Using Metrics to Improve Your Security Program
So…you are responsible for the computer security of your organization. You probably have many great ideas on how to do this. You start looking around for products and services to…
Details
Demote the CISO
For the third straight year, Drs. Daniel Solove and Paul Schwartz held their Privacy and Security Forum at George Washington University Law School. For the third straight year I attended…
Details
Four Ways to Improve the Security of Blockchain
Blockchain has the potential to be one of the most disruptive technologies since the invention of the Internet. There is an entire class of problems with distributed reconciliation of data…
Details
McAfee Acquisition of Skyhigh Networks Confirms CASB Market Predictions
As business functions move to the cloud, it’s imperative to retain visibility into who is connecting to cloud applications, what they are doing, and what devices they are using to…
Details
Advice for Aspiring CISOs
There are many skilled and intelligent people who aspire to become a Chief Information Security Officer (CISO). I have some career advice for them: Don’t aspire to be a CISO.…
Details
What Is at the Center?
I have gone back and forth for a long time. Should security be risk-centric or data-centric. Outside of security professionals, you sometimes meet people who believe security should be compliance-centric…
Details
Patch Yours
CISO Security professionals feel no great joy in being right about patching. The past two months have been a period of “I told you so” moments for anyone who has…
Details
Blockchain Adoption and the Cybersecurity Practitioners Dilemma
“We drive into the future looking into our rear view mirrors” Marshall McLuhan (The views expressed in this article are entirely my own do not reflect the position of my employer…
Details
Security Metrics Can Make or Break a Security Program; How to Present to the Board
CISOs are often in a situation where the CEO or a Board member asks them, “Just how secure are we?” Or “Are we secure enough?” These questions sound simple, but…
Details
Marketing Information Security at Tractor Supply
To Michael Mangold, the CISO of rural lifestyle retailer Tractor Supply Company, located outside Nashville, Tennessee, the most important skills for a CISO are not only technical. While his background…
DetailsThe Map of Cybersecurity Domains
Recently, I posted a picture of a mind-map that I created just called “The Map of Cybersecurity Domains (v1.0).” The map was put together as a way to clear my head…
DetailsIs Your Next Security Failure One Fat Finger Away?
The first week of March in 2017 will be remembered as the time that AWS (Amazon Web Services) failed. The actual failure was in the Amazon Simple Storage Service (S3), but…
Details