Four Ways to Improve the Security of Blockchain

Blockchain has the potential to be one of the most disruptive technologies since the invention of the Internet. There is an entire class of problems with distributed reconciliation of data entries that this can potentially solve. The creators of Blockchain saw past its initial usage for cryptocurrency implementation toward a future where many distributed applications…

Details

McAfee Acquisition of Skyhigh Networks Confirms CASB Market Predictions

As business functions move to the cloud, it’s imperative to retain visibility into who is connecting to cloud applications, what they are doing, and what devices they are using to connect. This is where Cloud Access Security Brokers (CASBs) come into play. CASB solutions help manage risk by providing the visibility, and in some cases,…

Details

Advice for Aspiring CISOs

There are many skilled and intelligent people who aspire to become a Chief Information Security Officer (CISO). I have some career advice for them: Don’t aspire to be a CISO. Instead, seek to be the best professional at each step in your career. Those of us who do become CISOs do so because we have a…

Details

What Is at the Center?

I have gone back and forth for a long time.  Should security be risk-centric or data-centric.  Outside of security professionals, you sometimes meet people who believe security should be compliance-centric and others who believe security should be audit-centric (which is a type of compliance-centrism). Certainly there used to be network-centric views of security but they…

Details

Patch Yours

CISO Security professionals feel no great joy in being right about patching.  The past two months have been a period of “I told you so” moments for anyone who has ever had to have the conversation with a sys  admin about the importance of patching. It’s been a long time for me but the memory…

Details

Security Metrics Can Make or Break a Security Program; How to Present to the Board

CISOs are often in a situation where the CEO or a Board member asks them, “Just how secure are we?” Or “Are we secure enough?” These questions sound simple, but are quite difficult to answer accurately. The quick answer to the question would be, “We are more secure today than we were before and are…

Details

Marketing Information Security at Tractor Supply

To Michael Mangold, the CISO of rural lifestyle retailer Tractor Supply Company, located outside Nashville, Tennessee, the most important skills for a CISO are not only technical. While his background includes technical qualifications and certifications, and the ability to evaluate new and emerging technologies and risks, Mangold also relies on his background and training in…

Details

Privacy By Design Is Still Imperative

Each year brings more large-scale security and privacy breaches, leaving the general public questioning to what extent companies could be trusted with their sensitive information. Retail, health care, banking, entertainment, governments – no industry is left untouched. Security and privacy must remain top of mind within every organization as both are essential in safeguarding data, protecting…

Details