Every company has valuable assets vulnerable to hackers. The size or stage of the company doesn't matter. All companies bear some degree of cybersecurity risk. Implementing a documented security program should be as foundational a task as devising your business model. Yet too many small compani...

Because of their size, small companies are especially vulnerable to cyber-attacks. Bad actors looking for quick wins are playing the odds that a small company has lax cybersecurity. That should be reason enough to start taking a closer look at the policies you have in place. But, if it’s not, cons...

The growing number of security standards out there, each with their own acronyms and jargon, can seem overwhelming—but they don't have to be. We want to help provide some clarity. Here's an overview of five of the most common security standards. ISO 27001 NIST SP 800-171 and NIST SP 800-53 NIST Cy...

Do you have a customer that is asking you to fill out a security questionnaire as part of their "due diligence" process?  Does it make you nervous to start answering questions that aren't worded clearly or fall outside of your primary domain?   This post covers some of the basics for ...

We often talk with companies that are thinking about hiring an FTE to help them with security. This post covers some of our thoughts and experiences in this area. As with many areas of security, there is no one size fits all approach that works here, but there are some pitfalls and ways to make [&he...

When we implement security programs, we often advise clients to build an inventory of their applications. There are a lot of things we can do when we know what our inventory is. We can do this right in the available tools developers are already using. This post covers one way to do this. APP INVENTO...

In the latest video of our Security Culture series, we talk about software dependencies. You can also listen in on our podcast. THE BASIC PROBLEM When we build software, we use lots of libraries that we didn’t write. They could be open source, they could be commercial, the...

In light of Coronavirus / Covid-19 and in particular, the key CDC recommendation that we implement social distancing (work from home), we wanted to try to write a helpful post about how to stay secure as a remote employee. Jemurai has always been remote-friendly, with e...

Over the past two months, we've been hearing a lot of buzz about CMMC, both with active customers and security partners. In this post, we will talk about our initial high-level reaction to the significant new standard. WHAT IS CMMC The Cybersecurity Maturity Model Certification is a n...

Lately, we've been asked, "Why securityprogram.io?". Below lays out some of the thought process around why we decided to build securityprogram.io.  THE USE CASE We often run into smaller companies, many of them tech startups that we meet through our developer networks, that want to do a better ...