Ed Moyle

Director of Thought Leadership and Research

ISACA


Evaluating the Container Security Marketplace

Posted on: 07 Jun 2016

It has been just over three years since initial release of Docker (1.0 was released in March 2013) and adoption rates are striking – or potentially alarming depending on your organization’s level of readiness. Recent research from Datadog for example, found that among the over 7,000 organizations they tracked, approximately 2/3 of those that evaluated container…

PCI DSS 3.2: What it Means to You

Posted on: 03 May 2016

If you’re a merchant, service provider, or anyone else who stores/processes/transmits cardholder information (i.e. anyone with the PCI DSS in scope), you probably don’t need me to tell you that we now have a new version of the DSS — revision 3.2 — that just came out at the end of April. It’s new, it’s…

5 Security Gains During Holiday Downtime

Posted on: 16 Dec 2015

It’s the end of the year, which means that the holidays are nigh upon us.  For those of us in security, it’s a time of heightened vigilance.  We know from experience that the holidays bring with them an influx of malware (both targeted and untargeted) and a barrage of fraudsters who seek to capitalize on…

Governance 3.0: Destructive vs. Constructive Technology Adoption

Posted on: 09 Nov 2015

Have you ever heard of “destructive interference?”  In physics, this is the principle that describes the interaction of two waves in exact opposite phase. What happens when two waves are in exact opposite phase and they interact? They cancel each other out.  This is how noise cancelling headphones work; the headphones generate a “noise” that…

Risk Management: Accounting for Disruptive Security Change

Posted on: 30 Sep 2015

We don’t really think about it this way most of the time, but disruption can happen in security just like any other activity in an enterprise.  By this I mean, changes in the way that business areas use technology, changes in the “technology substrate” itself (i.e. those technologies like shared services and infrastructure that enable…

Security Talent Management: Leveraging The “Cool”

Posted on: 29 Jul 2015

I happened to watch the movie “The Duff” recently. If you haven’t seen it, it’s a 2015 teenage comedy film with a plot along the lines of “The Breakfast Club” meets “Mean Girls.” What struck me about this movie (and the reason I’m alluding to it now) was the fact that one of the main…

3 Steps You Can Take to Prep Your Security Program for Docker

Posted on: 25 May 2015

As many security professionals may already know, Docker has the potential to have a significant impact on an enterprise.  Among numerous potential advantages, it can increase data center allocation density, the speed of development, it can enable new deployment models for cloud, and increase the efficiency of technical operations. From a security point of view, it…

Analyzing InfoSec Opportunity Costs

Posted on: 21 Apr 2015

There are a number of lessons that we in security can learn from the world of economics.  This isn’t an original observation on my part: in fact, there are a number of fantastic resources out there devoted to exactly that area of inquiry.  Using economics as a tool to evaluate features of a security program…

The DHS SWAMP: What It Is and What It Means for Practitioners

Posted on: 19 Feb 2015

I know it might sound sort of corny but whenever I think of the Department of Homeland Security (DHS) “SWAMP” program (the Software Assurance Marketplace) my mind immediately goes to The Empire Strikes Back. You probably know the part I mean.  When Luke lands on the swamp planet of Dagobah to receive his training from Yoda. What…

Planning Security: 3 Things to Look for in 2015

Posted on: 19 Jan 2015

Well, the New Year is upon us. Which for most of us means a few things: taking stock of the year that’s just passed, deciding what we can do better in the year to come, and putting aside holiday festivities to get back to the daily routine. It also means thinking about the coming year and…