Evaluating the Container Security Marketplace
Posted on: 07 Jun 2016
It has been just over three years since initial release of Docker (1.0 was released in March 2013) and adoption rates are striking – or potentially alarming depending on your organization’s…
PCI DSS 3.2: What it Means to You
Posted on: 03 May 2016
If you’re a merchant, service provider, or anyone else who stores/processes/transmits cardholder information (i.e. anyone with the PCI DSS in scope), you probably don’t need me to tell you that…
5 Security Gains During Holiday Downtime
Posted on: 16 Dec 2015
It’s the end of the year, which means that the holidays are nigh upon us. For those of us in security, it’s a time of heightened vigilance. We know from…
Governance 3.0: Destructive vs. Constructive Technology Adoption
Posted on: 09 Nov 2015
Have you ever heard of “destructive interference?” In physics, this is the principle that describes the interaction of two waves in exact opposite phase. What happens when two waves are…
Risk Management: Accounting for Disruptive Security Change
Posted on: 30 Sep 2015
We don’t really think about it this way most of the time, but disruption can happen in security just like any other activity in an enterprise. By this I mean,…
Security Talent Management: Leveraging The “Cool”
Posted on: 29 Jul 2015
I happened to watch the movie “The Duff” recently. If you haven’t seen it, it’s a 2015 teenage comedy film with a plot along the lines of “The Breakfast Club”…
3 Steps You Can Take to Prep Your Security Program for Docker
Posted on: 25 May 2015
As many security professionals may already know, Docker has the potential to have a significant impact on an enterprise. Among numerous potential advantages, it can increase data center allocation density, the…
Analyzing InfoSec Opportunity Costs
Posted on: 21 Apr 2015
There are a number of lessons that we in security can learn from the world of economics. This isn’t an original observation on my part: in fact, there are a…
The DHS SWAMP: What It Is and What It Means for Practitioners
Posted on: 19 Feb 2015
I know it might sound sort of corny but whenever I think of the Department of Homeland Security (DHS) “SWAMP” program (the Software Assurance Marketplace) my mind immediately goes to The Empire…
Planning Security: 3 Things to Look for in 2015
Posted on: 19 Jan 2015
Well, the New Year is upon us. Which for most of us means a few things: taking stock of the year that’s just passed, deciding what we can do better…