The process isn’t broken, it likely doesn’t exist

If you’re understaffed, overcompensate with automation Efficient – Usain Bolt in the 100m dash. Effective – John Elway famously in “The Drive” against the Cleveland Browns. How do you put those two elements together and make your security team unbeatable? You start by building processes, not unlike the quarterback’s playbook. On any given play, all …

The process isn’t broken, it likely doesn’t exist Read More »

We’re technology people, but we can still learn to communicate better

We’ve all felt it before. We’re in the middle of a presentation and we can see the audience looks bored. Or we read the terse response to an email we just sent. We all struggle at times getting our point across effectively and respectfully. But I have found that if you just follow these 3 steps, you’ll be a lot more effective at communicating, whether in oral or written form.

Why is security still being left out of the discussion?

It’s time to break down the silos and build strategy and process as a unified team Interested in learning more? Click here to join our membership site wait list. IT strategic plan – aligned with the business and coordinated with security Most organizations maintain an annual strategic plan that aligns IT strategy with the overall …

Why is security still being left out of the discussion? Read More »

Newcomers to security, how do we give you the foundations you need?

Like many, I get pulled in many directions yet I have to stay current on a variety of subjects. And let’s face it, that’s really hard to do. Especially when we have to shift focus from varying topics like going from an SDL design project to teaching a technical writing course. For better or worse, …

Newcomers to security, how do we give you the foundations you need? Read More »

Why aren’t more companies focused on M&A cyber due diligence?

A talk given at RSA this week by Avast’s EVP, GM and CTO Ondrej Vlcek  about the attack and corruption of CCleaner had an interesting twist when the speaker noted that the most important lesson coming out of the episode wasn’t about the incident itself, or even the TTPs the attackers used. “A big lesson …

Why aren’t more companies focused on M&A cyber due diligence? Read More »

Building an assessment program

I’ve heard this question now several times, “What do you mean build a security assessment program? Do you mean build a security program?” My answer is consistently “no”. Your assessment program should be part of your overall security program, but they are separate (albeit related) initiatives. So what is a security assessment program? Think of …

Building an assessment program Read More »

Would a trade war benefit cyber defenses?

Part of the rhetoric between the US and China involves the challenge US companies face when doing business in China. This is especially true for companies with technology that is their own Intellectual Property (IP). There have been many documented cases of US companies claiming that while doing business in China that they experienced a …

Would a trade war benefit cyber defenses? Read More »

Season of sharing…breach investigation data

It’s that time of year when the Verizon Data Breach Investigations Report (DBIR) comes out. FireEye also just released their 2018 MTrends report and CrowdStrike released their Global Threat Report in late February of this year. Even though the Verizon report tends to garner the most press, I find it the least useful of the …

Season of sharing…breach investigation data Read More »