InfoSec Governance- Mandatory versus Guidelines: A story of FUD 21 November, 2022
- A Little Tech – Reset Troubles with MFA 18 October, 2021
- The Fear Mongers 11 August, 2021
- Better Late than Never: My First Foray into Real Metrics 3 August, 2021
- Three Key Patterns for Information Security Programs 2 August, 2021
- The Fallacy of Permanence 16 June, 2021
- DevOps is dead, long live Dev! 7 August, 2020
- I Love the Subject of Change Control 17 December, 2019
- Unicorns (and how the Gene Kim challenges us yet again…) 27 November, 2019
- Where should the CSO Report? 21 October, 2019
Monthly Archives: February 2011
My Take Away Moment from BSidesSF
I won’t attempt to rehash the conference, except to say, if you have a chance to attend a BSides event, do so in great haste. Despite being free, they are worth every penny you could invest in visiting one. What … Continue reading
Posted in CISO, CSO, Information Security, InfoSec
Leave a comment
Sophisticated Analysis of Risk Management is Critical…don’t do Sophisticated Analysis Risk Management
There is a wonderful discussion occurring in SIRA (Society of Information Risk Analysts) these days. I missed the beginning of this group, and I regret it, because the messages coming out of the discussions are extremely insightful and critically important … Continue reading
Posted in Uncategorized
Leave a comment
Handing Back Responsibility for Security
There is a great lesson that unfolded at one of my customer’s sites during an audit. It is a great story to tell, but more importantly, it lets me illustrate that as Security Professionals, we need to design security to … Continue reading
Posted in CISO, CSO, Information Security, InfoSec, IT Risk Management
Leave a comment