Handing Back Responsibility for Security
There is a great lesson that unfolded at one of my customer’s sites during an audit. It is a great story to tell, but more importantly, it lets me illustrate that as Security Professionals, we need to...
View ArticleSophisticated Analysis of Risk Management is Critical…don’t do Sophisticated...
There is a wonderful discussion occurring in SIRA (Society of Information Risk Analysts) these days. I missed the beginning of this group, and I regret it, because the messages coming out of the...
View ArticleMy Take Away Moment from BSidesSF
I won’t attempt to rehash the conference, except to say, if you have a chance to attend a BSides event, do so in great haste. Despite being free, they are worth every penny you could invest in visiting...
View ArticleMentoring Outside the Echo Chamber
I have been incensed by certain “pundit” activities through a recent encounter that unfortunately mirrors the frustration I felt 20 years ago as a result of the actions of certain academics where I...
View ArticleDo you have SOCD? (Security Obsessive Compulsive Disorder)
Are you SOCD? You have it if: You feel the constant need to force drastic security measures. You say: “This company really needs to revise all the (SOX) controls. There’s absolutely no reason to have...
View Article#SecBiz or The Better Answer to Martin’s Question
I had the good fortune of a long drive (12 hours to be exact) which allowed me time to catch up on four months of backlogged Martin McKeay’s Network Security Podcasts. My fortune improved when I...
View ArticleBSides San Francisco Presentation
So I did a little talk at BSides San Francisco 2012. Its a pre-quel to my book “So You Want to Be the CSO…” The talk was recorded so you can view it at your leisure. Just pity the poor guy in the...
View ArticleAccuracy vs. Precision – My Risk Epiphany
Did you ever have a moment where a concept you have never been able to figure out or understand suddenly clicks in your head? I had long struggled to understand a key element of Risk Management – how...
View ArticleThe Quantum Vulnerability Tunneling Effect
I know I had promised to talk about how to implement a risk management program in your small organization, but bear with me for a blog (or two). Given that my brain has been wrapping itself carefully...
View ArticleClik here to view.
Loving the John In All of Us
I found myself in one of my least favorite moments a few weeks ago. I was having a discussion about the build out of a new environment. Someone brought up the subject of how people should access the...
View Article
