Why would anyone reject win-win? Because honestly, it never turns out to be win-win. That’s just a cliche for one party to compromise in order to to come to an agreement. Turns out that by rejecting win-win you open the doors for so much more opportunity to be successful. And anyone who has read Jim …
If you’re understaffed, overcompensate with automation Efficient – Usain Bolt in the 100m dash. Effective – John Elway famously in “The Drive” against the Cleveland Browns. How do you put those two elements together and make your security team unbeatable? You start by building processes, not unlike the quarterback’s playbook. On any given play, all …
The process isn’t broken, it likely doesn’t exist Read More »
We’ve all felt it before. We’re in the middle of a presentation and we can see the audience looks bored. Or we read the terse response to an email we just sent. We all struggle at times getting our point across effectively and respectfully. But I have found that if you just follow these 3 steps, you’ll be a lot more effective at communicating, whether in oral or written form.
It’s time to break down the silos and build strategy and process as a unified team Interested in learning more? Click here to join our membership site wait list. IT strategic plan – aligned with the business and coordinated with security Most organizations maintain an annual strategic plan that aligns IT strategy with the overall …
Why is security still being left out of the discussion? Read More »
Like many, I get pulled in many directions yet I have to stay current on a variety of subjects. And let’s face it, that’s really hard to do. Especially when we have to shift focus from varying topics like going from an SDL design project to teaching a technical writing course. For better or worse, …
Newcomers to security, how do we give you the foundations you need? Read More »
With the numerous security blogs and news outlets (probably too many) not to mention paid threat feeds you can subscribe to, how do you stay on top of relevant security news and for that matter, threat intelligence?
A talk given at RSA this week by Avast’s EVP, GM and CTO Ondrej Vlcek about the attack and corruption of CCleaner had an interesting twist when the speaker noted that the most important lesson coming out of the episode wasn’t about the incident itself, or even the TTPs the attackers used. “A big lesson …
Why aren’t more companies focused on M&A cyber due diligence? Read More »
I’ve heard this question now several times, “What do you mean build a security assessment program? Do you mean build a security program?” My answer is consistently “no”. Your assessment program should be part of your overall security program, but they are separate (albeit related) initiatives. So what is a security assessment program? Think of …
Part of the rhetoric between the US and China involves the challenge US companies face when doing business in China. This is especially true for companies with technology that is their own Intellectual Property (IP). There have been many documented cases of US companies claiming that while doing business in China that they experienced a …
It’s that time of year when the Verizon Data Breach Investigations Report (DBIR) comes out. FireEye also just released their 2018 MTrends report and CrowdStrike released their Global Threat Report in late February of this year. Even though the Verizon report tends to garner the most press, I find it the least useful of the …
