-
Recent Posts
Look at Categories
Archives
Search the Blog
InfoSec Governance
- DevOps is dead, long live Dev! 7 August, 2020
- I Love the Subject of Change Control 17 December, 2019
- Unicorns (and how the Gene Kim challenges us yet again…) 27 November, 2019
- Where should the CSO Report? 21 October, 2019
- The Three Phases to DevOps in Security 5 December, 2018
- Glass Houses…and Music Majors 28 September, 2017
- Shifting the Conversation (An SDLC Story) 18 October, 2016
- Random Favorite Quotes 18 October, 2016
- The Legacy of Controls (A DevOps Story) 3 March, 2015
- Velocity vs. Anti-Velocity 12 February, 2015
Monthly Archives: February 2011
My Take Away Moment from BSidesSF
I won’t attempt to rehash the conference, except to say, if you have a chance to attend a BSides event, do so in great haste. Despite being free, they are worth every penny you could invest in visiting one. What … Continue reading
Posted in CISO, CSO, Information Security, InfoSec
Leave a comment
Sophisticated Analysis of Risk Management is Critical…don’t do Sophisticated Analysis Risk Management
There is a wonderful discussion occurring in SIRA (Society of Information Risk Analysts) these days. I missed the beginning of this group, and I regret it, because the messages coming out of the discussions are extremely insightful and critically important … Continue reading
Posted in Uncategorized
Leave a comment
Handing Back Responsibility for Security
There is a great lesson that unfolded at one of my customer’s sites during an audit. It is a great story to tell, but more importantly, it lets me illustrate that as Security Professionals, we need to design security to … Continue reading
Posted in CISO, CSO, Information Security, InfoSec, IT Risk Management
Leave a comment