惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

A
About on SuperTechFans
Cloudbric
Cloudbric
C
CERT Recently Published Vulnerability Notes
G
GRAHAM CLULEY
V
Vulnerabilities – Threatpost
C
Cisco Blogs
T
Tenable Blog
P
Privacy International News Feed
T
The Exploit Database - CXSecurity.com
I
Intezer
AWS News Blog
AWS News Blog
IT之家
IT之家
博客园 - 司徒正美
C
Cybersecurity and Infrastructure Security Agency CISA
博客园 - 【当耐特】
The Hacker News
The Hacker News
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Spread Privacy
Spread Privacy
S
SegmentFault 最新的问题
博客园 - Franky
人人都是产品经理
人人都是产品经理
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
V
Visual Studio Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
H
Hacker News: Front Page
Latest news
Latest news
Scott Helme
Scott Helme
腾讯CDC
宝玉的分享
宝玉的分享
大猫的无限游戏
大猫的无限游戏
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
A
Arctic Wolf
S
Securelist
雷峰网
雷峰网
The GitHub Blog
The GitHub Blog
Project Zero
Project Zero
Google DeepMind News
Google DeepMind News
P
Palo Alto Networks Blog
F
Fortinet All Blogs
Schneier on Security
Schneier on Security
云风的 BLOG
云风的 BLOG
Security Archives - TechRepublic
Security Archives - TechRepublic
The Last Watchdog
The Last Watchdog
WordPress大学
WordPress大学
MongoDB | Blog
MongoDB | Blog
L
LINUX DO - 最新话题
S
Schneier on Security
NISL@THU
NISL@THU
Jina AI
Jina AI
M
MIT News - Artificial intelligence

Okta Security RSS Feed

OpenSSL HollowByte: A DoS Hiding in 11 Bytes Datadog and Okta Combine for New Customer Detections Detecting OpenClaw at Sign-In Okta Hardening Guide Updated to Secure Non-Human Identities Okta Pooled Security Audits: a One-Year Retrospective Account Recovery, without Password Resets Okta’s Response to React2Shell Uncloaking VoidProxy: a Novel and Evasive Phishing-as-a-Service Framework Attackers Target Hotelier Accounts in Malvertising and Phishing Campaign Using Auth0 Logs for Proactive Threat Detection Controlling Cross-App Data Sprawl in Google Workspace How this ClickFix campaign leads to Redline Stealer Paving the Path: Pooled Audits with Okta Security Building Confidence in Support Comms with Caller Verify at Okta Enabling ISO/IEC 27001:2022 Compliance with Okta Okta’s Secure by Design Pledge - One Year On Leveraging Okta System Logs for Proactive Threat Detection Enhancing Customer Trust Through a Comprehensive Audit Program Okta's new Security Technical Implementation Guide (STIG) A Guide to DORA Compliance with Okta How AI services power the DPRK’s IT contracting scams Detect and Prevent Cross Device Authentication How Responsible Disclosures are Shaping a Safer Cyberspace Cybersecurity’s Next Gen Next.js CVE-2025-29927 CSO Conversations: Matthew Hansen, Regional CSO of Americas West Empowering Security with Customer Trust Solutions Putting Security First with Secure Development One trick finds the root of any Okta troubles CSO Conversations: Stephen McDermid, Regional CSO of EMEA Content-Security-Policy in a Complex Environment CSO Conversations: Keiko Itakura, Regional CSO of Japan How Okta Embraces Identity Verification Using Persona Raising the Bar for our Industry with IPSIE Cyber-Safety over the Holidays Okta Social Engineering Impersonation Report - Response and Recommendation Five Reasons to Upgrade your Org to Okta Identity Engine Okta’s Ongoing Commitment to Secure By Design Unveiling the Essence of the Security Customer Trust Function Security Education Through the Art of Storytelling Seven Ways to Reduce Super Admins in Okta The Case for Zero Standing Privileges FastPass: The battle-hardened authenticator Detecting Cross-Origin Authentication Credential Stuffing Attacks How to Block Anonymizing Services using Okta Why Cyber-heroes need a Zero Trust CAEP! Okta Verify Vulnerability Disclosure Report - Response and Remediation Defensive Domain Registration is a Mug’s Game Protecting Administrative Sessions in Okta How to Secure the SaaS Apps of the Future Okta October 2023 Security Incident Investigation Closure October Customer Support Security Incident - Update and Recommended Actions Unauthorized Access to Okta's Support Case Management System: Root Cause and Remediation Tracking Unauthorized Access to Okta's Support System Go “Secure by Default” With Custom Admin Roles for IT support staff Cross-Tenant Impersonation: Prevention and Detection BYO Telephony and the future of SMS at Okta Saying “No Thanks” to nOAuth Telling More Okta Detection Stories with Google Chronicle An Unexpected Endorsement for WebAuthn Social Engineering is Getting More Extreme, but the Fixes Can Be Simple Study up on Okta Logs for Splunk’s Boss of the SOC! Keeping Phishing Adversaries Out of the Middle Using Workflows to Respond to Anomalous Push Requests Okta and Splunk Combine to Detect Common Attacks Setting the Right Levels of Assurance for Zero Trust Catch-All's and Canary Rules User Sign-in and Recovery Events in the Okta System Log Okta Code Repositories Detecting Real-Time Phishing Attacks Detecting Real-Time Phishing Attacks Okta’s Response to OpenSSL Security Update Monitoring for Abuse of Administrative Privileges System Log: a Window into Supporting the Okta Cloud The Human Factor in Phishing Resistance Auth0 Code Repository Archives From 2020 and Earlier Phishing Resistance and Why it Matters Detecting Scatter Swine: Insights into a Relentless Phishing Campaign Defending against Session Hijacking Unlocking the Mystery of 700+ Okta System Log Events Official Okta Statement on LAPSUS$ Claims Protection, without perimeters We (still) need to talk about RDP Just How Risky is Legacy Authentication?
CSO Conversations: Matt Immler, Regional CSO of Americas East
Matt Immler · 2025-01-22 · via Okta Security RSS Feed

CSO Conversations is a blog series interviewing Okta’s Regional CSOs supporting David Bradbury, Okta’s Chief Security Officer in providing the best service for our customers. Okta’s Regional CSOs are integral to Okta’s Security Trust and Culture team, building and strengthening trusted advisor relationships with global security thought leadership.

What motivated your career pursuit in cybersecurity?

I originally got my degree in Computer Science and went to work straight out of college at the US DoD. In that world, security is at the forefront of all projects and quickly became more interesting to me than the actual coding I was doing at the time.

How has your previous experience shaped your approach to cybersecurity today?

During my time in government, I worked on both offensive and defensive security teams. Having a chance to work on both sides of the aisle gave me a unique perspective from both the attacker and defender’s point of view. This allows me to look at a particular defensive technique and draw upon my own experience in the offensive role to determine if and how I could circumvent the control.

Are there any existing or emerging threats of particular interest to you?

Modern platforms are providing us with more and more capabilities, and along with that a wealth of settings with near limitless potential for misconfiguration. Many security issues I have encountered in the past have not necessarily been the result of the actual software or platform, but the way in which it is configured. I see the need for a balance in providing the greatest level of freedom to the user, while ensuring the appropriate guardrails are in place to balance risk.

What trends are you seeing in cybersecurity relating to your region?

The cybersecurity conversation is expanding from what we would conventionally think of being part of that field. The overall resilience of the system is coming up more often in the security context of the conversation than in previous years. More focus is being given to the organization's ability to withstand, recover from, and adapt to security events, and not just merely to prevent them from occurring in the first place.

If you could provide a few short cybersecurity words of wisdom to Okta customers, what would they be?

Be sure to review and apply any published best practices. While core documentation will make sure you can get the job done, the best practice guides ensure that you’re using it the recommended way, which in Okta’s case, takes a security approach when determining those best practices. The identity landscape is evolving quickly with new capabilities entering the mainstream every year, but those changes take time and many older protocols or methods must be necessarily supported to bridge the gap for adoption. Just because an implementation works, doesn’t always mean it’s the most secure option available.

What is the most significant change you’ve seen in the cybersecurity industry in your career to-date?

I hate buzzwords, but this question is going to make me go down that road. I've avoided it until now, but we all know the answer: It starts with  ‘A’ and ends with ‘I’ – its new, full capabilities are not well understood, and it poses unknown threats that are testing the efficacy of existing defenses and prompting swift development of new mitigation strategies. I think a bulk of upcoming security initiatives are going to be heavily influenced by the new things we learn every day about AI and what it could be capable of doing, and at the very least will be a frustrating new addition to threat models everywhere. 

From your perspective, what is the impact of cybersecurity awareness in today’s organizations?

Cybersecurity awareness is a critical function in any organization, but has long needed to evolve from simply sending a quarterly mock phishing email and routine annual training to something more comprehensive. Anyone who has ever worked in this field knows that the same 10% of employees are going to click that phishing email every time, and if your numbers are that low, you’re lucky. Intelligent threat actors are going to craft quality phishing emails, and it only takes one click to be successful. Okta has heavily invested in our security awareness program in order to make it more frequent, interesting, and engaging to our employees, e.g., incentivising the identification and reporting of even the most minor security concerns to help employees feel like they are part of the program and not just being lectured. 

How do you employ Okta’s corporate values in your day to day?

Personally, in my role as a Regional CSO, I spend a lot of time with Okta’s customers, and am particularly fond of our “Love our Customers” value. Many companies are closed off when it comes to security, and there can be merit to this, because you never want to tip your hand or expose potential areas of weakness publicly before you’re ready. However, this does not mean security should be a black box. When there is information that should be made public, it is best to be loud and on the verge of oversharing. What good is releasing information to mitigate a vulnerability if you bury it deep in the release notes somewhere? When a security team is putting the time and effort into identifying risk and providing mitigations to customers, every effort should be made to be transparent. 

Oktane on the Road brings Oktane to those who couldn’t attend in Las Vegas, can you share some of your experiences?

Having done Oktane on the Road events in the past, I would say it brings tremendous value to our customers. Cost cutting and tight budgets are prevalent right now, and many times, the first thing to go is travel and conference money. The customers I have interacted with at these events are appreciative of the local engagement allowing them to hear about the latest and greatest from Okta and interact with Okta employees, while not having to break the bank on travel. 

In your opinion, what is the best part of your Regional CSO role?

Building relationships with our customers. I speak to our customers on a regular basis across the entire US. In my role, I am afforded the ability to have very transparent conversations on issues relevant to their security teams. Having this level of engagement with our customers throughout every industry lets me hear and understand the differences in the experiences and what threats each individual industry might be facing. Retail and Hospitality have different concerns than large banks and financial institutions, but I often find commonalities and am able to bring different perspectives to these conversations by being able to reference an experience or a solution from another industry that might not have been considered otherwise.

Matt Immler was recently featured at Oktane24 in Lessons learned from the Okta frontlines in addition to a live news desk session on Okta’s Secure Identity Commitment (OSIC). Matt also participated in a Fireside Chat on Security Outcomes Powered by Identity. 

Matt Immler is the Regional Chief Security Officer for Okta in the Eastern Americas, where he leverages his Identity expertise to drive customer success. Matt’s background includes Auth0 Security and Compliance, in addition to previous roles in information security, network operations and software engineering. His educational achievements include a Bachelor of Computer Science from the University of Maryland Baltimore County and a Masters in Information Technology Management from the University of Maryland Global Campus. In his downtime, Matt enjoys volunteering at a local theatre company in support of his kids.