So…you are responsible for the computer security of your organization. You probably have many great ideas on how to do this. You start looking around for products and services to implement those plans of yours and figure out quickly there are no commercial solutions that fit into your budget. Now what do you do? Enter…
Details
For the third straight year, Drs. Daniel Solove and Paul Schwartz held their Privacy and Security Forum at George Washington University Law School. For the third straight year I attended and presented. This year’s forum was the biggest ever and like the previous years, was packed with different sessions on issues ranging from GDPR to…
Details
Blockchain has the potential to be one of the most disruptive technologies since the invention of the Internet. There is an entire class of problems with distributed reconciliation of data entries that this can potentially solve. The creators of Blockchain saw past its initial usage for cryptocurrency implementation toward a future where many distributed applications…
Details
As business functions move to the cloud, it’s imperative to retain visibility into who is connecting to cloud applications, what they are doing, and what devices they are using to connect. This is where Cloud Access Security Brokers (CASBs) come into play. CASB solutions help manage risk by providing the visibility, and in some cases,…
Details
There are many skilled and intelligent people who aspire to become a Chief Information Security Officer (CISO). I have some career advice for them: Don’t aspire to be a CISO. Instead, seek to be the best professional at each step in your career. Those of us who do become CISOs do so because we have a…
Details
I have gone back and forth for a long time. Should security be risk-centric or data-centric. Outside of security professionals, you sometimes meet people who believe security should be compliance-centric and others who believe security should be audit-centric (which is a type of compliance-centrism). Certainly there used to be network-centric views of security but they…
Details
CISO Security professionals feel no great joy in being right about patching. The past two months have been a period of “I told you so” moments for anyone who has ever had to have the conversation with a sys admin about the importance of patching. It’s been a long time for me but the memory…
Details
“We drive into the future looking into our rear view mirrors” Marshall McLuhan (The views expressed in this article are entirely my own do not reflect the position of my employer the Federal Reserve Bank of Richmond, the Federal Reserve Board of Governors, or the Federal Reserve System as a whole.) Notably absent from the dearth…
Details
CISOs are often in a situation where the CEO or a Board member asks them, “Just how secure are we?” Or “Are we secure enough?” These questions sound simple, but are quite difficult to answer accurately. The quick answer to the question would be, “We are more secure today than we were before and are…
Details
To Michael Mangold, the CISO of rural lifestyle retailer Tractor Supply Company, located outside Nashville, Tennessee, the most important skills for a CISO are not only technical. While his background includes technical qualifications and certifications, and the ability to evaluate new and emerging technologies and risks, Mangold also relies on his background and training in…
DetailsRecently, I posted a picture of a mind-map that I created just called “The Map of Cybersecurity Domains (v1.0).” The map was put together as a way to clear my head by fully immersing myself in the world of cybersecurity day-in and day-out for the past few years, and constant reminder that just how complex and…
DetailsThe first week of March in 2017 will be remembered as the time that AWS (Amazon Web Services) failed. The actual failure was in the Amazon Simple Storage Service (S3), but to the world in general, if your stuff was running in the Amazon cloud, it was not working. Amazon provided a very complete write up…
Details