InfoSec Governance- Security Maturity vs Risk Based Security 24 March, 2024
- Mandatory versus Guidelines: A story of FUD 21 November, 2022
- A Little Tech – Reset Troubles with MFA 18 October, 2021
- The Fear Mongers 11 August, 2021
- Better Late than Never: My First Foray into Real Metrics 3 August, 2021
- Three Key Patterns for Information Security Programs 2 August, 2021
- The Fallacy of Permanence 16 June, 2021
- DevOps is dead, long live Dev! 7 August, 2020
- I Love the Subject of Change Control 17 December, 2019
- Unicorns (and how the Gene Kim challenges us yet again…) 27 November, 2019
Monthly Archives: August 2021
The Fear Mongers
“APT is your biggest risk.” “Public cloud cannot be secure, just look at CapitalOne.” “Insiders are your biggest threat.” “You must have a SIEM if you are going to pass your SOX audits!” Bah, humbug. Fear, Uncertainty, and Doubt (or … Continue reading
Posted in Uncategorized
Leave a comment
Better Late than Never: My First Foray into Real Metrics
Author’s Note, this blog was written back in 2013, but never made it this far. Forgive the delay and references to old presentations that may not be accessible. It’s been a while since my last post, and I’ll blame it … Continue reading
Posted in Uncategorized
Leave a comment
Three Key Patterns for Information Security Programs
After too many years witnessing the sham that are “security standards” and regulations, I feel like I have to be a bit of a grumpy old man. I’m not usually this way…well, I am old, but usually not terribly grumpy. … Continue reading
Posted in Uncategorized
Leave a comment