Articles By Brian Rutledge

Brian Rutledge

Principal Security Manager

Brian Rutledge is a Certified Information Systems Security Professional (CISSP) in the cybersecurity industry for more than 20 years. He’s currently the security and compliance engineer at Spanning driving all audit compliance initiatives and managing the company's overall security posture. Previously, Brian was a PCI DSS Qualified Security Assessor (QSA) for Trustwave Holdings working with small business, banking, and enterprise clients to help them become Payment Card Industry compliant. Brian has worked in the telecom industry for notable companies like Verizon and MCI maintaining the Windows server infrastructure and driving vulnerability management programs. Brian has also worked as a navigation electronics technician aboard a US Navy submarine.

Cross-Site Scripting (XSS) — Web-based Application Security, Part 3

Cross-site scripting (XSS) is a technique in which malicious scripts are stored on and unknowingly retrieved from trusted websites by unsuspecting victims. Learn how to safeguard against this threat to your sensitive data.


READ MORE >


Emotet: The Banking Trojan — Malware of the Month, May 2019

Emotet — a banking trojan malware program that the Center for Internet Security (CIS) calls one of the “most costly and destructive malware” — is Spanning’s first spotlight in a new series titled “Malware of the Month.” Every month, Spanning will take a closer look at a new or existing malware that is making recent headlines. Emotet gets the honor for May 2019.


READ MORE >


The Year of GDPR

The EU General Data Protection Regulation (GDPR) came into effect on May 25, 2018. With nearly a year under its belt, Spanning takes a look at the major penalties & overall repercussions of GDPR and examines what we can learn from them.


READ MORE >


Cross-Site Forgery — Web-based Application Security, Part 2

Cross-site forgery (CSRF) is a malicious technique designed to take advantage of unsuspecting users who are actively logged into web applications. Learn more about this threat to your data and how to safeguard against it.


READ MORE >


Open Redirection Vulnerability — Web-based Application Security, Part 1

Understanding open redirection vulnerabilities is key to detecting them and protecting your organization’s data. Without proper validation, attackers can redirect victims from trusted to malicious sites, or use forwards to access unauthorized pages.


READ MORE >


[Infographic] Employees are Cyber Secure in Theory, But Not in Practice

Cybersecurity is a top priority for organizations. All it takes to infect a network or steal valuable data, is one wrong click by an employee. While employees seem to have good knowledge of basic cybersecurity practices, there are considerable security blind spots which leave the employee and organization vulnerable to breaches. Spanning helps to identify red flags and vulnerabilities in security awareness training for employees.


READ MORE >


Spear-Phishing: The Smart Malware

“Spear-phishing” is a smart phishing mechanism that is an increasingly popular and virulent malware vector. Understand its devastating effect on organizations worldwide and get pointers to safeguard your organization against it.


READ MORE >


Business Continuity and Disaster Recovery: Your Organization’s Safety Plan

From hurricanes, errant employees, malware to even a rodent with an appetite for cables — the likelihood of an organization suffering data loss has never been greater. An organization’s best defense is to plan for business continuity and disaster recovery by using processes that guide organizations to possibly prevent and/or better manage an (unpredictable) disruptive event.


READ MORE >


Gone Phishing: Everything You Need to Know About the Ever Present Threat to Your Data

Phishing is a critical security issue that can trick even the most diligent, security-minded users. How do you protect your organization from being another phish in the sea? Let’s start by understanding how phishing works and then move on to practical pointers to avoiding biting the bait.


READ MORE >


How Are You Celebrating National Security Awareness Month?

This October is the 15th annual National Cybersecurity Awareness Month (NCSAM), an initiative to raise awareness about the importance of cybersecurity that grows stronger by the year in significance and scope. This is no surprise given that breaches and malware attacks are getting more frequent, and they don’t discriminate against industry. A cross-section of companies from government, healthcare, finance and retail to nonprofits, car-sharing, and even the Port of San Diego have faced ransomware attacks.


READ MORE >