X
Back to blog

Cybersecurity Insights with Contrast CISO David Lindner | 6/11

By David Lindner, Chief Information Security Officer

June 10, 2022

Insight #1

"Another week, another OGNL injection vulnerability in a widely used on premises system. As consumers, we need to start holding these companies with repetitive, pervasive, and destructive vulnerabilities accountable. Also, it’s time to move away from on-prem systems wherever you can."
 

Insight #2

"There are times we react to situations that have security or privacy implications to our organizations because of something that happened at a third party. The reaction may be public in the form of a tweet or Linkedin post and may make us feel better at the time. However, I have found it is much easier and more fruitful to reach directly out to the security leader at the third party and explain your concerns or point of view. Most of the time this works great and helps the third party to discover broken processes or policies and allows them to get better. We can always get better, including within our own organizations, and direct communication like this does work."
 

Insight #3

"As your organization grows you will realize that process and policy only go so far. One thing we do every quarter is looking at which process or policy can be turned into a technical control and set that as a goal. What technical control can you add this quarter?"
 
 
 
Thought Leaders
David Lindner, Chief Information Security Officer

David Lindner, Chief Information Security Officer

David is an experienced application security professional with over 20 years in cybersecurity. In addition to serving as the chief information security officer, David leads the Contrast Labs team that is focused on analyzing threat intelligence to help enterprise clients develop more proactive approaches to their application security programs. Throughout his career, David has worked within multiple disciplines in the security field—from application development, to network architecture design and support, to IT security and consulting, to security training, to application security. Over the past decade, David has specialized in all things related to mobile applications and securing them. He has worked with many clients across industry sectors, including financial, government, automobile, healthcare, and retail. David is an active participant in numerous bug bounty programs.

Previous

Thirst for workers leads to poisoned resumés
Next

Get that ‘We’ve been hacked!’ press release ready NOW
Enlarged Image