Our Cybersecurity team ensures Target and our guests are protected 24/7 against cybercriminals and fraudsters. Every day our team of in-house experts analyze the latest threats, assess risk, engineer innovative solutions, and operate our Cyber Fusion Center around the clock to investigate and respond to potential attacks. As an industry-recognized leader in threat intelligence sharing, collaborative partnerships, and talent development, we take pride in seeing our impact extend well beyond Target to help create a safer future for all.

Graphic that says Strelka UI file submission with cartoon dog illustration.

Principal Engineer, Cyber Defense

This open-source tool conceived at Target plays a pivotal role in streamlining file analysis for enhanced threat detection. 

Visualizing File Analysis with the Strelka UI

Highlighted functionality for the Detect Hub platform

Strategies on how to manage rulesets to achieve a more confident security posture.

Boost Detection Confidence: Lessons from Target's Rule Management Strategy

photo of Target's Cyber Fusion Center entrance, with illuminated white letters mounted vertically to a black painted wall, and red striped carpet with a long hallway in the background

Distinguished Engineer, Cybersecurity

Lead Software Engineer

Director of Engineering, Cybersecurity 

Headshot of Joe Petroske, a white man with brown hair and blue eyes, wearing a white shirt

Cyber Threat Hunter

Status of current open source projects from Target's cybersecurity team.

Target's Cyber Fusion Center Highlights Open Source Projects

white text on a red background that reads "Friday Five, Tracy Favro, Lead Cyber Analyst" with a small image of Target mascot Bullseye the white bull terrier with a red Target bullseye around his eye

Target mascot Bullseye, a white bull terrier with a red Target logo painted around his eye, with a rolled up newspaper in his mouth

Editorial Team

Profile of Target Lead Cybersecurity Analyst Tracy Favro 

"Friday Five" Featuring Tracy Favro, Lead Cybersecurity Analyst

graphic describing the three ways in which cyber capabilities apply to ORC - research the adversary, prevent and detect attacks, and investigate and respond 

Target vice president of cybersecurity Jodie Kautt pictured in a white turtleneck sweater smiling with her hair down

Vice President, Cybersecurity

How Target's cyber team collaborates to combat fraud 

Applying Cyber Principles to Combatting Organized Retail Crime 

Target's patented EasySweep skimmer detection device, shown with a payment terminal that is safe to use, and one with a skimming device installed that puts guest data at risk

Target Principal Cybersecurity Analyst Terry Woodman, wearing a plaid button-down shirt and gray jacket, smiling against a white background

Principal Cybersecurity Analyst - Enterprise Incident Management

Target's patented EasySweep device protects guests' data from skimmers.

Target's EasySweep – Simplifying Skimmer Detection for All

Identity Management Day 2023 logo on the left with round fingerprint-like design behind the words, and headshot of Target Senior Director of Cyber Solutions Tom Sheffield who is pictured smiling wearing a blue button down shirt and gray blazer against a red couch, with red carpet and atrium in the background

Interview with Senior Director Tom Sheffield to explore what Identity Management means at Target.

Moving from "Or" to "And"

Target Cybersecurity Analyst Dat Dang, pictured smiling against a corporate conference room background, wearing eyeglasses, a button-down shirt, and navy blue blazer

Profile of Target Lead Cybersecurity Analyst Dat Dang

"Friday Five" -  Featuring Dat Dang, Lead Cybersecurity Analyst

status page screenshot from Gogs showing a Docker pipeline with a malicious config file called "evil.local:8080/payload"

Principal Analyst in Cyber Security

An actionable incident response playbook for your CI/CD pipeline.

CI/CD Pipeline Incident Response

light purple rectangle with five white circles in a horizontal line, each with a white icon inside. From left to right, icons include a sheet of paper with lines, a gear with tools against a browser window, a large white robot, a screen with circular arrows, and a check mark in a white circle

This post provides a solution for utilizing synthetic events for the purpose of validating signature integrity and functionality, with the goal of achieving continuous assurance of a system’s detection signatures.

Synthetics: Continuous Assurance of Detection Components

Senior Director, Cybersecurity

Lead Cybersecurity Analyst, Cyber Defense

How two Target cybersecurity team members reimagined their mentorship relationship and what they learned

Target tech x BUiLT: Technical Mentorship, Reimagined

Camp Cyber logo with a line drawing of a nighttime camping scene, and "Camp Cyber" written in letters that look like logs, next to headshot of Target CISO Rich Agostino

October is Cybersecurity Awareness Month, recognized annually in the United States since 2004 as an opportunity to educate people about steps they can take to enhance the security of their digital worlds.

Cybersecurity “State of the State” 

a series of five white icons in circles on a lavender background, from the far left icons picture a device that appears to have a variety of connections to it, an icon of a sheet of paper with lines on it, a cute dog icon with a space helmet, a sheet of paper with a magnifying glass above it, and an icon of a browser window

Strelka is a real-time, container-based, file scanning system used for threat hunting, threat detection, and incident response, built by our Target cybersecurity team.

Strelka: Real-Time Threat Hunting Scanner

screenshot of code snippet describing a payload wallet rule with Eric Brandel listed as author

We recently introduced Target’s cybersecurity tool “Merry Maker” and open sourced the framework to help others protect against digital skimming.

Behind the Scenes of Merry Maker

Target store team member pictured wearing a Santa hat with holiday decor shelves behind him. The team member is showing something on a device to a young girl with a light purple coat on, and she looks surprised and happy

Credit card skimmers are custom-made additions to payment devices (like ATMs or gas pumps) that criminals build and use to steal a consumer’s payment information.

Meet Merry Maker: How Target Protects Against Digital Skimming

Diagram of a Vulnerable Container scenario with the following text included: "For this scenario, an attacker sees a node that is vulnerable that they then leverage which gives them access to a container for further actions. The root cause could be the code in the repository has a vulnerability." Below this text is a diagram of a web application firewall. Below this is a thick blue line under which is written: "Analysis and Containment. The largest hurdle around containment is the timing it takes for everything to come together; for this scenario the items detailed below would all have to come together in order to achieve containment of what is known. Analysis and containment actions: A. Isolation of the impacted container(s), begin analysis of attacker actions to then take containment and remediation steps. This part is very important as you want to reduce further impact, know what happened, and what to address next. B. Identify attacker behavior, C. Deploy alerting and/or blocking mechanisms for identified attacker, D. Review of the code for the vulnerabilities, to then fix, E. Deploy fixed containers, F. Remediation of removal of remaining vulnerable container(s) without causing business impact.

When containers become unhealthy in production environments, a nuclear action is often the best option. When it comes to a security alert however, a different approach is needed.

Container Analysis and Containment

screenshot showing a screen of code representing "Execute Kafka-DB test" that was run 14 minutes ago and lasted for 2 minutes, 56 seconds. the code on the screen shows the initialization of the process and successful test process completing

Lead Engineer

Our team developed a service that reads from a Kafka topic, interacts with a Postgres database using basic CRUD operations, and calls APIs on an external service.

Using Drone for Automated Integration Testing

four Target engineers pictured in discussion sitting around an office conference room table, with laptops open

Lead Engineer, Cyber Solutions

Engineer, Security Testing Services

Director, Cybersecurity

During a recent penetration test, Target's Security Testing Services team found that Microsoft's SharePoint was vulnerable to a unique attack that, unlike typical cross-site scripting, could be exploited without any interaction from the victim user.

Cybersecurity

Recent blogs