Monthly Archives: February 2011

My Take Away Moment from BSidesSF

I won’t attempt to rehash the conference, except to say, if you have a chance to attend a BSides event, do so in great haste. Despite being free, they are worth every penny you could invest in visiting one.  What … Continue reading

Posted in CISO, CSO, Information Security, InfoSec | Leave a comment

Sophisticated Analysis of Risk Management is Critical…don’t do Sophisticated Analysis Risk Management

There is a wonderful discussion occurring in SIRA (Society of Information Risk Analysts) these days. I missed the beginning of this group, and I regret it, because the messages coming out of the discussions are extremely insightful and critically important … Continue reading

Posted in Uncategorized | Leave a comment

Handing Back Responsibility for Security

There is a great lesson that unfolded at one of my customer’s sites during an audit.  It is a great story to tell, but more importantly, it lets me illustrate that as Security Professionals, we need to design security to … Continue reading

Posted in CISO, CSO, Information Security, InfoSec, IT Risk Management | Leave a comment