Ed Moyle

Director of Thought Leadership and Research

ISACA


Analyzing the Security Management of Docker

Posted on: 26 Nov 2014

It’s the holiday season, which means that many of us are already in the process (or soon will be) of putting up holiday decorations.  Ordinarily that wouldn’t be particularly noteworthy — or applicable to InfoSec for that matter — but this season there’s a bit of a sea change underway that carries with it an…

Legacy Security Controls: Time to Pull the Plug?

Posted on: 23 Oct 2014

It’s a fact of life that most IT shops have, to one degree or another, a “security products graveyard” – i.e. security technology that’s past its prime, performing poorly, or that otherwise represents a drain on the security program. Note that by this, I’m not talking about technologies that have served their useful purpose and…

5 Strategies to Combat Shadow IT

Posted on: 11 Sep 2014

In today’s businesses, it seems like the technology landscape is changing ever more rapidly. For most firms, IT has become a veritable parade of transformative and disruptive technology: cloud, mobility, BYOD, Internet of Things – new technologies keep coming down the pike that call for new strategies, new technologies, and new processes to keep organizational…

Getting your AppSec program ready for DevOps

Posted on: 10 Jul 2014

You know the illustration The March of Progress?  The name itself might not ring a bell for everyone, but more than likely you’ve seen it: it’s the illustration showing human evolution from the earliest primate ancestors on the far left, throughout various phases of evolutionary development, to modern humans ultimately taking their place on the…

4 Warning Signs Your Pentester Isn’t “Getting It”

Posted on: 30 Apr 2014

When it comes to penetration testing, it’s a fact that many organizations will engage third party consultants to perform the service.  The reasons why this is so aren’t hard to understand: doing penetration testing well requires a specialized set of skills and tools, and keeping those resources and tools at an acceptable skill/performance level (to…

Dormant VM Images: A Sealed Box of Evil?

Posted on: 26 Mar 2014

Imagine for a moment a villain (or villains) trapped powerless for years. After being reanimated by an unsuspecting populace, the newly-released evil goes forth to wreak havoc until it’s only once again conquered through tremendous effort and sacrifice. Sound familiar?  It should.  What’s described above is a routinely-occurring fictional trope (often referred to as “Sealed Evil…