Skip to content

Cybersecurity Insights with Contrast CISO David Lindner | 9/29

    
Cybersecurity Insights with Contrast CISO David Lindner | 9/29

Insight #1

For years — since 2018 — the National Institute of Standards and Technology (NIST) has said that password length trumps password complexity requirements. Now LastPass is forcing users into choosing a longer password. This is a brilliant move. More companies should force long passwords (12 characters or more) by default.

Insight #2

For those of you struggling with supply chain security, I urge you to look at SLSA — a set of incrementally adoptable guidelines for supply chain security — to help you understand not only the breadth of the issues but how to pragmatically attack the problem at your organization.

Insight #3

A new impersonation attack is hitting GitHub: Pull requests and commits are being disguised as Dependabot, a tool that helps you update your dependencies on GitHub. Users may tend to blindly trust and approve the requests, which end up stealing secrets and passwords. It’s just another reminder to pay close attention to any new requests to commit to your managed codebases.
David Lindner, Chief Information Security Officer

David Lindner, Chief Information Security Officer

David is an experienced application security professional with over 20 years in cybersecurity. In addition to serving as the chief information security officer, David leads the Contrast Labs team that is focused on analyzing threat intelligence to help enterprise clients develop more proactive approaches to their application security programs. Throughout his career, David has worked within multiple disciplines in the security field—from application development, to network architecture design and support, to IT security and consulting, to security training, to application security. Over the past decade, David has specialized in all things related to mobile applications and securing them. He has worked with many clients across industry sectors, including financial, government, automobile, healthcare, and retail. David is an active participant in numerous bug bounty programs.