Sign in to view Joel’s full profile
Welcome back
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
New to LinkedIn? Join now
or
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
New to LinkedIn? Join now
Menlo Park, California, United States
Contact Info
Sign in to view Joel’s full profile
Welcome back
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
New to LinkedIn? Join now
or
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
New to LinkedIn? Join now
10K followers
500+ connections
Sign in to view Joel’s full profile
Welcome back
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
New to LinkedIn? Join now
or
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
New to LinkedIn? Join now
View mutual connections with Joel
Welcome back
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
New to LinkedIn? Join now
or
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
New to LinkedIn? Join now
View mutual connections with Joel
Welcome back
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
New to LinkedIn? Join now
or
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
New to LinkedIn? Join now
Sign in to view Joel’s full profile
Welcome back
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
New to LinkedIn? Join now
or
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
New to LinkedIn? Join now
About
Welcome back
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
New to LinkedIn? Join now
Experience & Education
-
Socket
*******
-
******* ******** **.
*******
-
*****
*******
-
******** **********
******** ******* *** *********
View Joel’s full experience
See their title, tenure and more.
Welcome back
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
New to LinkedIn? Join now
or
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
View Joel’s full profile
Sign in
Stay updated on your professional world
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
New to LinkedIn? Join now
Other similar profiles
-
Joe Morrissey
San Francisco Bay AreaConnect -
Zane Lackey
New York, NYConnect -
Insiya Lokhandwala
San Francisco, CAConnect -
Zeya Yang
San Francisco, CAConnect -
Kabir Gill
San Francisco, CAConnect -
Sarah Wang
San Francisco, CAConnect -
Kimberly Tan
San Francisco, CAConnect -
Joe Schmidt IV
San Francisco, CAConnect -
Jonathan Lai
Menlo Park, CAConnect -
Doug Folden
San Francisco Bay AreaConnect -
David Haber
New York, NYConnect -
Santiago Rodriguez Lebrija
San Francisco, CAConnect -
Guido Appenzeller
Menlo Park, CAConnect -
Matt Bornstein
San Francisco, CAConnect -
Angela Strange
San Francisco, CAConnect -
Shangda Xu
San Francisco Bay AreaConnect -
Manish K.
Greater BostonConnect -
Steve Tchejeyan
Dallas, TXConnect -
Eric Green
Business Operations Protection at TikTok
New York City Metropolitan AreaConnect -
Ben Wallace
Baltimore City County, MDConnect
Explore more posts
-
Michael Smith, CISSP-ISSEP, CISM
A blog post I wrote for Vercara about the increase in APIS due to open banking and new rules from the Consumer Financial Protection Bureau around section 1033 of the Dodd-Frank Act. As Spiderman said once: "With great functionality comes great attack surface." #openbanking #apisecurity #apiprotection #applicationsecurity https://lnkd.in/eB32W2B6
12 -
Baris Aksoy
Snowflake's data breach is escalating 🥵 Hackers exploited the lack of multi-factor authentication(MFA)/2FA, stale passwords, and open network access via Infostealer malware. Surprising that basic security controls were absent 😳 If you hold customer data: 💥 enforce MFA across all systems 💥 implement regular password changes 💥 maintain strict network access lists Investing in your company's security posture is critical. Such threats will only increase in the future. https://lnkd.in/e8hRQabU #cybersecurity #cloudsecurity #datasecurity #identity #IAM #MFA #databreach #securitybreach #snowflakebreach #password #startups
20 -
Mark Barry
“When we think of remediating the machine identity problem, also known as secrets sprawl, we can lay out the problem in a couple sentences. "We have an unknown number of valid long-lived plaintext secrets spread throughout our code, configurations, CI pipelines, project management systems, and other sources, which we can not account for, and without a coherent rotation strategy. Meanwhile, developers continue to work with secrets in plaintext since it is a reliable, although problematic, way to get the application to work."” #identitysecurity #machineidentity #identityistherealperimeter
1 -
Michael Cohn
And the news keeps coming for BreachRx... Welcome to the team, Joe Sullivan! https://lnkd.in/eSRpjE4z "Joining BreachRx is a natural extension of his work, he said, since the company automates the process of documenting organizations' incident responses in the first hours and days." "We're in a broken place," Sullivan said. "The people who are the most intelligent about how to navigate us out of this are handcuffed by fear because they think the regulators are going to come after them." "The way Sullivan sees it, security chiefs have become accustomed to a corporate reality that doesn't provide them with the funds or employees needed to properly secure their systems." Enter, BreachRx. "The growing regulatory pressure on all executives, not just security chiefs, to clean up poor internal practices could force companies to invest more in security and help CISOs in the long run." #incidentresponse
5 -
Baris Aksoy
RSA 2024 Takeaway: AI or Die 🥵 Met dozens of CISOs, execs & founders at RSA this week. Quick observations: 1️⃣ Every vendor is AI-fying their pitch. They're leveraging AI/LLMs for various use cases - threat intelligence, SOC automation & more. Impressed by Google Cloud, CrowdStrike & Microsoft Azure security offerings with lots of LLM-powered automation across their stack 🤖 2️⃣ The other side of AI adoption? Security / Compliance / Safety. Many pitches around securing AI systems & data. AI safety will be a hot topic for a while. Congrats to Reality Defender Ben Colman for winning the RSA Conference Innovation Sandbox 👏 3️⃣ Enterprises are shifting towards unified security stacks driven by cost, simplicity & agility needs - EDR + ASPM + CNAPP + SIEM +...all-in-one. This'll trigger a new wave of acquisitions by major players like CrowdStrike, Palo Alto Networks, Zscaler, Wiz, SentinelOne. While there are many innovative exciting startups, I'm afraid most exits may be below $500M. 4️⃣ Critical infrastructure security is gaining more attention due to rising geopolitical threats. This is an urgent national security matter. I'm super proud to be an early investor in Eclypsium, Inc.. They are the MOST innovative critical infrastructure security platform for enterprises. 💪 (cc Yuriy Bulygin Alex Bazhaniuk) 5️⃣ Identity is the new perimeter. Loads of innovation here. A non-human identity layer is emerging rapidly. Cerby showcased many exciting product updates to secure new vulnerabilities in the identity stack. Watch this space 👀 Share if I miss others. #RSAC2024 #cybersecurity #IAM #EDR #SIEM #CNAPP #ASPM #criticalinfrastructure #supplychainsecurity #ai #ml #llm #largelanguagemodels
7910 Comments -
Jacob Boggess
What's your risk tolerance? I have a rather low one..so do a lot of PSP's Check out the verticals that pose a greater risk to PSP's and why they need to employ a multi payment provider strategy to survive in today's payment climate High risk merchants face different hurdles. With higher processing fees due to the risk associated with their transactions. Payments can be a difficult landscape to navigate Ever thought about what happens when a PSP's risk appetite changes or a merchant passes a chargeback threshold? They could be at risk with their contracts terminated. This can leave merchants completely unable to process payments if they do not have suitable fallback options in place The chargeback threshold has been the biggest factor for most high risk merchants being dropped by their PSP's and as a result; major losses in revenue There's many chargeback reasons and different verticals experience a variety of fraud Some of those reasons include: Buyer's remorse, desire for free goods or services, fraudulent transactions, unwanted subscriptions, and unrecognized charges Each of these reasons do have preventive measures, but at the end of the day the high risk merchants out there will continually battle them As merchants in these verticals grow, there is an ever increasing need to employ the multi-PSP/acquirer strategy to increase redundancy and keep payments flowing without stoppage of services Letting a PSP control your revenue seems a little silly, right?
485 Comments -
Robert W.
New Post: #CISA and @FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate Directory #Traversal Vulnerabilities - https://lnkd.in/dAir6seU CISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate Directory Traversal Vulnerabilities 05/02/2024 02:00 PM EDT Today, CISA and the Federal Bureau of Investigation (FBI) released a joint Secure by Design Alert, Eliminating Directory Traversal Vulnerabilities in Software. This Alert was crafted in response to recent well-publicized threat actor campaigns that exploited directory traversal vulnerabilities in software (e.g., CVE-2024-1708, CVE-2024-20345) to compromise users of the software—impacting critical infrastructure sectors, including the Healthcare and Public Health Sector. Additionally, this Alert highlights the prevalence, and continued threat actor exploitation of, directory traversal defects. Currently, CISA has listed 55 directory traversal vulnerabilities in our Known Exploited Vulnerabilities (KEV) catalog. Approaches to avoid directory traversal vulnerabilities are known, yet threat actors continue to exploit these vulnerabilities which have impacted the operation of critical services, including hospital and school operations. CISA and the FBI urge software manufacturer executives to require their organizations to conduct formal testing to determine their products’ susceptibility to directory traversal vulnerabilities. For more information on recommended principles and best practices to achieve this goal, visit CISA’s Secure by Design page. To catch up on the publications in this series, visit Secure by Design Alerts. Robert Williams#News247WorldPress
1 -
Taiye Lambo
This Kiteworks article provides valuable insights into the NSA's approach to enhancing Zero Trust maturity within the data pillar, emphasizing the critical importance of safeguarding data in today's cybersecurity landscape. Understanding the value and risks associated with data is paramount, and the emphasis on implementing data-centric security controls aligns well with best practices in cybersecurity. Overall, this article serves as a comprehensive resource for organizations seeking to strengthen their cybersecurity posture in an increasingly interconnected digital environment. NSA’s Advancing Zero Trust Maturity Throughout the Data Pillar: A Comprehensive Guide 👉 Learn more: https://gag.gl/qQPSz9 #cybersecurity #zerotrust #NSA #blog
17 -
Traceable
🚨 BREAKING NEWS: Traceable has released an in-depth report revealing API Security trends in the financial sector. 🔍📊 Our study, "The State of API Security in Financial Services," surveyed over 150 cybersecurity professionals in the US and uncovered important insights into the challenges, risks, and practices surrounding API security in this critical industry. Key Highlights: 📈 82% of financial institutions have compliance concerns related to API security 🚨 42% of API-related breaches are caused by fraud, abuse, and misuse 😨 Only 15% of organizations are extremely confident in detecting and preventing API-based fraud and abuse 🔍 64% lack the ability to understand the context between API activity, user activity, data flow, and code execution To access the full report and gain actionable insights for strengthening API security in financial services, download your complimentary copy now: https://lnkd.in/eJ9kbnc3 #apisecurity #cybersecurity #securityresearch #industryresearch
28 -
Harmonic Security
Security teams want deep insights into #GenAI usage, adoption, and associated risks. Context from Identity and Access Management tools is critical to these insights. Erica Allison provides a brief overview of our first-ever external data source integration – #EntraID Read more: https://lnkd.in/e99n6DHm
28 -
Alexandre BLANC Cyber Security
Almost a year to notify about the breach, just that, but don't worry, it's for your own good ! And don't forget to get their free credit monitoring as a compensation ! "Sav-Rx discloses data breach impacting 2.8 million Americans" ⚠ But NOW they took action, after this data has been leaked : Full name Date of birth Social Security Number (SSN) Email address Physical address Phone number Eligibility data Insurance identification number (Just more than enough to steal your identity, your finance, your life in society) So, they took action as follow : - They started to implement the basics of #cybersecurity ! YAY ! What a relief ! 💡 I really wonder what were they doing before ? As these were not implemented, state before the incident in 2023 : - No 24/7 security operations center - No multi-factor authentication on critical accounts (now they have, and they don't even enable it on ALL accounts, just the "critical" ones ! LOL common people ! ) - No network segmentation - No enhanced geo-blocking (aka geo fencing, aka conditional access) - No upgraded firewalls and switches (sure, why bothering) - No strengthened Linux security, - No BitLocker encryption (in the medical sector...) 🌨 Weather forecast : Another leak is coming, and it will most likely happen using a "non critical account", with a lateral move, and then escalation of privilege ! Then, maybe, they'll consider adding MFA on ALL accounts. 😆 But don't worry, you'll certainly get a credit monitoring extension by then ! connected=hacked #cybersecurity FAILURE https://lnkd.in/ecmcg6di
132 Comments -
Yuval Ben-Itzhak
SaaS DLP is important. Checkout the recent case at Disney. Metomic can help avoiding this risk. "Claims state that Nullbulge accessed Disney's Slack server and collected information about the company's upcoming projects, including concept art for Disney games. These reports also suggest that login details and personal details of workers were gathered." #SaaS #cybersecurity #dlp #slack
19 -
FISA - Cyber Security Academy
As organizations face mounting challenges from evolving threats like ransomware and vulnerabilities, a strategic and data-driven approach to threat hunting is imperative for safeguarding sensitive information and strengthening security postures. https://lnkd.in/dj7z6rFJ #cybersecurity #splunk #threat #hunting #dataanalysis #framework #strategies #fisaacademy
1 -
StrongDM
Hot take: Organizations can't comply with The Federal Financial Institutions Examination Council (FFIEC) controls AND mitigate internal access risks effectively using legacy PAM alone. 🏛️ Our Director of Solutions Architecture, Shane S., wrote a blog highlighting how organizations can meet stringent FFIEC controls—one requirement at a time. Read on: https://lnkd.in/g6F4p3G4 #compliance #government #FFIEC
8 -
Cole Grolmus
You probably heard about BeyondTrust acquiring Entitle for ~$150 million. Here's the part you may not have heard: Co-founder Ron Nissim called his shot about IGA converging with PAM just over a year ago. I had the opportunity to interview Ron last year right before Entitle came out of stealth. One of the topics we talked about was the convergence of IGA and PAM use cases. At the time, he had a theory: "I have a theory that IGA and PAM are converging in the cloud. What's essentially been happening to us is that we've been solving a lot of [PAM] use cases. We can provide a lot of the things that customers need from PAM, like just-in-time, temporary access management." He may not have fully realized it then, but his theory was totally right. This early insight ended up being one of the main strategic drivers for BeyondTrust's acquisition of Entitle. Congratulations to the Entitle team! ___ Thanks again to Elizabeth Safran and Dean Pe’er for making this interview happen. The full discussion from February 2023 is available on my website if you want to revisit Entitle's journey from launch to acquisition.
10917 Comments -
Jacob Boggess
Based off the last couple days what I have thought for awhile is coming true... Payment orchestration is outdated😰 Don't get me wrong, orchestration is here to stay and a vital piece of payments It's simply a piece of the larger puzzle when it comes to truly owning and capitalizing on the capability of what payments can do Which makes payment optimization a much more applicable term in today's market Payment orchestration involves managing multiple payment methods, gateways, and providers in a unified manner to streamline the payment process Payment optimization focuses on maximizing the efficiency and cost-effectiveness of the payment process It involves strategies to reduce transaction costs, minimize payment failures, mitigate fraud risks, and improve authorization rates Just simply having routing logic or multiple APM's will not suffice in an ever-changing market You need data analysis, machine learning algorithms, and A/B testing to identify trends, and fine-tune payment acceptance strategies Payment orchestration and payment optimization may sound and look the same, but once you truly break it down you can see the full picture of what your payments should look like
3010 Comments -
Sid Yenamandra
Enhancing Cybersecurity Compliance: Key Lessons and Practices for Financial Advisors Recent SEC fines highlight the need for robust cybersecurity compliance practices. Here are some key lessons, and how AI tools from our portfolio companies—Avery AI, Kovair Omnibus, and Fusion1—can help: Notable SEC Fines: 1. **Cetera Entities (2021)**: Fined for inadequate policies leading to PII exposure of thousands of clients. 2. **Cambridge Investment Research (2021)**: Penalized for delayed security measures, resulting in PII exposure. 3. **KMS Financial Services (2021)**: Fined for insufficient security practices, exposing nearly 5,000 clients' data. 4. **First American Financial Corporation (2021)**: Fined $487,616 for inadequate cybersecurity disclosure controls. 5. **Multiple Investment Advisers (2022)**: Collectively fined over $1 million for Custody Rule and Form ADV disclosure failures. Best Practices: 1. PII Discovery and Cataloging: - Action: Use automated tools to locate and catalog PII. Maintain an updated data map. - AI Solution: Kovair Omnibus automates PII discovery and data cataloging. 2. Cyber Policy Disclosure: - Action: Develop clear cybersecurity policies and ensure timely updates and disclosures, including ADV-C. - AI Solution: Avery AI streamlines policy updates, ensures compliance, and manages ADV-C filings. 3. Incident Management: - Action: Implement a robust incident response plan for timely detection, logging, and management of breaches. - AI Solution: Avery AI enhances incident detection, management, and response. 4. Vendor Due Diligence: - Action: Conduct thorough assessments and continuous monitoring of vendors. - AI Solution: Fusion1 automates vendor management for ongoing compliance. 5. Stress Testing: - Action: Perform regular simulated attacks and improve measures based on findings. - AI Solution: Avery AI helps orchestrate stress tests and analyze outcomes. 6. Compliance Workflows: - Action: Ensure efficient logging and management of incidents, vendor due diligence, and adherence to codes of ethics. - AI Solution: Fusion1 provides smart compliance workflows for incident logging, vendor management, and other code of ethics disclosures. By leveraging AI tools like Avery AI, Kovair Omnibus, and Fusion1, financial advisors can enhance their cybersecurity practices, protect client data, stay compliant, and avoid costly fines. ***For more details, refer to the SEC press releases and related articles. #Cybersecurity #Compliance #PII #IncidentManagement #VendorDueDiligence #StressTesting #FinancialServices #DataSecurity #RiskManagement #AI
12
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore MoreOthers named Joel D. in United States
-
Joel D
Chief Technology Officer at ALFF Construction
Omaha, NE -
Joel Soler, Ph.D., SHRM-CP
Senior Manager - Lilly Research Laboratories Campus Recruiting at Eli Lilly and Company
Greater Indianapolis -
Joel Rakow, Ed.D.
Canadian, TX -
Joel Sadler, Ph.D.
San Francisco Bay Area -
Joel Fullerton
Assistant Chief of the Eden Rescue Squad
United States
215 others named Joel D. in United States are on LinkedIn
See others named Joel D.