-
Recent Posts
Look at Categories
Archives
Search the Blog
InfoSec Governance
Author Archives: Daniel Blander
The Three Phases to DevOps in Security
The Three Phases to DevOps in Security Many of those who aspire to create a high-performing security function within a company are looking at DevSecOps and what it represents. This is laudable, as the concepts that are represented in DevSecOps … Continue reading
Posted in CISO, CSO, DevOps, DevSecOps
Leave a comment
Glass Houses…and Music Majors
First, a disclaimer…this post is *not* about bashing or ranting about Equifax’s security practices. Why? Because I do not have first hand knowledge of what they did or did not do, or what specific exploits and vulnerabilities were leveraged throughout … Continue reading
Posted in Uncategorized
Leave a comment
Shifting the Conversation (An SDLC Story)
I’d like to tell a story (a mostly real one) that can help you think through how to make your DevOps transition a little smoother, level set some over-exuberance, and ensure everyone feels they are getting a fair shake in … Continue reading
Posted in Uncategorized
Leave a comment
Random Favorite Quotes
The following are quotes or paraphrased notes taken from talks I have seen, podcasts, or general conversations with people I know. If you feel you didn’t say these words, or wish to correct them, just contact me. ——— Microsoft gets … Continue reading
Posted in Uncategorized
Leave a comment
The Legacy of Controls (A DevOps Story)
I recently had a pair of encounters that have opened my eyes further to both the causes of our current messy state of IT affairs, and given me hope for a better future. In both cases the issue that came … Continue reading
Posted in Uncategorized
Leave a comment
Velocity vs. Anti-Velocity
No, its not the new anti-matter, or maybe it is. I’ve watched IT organizations now for 26 years. The sadness I feel is that I’ve continuously seen the same downward spiral: Failures are reacted to as a only that – … Continue reading
Posted in IT Governance
Leave a comment
Loving the John In All of Us
I found myself in one of my least favorite moments a few weeks ago. I was having a discussion about the build out of a new environment. Someone brought up the subject of how people should access the environment and … Continue reading
Posted in CISO, CSO, Information Security, InfoSec
Leave a comment
The Quantum Vulnerability Tunneling Effect
I know I had promised to talk about how to implement a risk management program in your small organization, but bear with me for a blog (or two). Given that my brain has been wrapping itself carefully around risk management … Continue reading
Posted in CISO, CSO, Information Security, InfoSec, IT Risk Management, Uncategorized
Leave a comment
Accuracy vs. Precision – My Risk Epiphany
Did you ever have a moment where a concept you have never been able to figure out or understand suddenly clicks in your head? I had long struggled to understand a key element of Risk Management – how to perform … Continue reading
BSides San Francisco Presentation
So I did a little talk at BSides San Francisco 2012. Its a pre-quel to my book “So You Want to Be the CSO…” The talk was recorded so you can view it at your leisure. Just pity the poor … Continue reading