I’ve heard this question now several times, “What do you mean build a security assessment program? Do you mean build a security program?” My answer is consistently “no”. Your assessment program should be part of your overall security program, but they are separate (albeit related) initiatives. So what is a security assessment program? Think of …
Some of the biggest challenges that face security teams today are Identity and Access Management (including Privileged Access Management) and Application Security. Too often, these initiatives get mired in the details and complexity and never end up getting completed. Systems administrators and application teams cringe at the thought of touching their Service Accounts. And you …
Knowing that there is a dearth of experienced cyber security engineers, analysts and practitioners to recruit and hire, many organizations are choosing to transfer and promote from within and hire less experienced folks that show great potential to grow in to the role. This is a strategy that has payed off for many, but in …
One of my focus areas is communicating cyber risk in business terms that business leaders can understand and operationalize. We at GCG are effective at this because we provide the data points and inputs business leaders need to evaluate investment and mitigation strategies as they relate to cyber security. At the end of the day, …
