security concepts courses for software developers and architects

Have you ever shown software developers the OWASP Top 10 (security vulnerabilities)? Their eyes just glaze over and they stop paying attention. So I started thinking about better ways to teach about security defects in code. Truth is, we still have to go through the common vulnerability types. But showing how they’ve been used in …

security concepts courses for software developers and architects Read More »

what? building a notifications list on the fly…my mind is in a TASE

It all started after chatting with a colleague the other day… He started telling me about a Tabletop Attack Scenario Exercise (TASE) that he sat through with a health care company. They were going through a mock scenario of a PHI breach. And at one point, the security director asked the procurement team to give …

what? building a notifications list on the fly…my mind is in a TASE Read More »

what if Apollo 13 was managed by the average security team?

What saved the three Apollo 13 astronauts from utter disaster? Keep in mind that 4 days into their mission in April 1970, they suffered an explosion from an oxygen tank causing severe damage to the service module. Besides for divine providence, what saved them comes down to three factors: All 3 astronauts were well trained …

what if Apollo 13 was managed by the average security team? Read More »

it’s not luck

I’ve learned a lot by coaching my son’s youth soccer team. At the beginning of last season, his team had several boys ranging from ok to pretty good players. The only problem was they wouldn’t work together. They’d all either stand around and watch whenever they didn’t have the ball, or they would form a …

it’s not luck Read More »

are you ready to go Undercover Boss?

This can be one of those polarizing subjects (at least for security people) – cyber threat intelligence. Security people tend to either love the idea of collecting threat intelligence or they don’t see any value in spending time and money on it. But let’s start by defining it. Most times, cyber threat intelligence is packaged …

are you ready to go Undercover Boss? Read More »

36 year old accountant takes the ice as Chicago Blackhawks’ backup goalie

In March 2018, one of those unusual (but not as rare as you might think) occurrences happened. The Blackhawks’ starting goalie was a late scratch for the game, and the backup goalie was injured halfway through the third period. That meant the Blackhawks had to activate an emergency goalie for the last 14 minutes of …

36 year old accountant takes the ice as Chicago Blackhawks’ backup goalie Read More »

I never want to go through that again, and that’s why I don’t work there anymore

A few years back I was running a tabletop exercise at the office of a regional banking client. We had around 50 executives there including the C-suite. As we brought the exercise to a close, the bank CEO asked anyone on his team to share a story of living through a real data breach. One …

I never want to go through that again, and that’s why I don’t work there anymore Read More »