Security Experts:

Wade Williamson's picture

Wade Williamson

Wade Williamson is a Senior Threat Researcher at Shape Security. He has extensive industry experience in intrusion prevention, malware analysis, and secure mobility. He has extensive speaking experience having delivered the keynote for the EICAR malware conference and led the Malware Researcher Peer Discussion at RSA. Prior to joining Shape, he was Sr. Security Analyst at Palo Alto Networks where he led the monthly Threat Review Series and authored the Modern Malware Review. He has also led the product management team at AirMagnet where he helped to develop a variety of security and network analysis tools targeted to WiFi networks. He has been a steady and active researcher of new threats and techniques used to compromise enterprise networks and end-users.

Recent articles by Wade Williamson

  • As we build more accessible, scalable, and efficient computing models, we likewise open ourselves up to attacks that are likewise more accessible, scalable and efficient.
  • The most important aspect for us as security professionals is to realize that the man-in-the-browser is not going away, and to understand what exactly has made it so successful.
  • In the same way we have watched APT techniques trickle down from nation-state actors to more opportunistic criminals, we should expect MitB to expand from financial services to all types of applications.
  • While free tools aren’t the answer for every problem, they probably should be a part of your security toolkit. Even better, they can provide an easy way to learn about new security technologies and provide your team with hands-on experience.
  • As enterprises become increasingly focused on security, it’s important to take an honest look not just at what security measures are in place, but how they are really used.
  • If criminals can’t use or sell stolen data without being caught, then the data quickly becomes worthless. As a result it’s critical to understand what happens to data after a breach.
  • One of the most consistently neglected costs of any security product is not the price or maintenance, but the time and talent required from security staff in order to get the real value out of it.
  • If you are going to analyze network traffic for hidden malware or look for anomalous behaviors that indicate an infection, you should be sure to include mobile devices and mobile malware in your efforts.
  • By shortening the scope of an attack, it’s far less likely that response teams will get the chance to analyze such attacks in situ, so to speak.
  • Security in the era of APTs is everyone’s problem, and to truly adapt means each team in an enterprise has to push itself out of its traditional comfort zone. Let’s look at some of these challenges.
  • Now that news sites know that hacktivists and cybercriminals have them in their sights, the lesson to be learned here is that cybersecurity needs to be a key part of any news organizations’ online strategy.
  • As security professionals, it’s our job to see around the corner whenever possible. While the sky is not falling, if controlling mobile malware isn’t on your radar, it definitely should be.
  • It’s important we remember that IT security is essentially an asymmetric struggle. If we don’t adapt, we simply play into the hands of those who want to attack us.
  • Even with the basics covered, we also have to be on the lookout for unknown threats and anomalies in our networks that can be an indicator of compromise.
  • Passwords are the ultimate goal for many hacking operations regardless of their sophistication. But, it’s important that we address the reality that strong passwords can’t be the only answer.
  • The challenges of Java-based threats go deeper than your average 0-day vulnerability, and these challenges will likely affect your approach to controlling them. Organizations need to weigh the risk of a technology against the reward for the enterprise.
  • Security evasion and customized malware has become mainstream for attackers of all skill levels, and we will always lose if we attempt to fight an automated threat with a manual response.
  • Wade summarizes key indicators as well as some of the techniques that may help you find other indicators of advanced attacks in your network.
  • Not only is Google raising the bar, installing a ladder and raising the bar again in terms of vuln bounties - they are doing so for an operating system that is virtually non-existent in the wild.
  • Developing our own search skills will not only expose us to lots of interesting information, but can also significantly improve our own security posture.
  • As the threat landscape continues to grow more daunting, it will become increasingly important that security teams find a safe way to share data concerning threats across organizational boundaries.
  • Modern data centers are in the midst of an ongoing period of very dynamic evolution that has fundamentally changed the speed and efficiency of enterprise computing. For this reason alone, it is critically important that we design modern security controls into our virtualized data centers.
  • Data in Microsoft's Security Intelligences report shows the broad impact of the Black Hole exploit kit in terms of its role in the delivery of threats.
  • Security will ultimately boil down to enforcement, even if we initially begin with detection. As a result, it’s important that when we perform our due diligence and evaluate new technologies that we do so with the end goal in mind.
  • In network security we are always in a battle of wits against the attackers, and today the best counter-measure for an intelligent attacker is still an intelligent defender.
view counter