TechTarget • 5th February 2026

10 Types of Information Security Threats for IT Teams

Cybersecurity teams must be mindful at all times of the current threats their organization faces. While it's impossible to thwart every threat, stopping as many as possible and quickly detecting when they occur are both critical for reducing damage. Here are 10 types of threats that cybersecurity teams should focus on.

TechTarget • 4th February 2026

Top open source and commercial threat intelligence feeds

Let's take a closer look at cybersecurity threat intelligence feeds and highlight some leading options -- both open source and commercial.

TechTarget • 30th January 2026

5 deepfake detection tools to protect enterprise users

Let's look at five of the top tools that CISOs can use today to detect deepfake videos entering their organizations.

Trusted Cyber Annex • 12th January 2026

Five takeaways from NIST SP 800-70 update

To help public comment reviewers and anyone else interested in the details of the changes, we’ve done a side-by-side comparison of the revisions and identified the five most significant takeaways.

TechTarget • 9th January 2026

How to Create an Incident Response Playbook

Here's a look at what incident response playbooks accomplish, why they are important and how to use them.

Trusted Cyber Annex • 6th January 2026

Do AI chatbots tell the truth? Six-month follow-up

Six months ago, I tested five AI chatbots—ChatGPT, Claude, Copilot, Gemini, and Perplexity—to see how they performed when asked to provide a set of facts from a publicly available cybersecurity standard. The results were…not great.It’s time to repeat the tests and see how the chatbots’ performance has changed.

NIST • 18th December 2025

Integrating Cybersecurity and Enterprise Risk Management (ERM)

This document is intended to help individual organizations within an enterprise improve their cybersecurity risk information, shared through their enterprise’s ERM processes.

NIST • 17th December 2025

Draft SSDF 1.2

NIST has released the initial public draft of Special Publication (SP) 800-218r1 (Revision 1), Secure Software Development Framework (SSDF) Version 1.2: Recommendations for Mitigating the Risk of Software Vulnerabilities, per Executive Order 14306. This document describes new and improved practices, tasks, and examples for the secure and reliable development, delivery, and improvement of software.

Trusted Cyber Annex • 12th December 2025

Thanks, and best wishes for 2026!

You know when you make plans and life laughs out loud at them? That’s how 2025 has been for me.

TechTarget • 9th December 2025

Top 6 Data Loss Prevention Tools for 2026

Some DLP tools encompass the entire organization -- and these are the focus of this article. First, let's discuss some must-have features and capabilities. Then, take a close look at six enterprise DLP tools for the information needed when evaluating the best product for your company's needs.

NIST • 25th November 2025

Trusted IoT Device Network-Layer Onboarding and Lifecycle Management

This guide shows how to provide network credentials to IoT devices in a trusted manner and maintain a secure device posture throughout the device lifecycle, thereby enhancing IoT security in alignment with the IoT Cybersecurity Improvement Act of 2020.

NIST • 25th November 2025

Towards Automating IoT Security: Implementing Trusted Network-Layer Onboarding

This document provides an overview of trusted Internet of Things (IoT) device network-layer onboarding—a capability for securely providing IoT devices with their local network credentials in a manner that helps to ensure that the network is not put at risk as new IoT devices are connected to it. Additionally, the paper demonstrates the security benefits of trusted network-layer onboarding and how it can address problems with current IoT device onboarding practices.

TechTarget • 24th November 2025

5 steps for a smooth SIEM implementation

Thoughtful and strategic planning can make the difference between a rocky and smooth deployment. If you've recently purchased SIEM technology or are in the process of doing so, let's examine some best practices for implementation.

Trusted Cyber Annex • 7th November 2025

In-depth Q&A on federal cybersecurity writing

Earlier this fall, I did a Q&A session on my experiences writing for NIST. Last week I did a follow-up Q&A session that went into more detail on my NIST and FedRAMP writing.

TechTarget • 23rd October 2025

SIEM benefits and features in the modern SOC

Let's explore key features and benefits of the modern SIEM.

TechTarget • 16th October 2025

7 top deception technology vendors for active defense

This article presents key factors to consider and features to look for when purchasing cyber deception technologies, along with a list of some of the top deception technology vendors.

TechTarget • 26th September 2025

What to know about 5G security threats in the enterprise

Organizations that use 5G services should consider how bad actors could use the technology against them. These are my top insights on 5G security threats for enterprise CISOs, based on a series of 5G cybersecurity white papers I co-authored for NIST's National Cybersecurity Center of Excellence.

Trusted Cyber Annex • 22nd September 2025

Q&A on cyber writing for NIST

I recently did a Q&A session with members of Cybersecurity Club on my experiences writing for NIST, and I had the best time! With their kind permission, I’m sharing edited highlights from that Q&A with you, including a big announcement about an upcoming NIST-related project we’ll be doing at the Annex.

NCCoE • 17th September 2025

Addressing Visibility Challenges with TLS 1.3 within the Enterprise

This practice guide illustrates practical approaches that users can adopt to gain visibility into TLS 1.3-protected network traffic for application servers within their controlled enterprise data centers.

NIST • 3rd September 2025

Multi-Factor Authentication for Criminal Justice Information Systems

This document provides practical information to agencies that are implementing MFA, reflecting on lessons learned from agencies around the country and from CJI-related technology vendors.

Trusted Cyber Annex • 19th August 2025

Cheat sheets for NIST's Digital Identity Guidelines

We released our second annotated versions of NIST’s Digital Identity Guidelines series. Our revamped “cheat sheets” for SPs 800-63-4, 800-63A-4, and 800-63B-4 add the NIST definition of each term the first time it’s used. The cheat sheets also highlight the recommendations and other info that, in our opinion, are most important for readers.

Trusted Cyber Annex • 11th August 2025

Annotated NIST pub on authentication

We’ve released an annotated version of NIST’s new SP 800-63B-4, Digital Identity Guidelines: Authentication and Authenticator Management. The annotations indicate each publication’s recommendations, definitions, and other information that, in our opinion, are most significant for readers.

Trusted Cyber Annex • 4th August 2025

Annotated version of NIST's Digital Identity Guidelines

We’ve released an annotated version of NIST’s Digital Identity Guidelines, SP 800-63-4. The annotations indicate the publication’s recommendations, definitions, and other information that, in our opinion, are most significant for readers. The annotations are intended to expedite, not replace, reading the NIST document.

TechTarget • 31st July 2025

How liveness detection catches deepfakes and spoofing attacks

Biometric liveness detection can stop fake users in their tracks. Learn how the technology works to distinguish real humans from deepfakes and other spoofing attacks.