.  So, for people to do their best work, and have good holistic wellbeing, we need to enable choice around work locations and preferences. What about the risks?  We all know that introducing a hybrid culture is not without its challenges. So we’re dedicating significant time and resources over the coming months to counteract these. Just some of the key things we’re thinking about are below.  Culture Inclusivity – How do we make sure people aren’t left out because they do or don’t work in the office? Communication – How do we make sure people feel connected to what’s happening at Tessian? Fun – How do we keep things interesting in a hybrid environment? Fairness – How do we make sure no one is positively or negatively impacted due to their choice? Ways of working Communication – When do we use synchronous vs asynchronous communication? How we work – Are hybrid working patterns different from office-based patterns? Security – How can we continue leveraging technology, policies, and training to keep our people safe, wherever and however they work?  Amplifying performance – How can we provide in-the-moment feedback and help Tessians do their best work, even when we’re not all together? Effectiveness – Does hybrid make it harder to get stuff done? Do we have the right tools in place to support everyone? What’s next? There is still a lot of work to be done. We will be mobilizing our internal teams to make sure our current employees and future Tessians have clarity about their options. Of course, decisions don’t need to be made just yet. Watch this space for more insights about our journey – we can’t wait to share it with you.
Tessian Culture
A Solution to HTTP 502 Errors with AWS ALB
By Samson Danziger
03 November 2020
At Tessian, we have many applications that interact with each other using REST APIs. We noticed in the logs that at random times, uncorrelated with traffic, and seemingly unrelated to any code we had actually written, we were getting a lot of HTTP 502 “Bad Gateway” errors. Now that the issue is fixed, I wanted to explain what this error means, how you get it and how to solve it. My hope is that if you’re having to solve this same issue, this article will explain why and what to do.  First, let’s talk about load balancing
In a development system, you usually run one instance of a server and you communicate directly with it. You send HTTP requests to it, it returns responses, everything is golden.  For a production system running at any non-trivial scale, this doesn’t work. Why? Because the amount of traffic going to the server is much greater, and you need it to not fall over even if there are tens of thousands of users.  Typically, servers have a maximum number of connections they can support. If it goes over this number, new people can’t connect, and you have to wait until a new connection is freed up. In the old days, the solution might have been to have a bigger machine, with more resources, and more available connections. Now we use a load balancer to manage connections from the client to multiple instances of the server. The load balancer sits in the middle and routes client requests to any available server that can handle them in a pool.  If one server goes down, traffic is automatically routed to one of the others in the pool. If a new server is added, traffic is automatically routed to that, too. This all happens to reduce load on the others.
What are 502 errors? On the web, there are a variety of HTTP status codes that are sent in response to requests to let the user know what happened. Some might be pretty familiar: 200 OK – Everything is fine. 301 Moved Permanently – I don’t have what you’re looking for, try here instead.  403 Forbidden – I understand what you’re looking for, but you’re not allowed here. 404 Not Found – I can’t find whatever you’re looking for. 503 Service Unavailable – I can’t handle the request right now, probably too busy. 4xx and 5xx both deal with errors.  4xx are for client errors, where the user has done something wrong. 5xx, on the other hand, are server errors, where something is wrong on the server and it’s not your fault.  All of these are specified by a standard called RFC7231. For 502 it says: The 502 (Bad Gateway) status code indicates that the server, while acting as a gateway or proxy, received an invalid response from an inbound server it accessed while attempting to fulfill the request. The load balancer sits in the middle, between the client and the actual service you want to talk to. Usually it acts as a dutiful messenger passing requests and responses back and forth. But, if the service returns an invalid or malformed response, instead of returning that nonsensical information to the client, it sends back a 502 error instead.  This lets the client know that the response the load balancer received was invalid.
The actual issue Adam Crowder has done a full analysis of this problem by tracking it all the way down to TCP packet capture to assess what’s going wrong. That’s a bit out of scope for this post, but here’s a brief summary of what’s happening: At Tessian, we have lots of interconnected services. Some of them have Application Load Balancers (ALBs) managing the connections to them.  In order to make an HTTP request, we must open a TCP socket from the client to the server. Opening a socket involves performing a three-way handshake with the server before either side can send any data.  Once we’ve finished sending data, the socket is closed with a 4 step process. These 3 and 4 step processes can be a large overhead when not much actual data is sent. Instead of opening and then closing one socket per HTTP request, we can keep a socket open for longer and reuse it for multiple HTTP requests. This is called HTTP Keep-Alive. Either the client or the server can then initiate a close of the socket with a FIN segment (either for fun or due to timeout).
The 502 Bad Gateway error is caused when the ALB sends a request to a service at the same time that the service closes the connection by sending the FIN segment to the ALB socket. The ALB socket receives FIN, acknowledges, and starts a new handshake procedure. Meanwhile, the socket on the service side has just received a data request referencing the previous (now closed) connection. Because it can’t handle it, it sends an RST segment back to the ALB, and then the ALB returns a 502 to the user. The diagram and table below show what happens between sockets of the ALB and the Server.
The fix … is fairly simple.  Just make sure that the service doesn’t send the FIN segment before the ALB sends a FIN segment to the service. In other words, make sure the service doesn’t close the HTTP Keep-Alive connection before the ALB.  The default timeout for the AWS Application Load Balancer is 60 seconds, so we changed the service timeouts to 65 seconds. Barring two hiccoughs shortly after deploying, this has totally fixed it. The actual configuration change I have included the configuration for common Python and Node server frameworks below. If you are using any of those, you can just copy and paste. If not, these should at least point you in the right direction.  uWSGI (Python) As a config file: # app.ini [uwsgi] ... harakiri = 65 add-header = Connection: Keep-Alive http-keepalive = 1 ... Or as command line arguments: --add-header "Connection: Keep-Alive" --http-keepalive --harakiri 65 Gunicorn (Python) As command line arguments: --keep-alive 65 Express (Node) In Express, specify the time in milliseconds on the server object. const express = require('express'); const app = express(); const server = app.listen(80); server.keepAliveTimeout = 65000
Looking for more tips from engineers and other cybersecurity news? Keep up with our blog and follow us on LinkedIn.
Human Layer Security Spear Phishing Tessian Culture
8 Book Recommendations for Security Professionals
By Maddie Rosenthal
22 October 2020
Most security professionals rely on recommendations from their peers when it comes to vendors, solutions, and strategies. So, why not books? We asked our own cybersecurity experts what they were reading and rounded-up eight books to add to your reading list. The Cuckoo’s Egg In 1986, Clifford Stoll – a systems administrator at the Lawrence Berkeley National Laboratory – wrote this book. Based on his field notes, this is arguably one of the first documented cases of a computer hack and the subsequent investigation, which eventually led to the arrest of Markus Hess.  It’s now considered an essential read for anyone interested in cybersecurity. CISO Compass: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers  While this book covers all the fundamentals of IT security governance and risk management, it also digs deeper into people. After all, being a CISO isn’t just about technology. The insights in the book come directly from CISOs. In total, 75 security leaders contributed to the book, which means there’s plenty of actionable advice you can apply to your strategies.  Looking for more insights from security leaders? Check out Tessian’s CISO Spotlight series.  Art of Deception Written by someone pretty well-known in the security field – Kevin Mitnick – Art of Deception offers readers an insider’s view on what it takes to hack a system (and therefore what you can do to protect yourself).  Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers  Politics play a big role in cybercrime.  This book is focused on Sandworm, the group of Russian hackers who, over the last decade, has targeted American utility companies, NATO, and electric grids in Eastern Europe and paralyzed some of the world’s largest businesses with malware. But the author, Wired senior writer Andy Greenberg, also provides plenty of background on both the technology and the relationships between various countries. Social Engineering: The Art of Human Hacking If you want a breakdown of every aspect of social engineering – from elicitation, protecting, influence, and manipulation – this one’s for you. Written by Christopher Hadnagy – the lead developer of the world’s first social engineering framework – this book is a sort of intro to hacking humans that could help you level-up your phishing awareness program and defenses.   We take a deep dive into the psychology of human error in this report, with insights from Stanford Psychology and Communications professor Jeff Hancock.  The Fifth Domain: Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats In the same vein as Sandworm, this book explores cyberwar, nation-state hackers, and the future. While it doesn’t offer highly technical insights, there is plenty of practical advice on how organizations and individual people can avoid being hacked.  Cult of the Dead Cow Cult of the Dead Cow explores some of the world’s most infamous hacking groups – particularly the cDc – and explains how technology, data, and – well – the world has changed because of them.  CISM Certified Information Security Manager All-in-One Exam Guide Yes, this is an exam guide…and yes you should add it to your reading list. If nothing else, to have on-hand as a reference. Why? It covers everything. Security governance, risk management, security program development, and security incident management. Curious as to whether or not other security professionals have their CISM certification? We interviewed 12 women about their journeys in cybersecurity. Read their profiles here and the full report, Opportunity in Cybersecurity Report 2020.
Page
[if lte IE 8]
[if lte IE 8]