InfoSec Governance- Security Maturity vs Risk Based Security 24 March, 2024
- Mandatory versus Guidelines: A story of FUD 21 November, 2022
- A Little Tech – Reset Troubles with MFA 18 October, 2021
- The Fear Mongers 11 August, 2021
- Better Late than Never: My First Foray into Real Metrics 3 August, 2021
- Three Key Patterns for Information Security Programs 2 August, 2021
- The Fallacy of Permanence 16 June, 2021
- DevOps is dead, long live Dev! 7 August, 2020
- I Love the Subject of Change Control 17 December, 2019
- Unicorns (and how the Gene Kim challenges us yet again…) 27 November, 2019
Author Archives: Daniel Blander
Where should the CSO Report?
I was recently asked the question, “Where does Security belong in an organization?” It is an intriguing question, and one that I think about quite often. Currently most CSOs report to the CIO or CTO. In a few, rare cases, … Continue reading
Posted in Uncategorized
Leave a comment
The Three Phases to DevOps in Security
The Three Phases to DevOps in Security Many of those who aspire to create a high-performing security function within a company are looking at DevSecOps and what it represents. This is laudable, as the concepts that are represented in DevSecOps … Continue reading
Posted in CISO, CSO, DevOps, DevSecOps
Leave a comment
Glass Houses…and Music Majors
First, a disclaimer…this post is *not* about bashing or ranting about Equifax’s security practices. Why? Because I do not have first hand knowledge of what they did or did not do, or what specific exploits and vulnerabilities were leveraged throughout … Continue reading
Posted in Uncategorized
Leave a comment
Shifting the Conversation (An SDLC Story)
I’d like to tell a story (a mostly real one) that can help you think through how to make your DevOps transition a little smoother, level set some over-exuberance, and ensure everyone feels they are getting a fair shake in … Continue reading
Posted in Uncategorized
Leave a comment
Random Favorite Quotes
The following are quotes or paraphrased notes taken from talks I have seen, podcasts, or general conversations with people I know. If you feel you didn’t say these words, or wish to correct them, just contact me. ——— Microsoft gets … Continue reading
Posted in Uncategorized
Leave a comment
The Legacy of Controls (A DevOps Story)
I recently had a pair of encounters that have opened my eyes further to both the causes of our current messy state of IT affairs, and given me hope for a better future. In both cases the issue that came … Continue reading
Posted in Uncategorized
Leave a comment
Velocity vs. Anti-Velocity
No, its not the new anti-matter, or maybe it is. I’ve watched IT organizations now for 26 years. The sadness I feel is that I’ve continuously seen the same downward spiral: Failures are reacted to as a only that – … Continue reading
Posted in IT Governance
Leave a comment
Loving the John In All of Us
I found myself in one of my least favorite moments a few weeks ago. I was having a discussion about the build out of a new environment. Someone brought up the subject of how people should access the environment and … Continue reading
Posted in CISO, CSO, Information Security, InfoSec
Leave a comment
The Quantum Vulnerability Tunneling Effect
I know I had promised to talk about how to implement a risk management program in your small organization, but bear with me for a blog (or two). Given that my brain has been wrapping itself carefully around risk management … Continue reading
Posted in CISO, CSO, Information Security, InfoSec, IT Risk Management, Uncategorized
Leave a comment
Accuracy vs. Precision – My Risk Epiphany
Did you ever have a moment where a concept you have never been able to figure out or understand suddenly clicks in your head? I had long struggled to understand a key element of Risk Management – how to perform … Continue reading