-
Recent Posts
Look at Categories
Archives
Search the Blog
InfoSec Governance
- DevOps is dead, long live Dev! 7 August, 2020
- I Love the Subject of Change Control 17 December, 2019
- Unicorns (and how the Gene Kim challenges us yet again…) 27 November, 2019
- Where should the CSO Report? 21 October, 2019
- The Three Phases to DevOps in Security 5 December, 2018
- Glass Houses…and Music Majors 28 September, 2017
- Shifting the Conversation (An SDLC Story) 18 October, 2016
- Random Favorite Quotes 18 October, 2016
- The Legacy of Controls (A DevOps Story) 3 March, 2015
- Velocity vs. Anti-Velocity 12 February, 2015
Author Archives: Daniel Blander
Loving the John In All of Us
I found myself in one of my least favorite moments a few weeks ago. I was having a discussion about the build out of a new environment. Someone brought up the subject of how people should access the environment and … Continue reading
Posted in CISO, CSO, Information Security, InfoSec
Leave a comment
The Quantum Vulnerability Tunneling Effect
I know I had promised to talk about how to implement a risk management program in your small organization, but bear with me for a blog (or two). Given that my brain has been wrapping itself carefully around risk management … Continue reading
Posted in CISO, CSO, Information Security, InfoSec, IT Risk Management, Uncategorized
Leave a comment
Accuracy vs. Precision – My Risk Epiphany
Did you ever have a moment where a concept you have never been able to figure out or understand suddenly clicks in your head? I had long struggled to understand a key element of Risk Management – how to perform … Continue reading
BSides San Francisco Presentation
So I did a little talk at BSides San Francisco 2012. Its a pre-quel to my book “So You Want to Be the CSO…” The talk was recorded so you can view it at your leisure. Just pity the poor … Continue reading
#SecBiz or The Better Answer to Martin’s Question
I had the good fortune of a long drive (12 hours to be exact) which allowed me time to catch up on four months of backlogged Martin McKeay’s Network Security Podcasts. My fortune improved when I listened to the June … Continue reading
Do you have SOCD? (Security Obsessive Compulsive Disorder)
Are you SOCD? You have it if: You feel the constant need to force drastic security measures. You say: “This company really needs to revise all the (SOX) controls. There’s absolutely no reason to have management involved in the process.” … Continue reading
Mentoring Outside the Echo Chamber
I have been incensed by certain “pundit” activities through a recent encounter that unfortunately mirrors the frustration I felt 20 years ago as a result of the actions of certain academics where I once taught. The actions of which I … Continue reading
Posted in Uncategorized
Leave a comment
My Take Away Moment from BSidesSF
I won’t attempt to rehash the conference, except to say, if you have a chance to attend a BSides event, do so in great haste. Despite being free, they are worth every penny you could invest in visiting one. What … Continue reading
Posted in CISO, CSO, Information Security, InfoSec
Leave a comment
Sophisticated Analysis of Risk Management is Critical…don’t do Sophisticated Analysis Risk Management
There is a wonderful discussion occurring in SIRA (Society of Information Risk Analysts) these days. I missed the beginning of this group, and I regret it, because the messages coming out of the discussions are extremely insightful and critically important … Continue reading
Posted in Uncategorized
Leave a comment
Handing Back Responsibility for Security
There is a great lesson that unfolded at one of my customer’s sites during an audit. It is a great story to tell, but more importantly, it lets me illustrate that as Security Professionals, we need to design security to … Continue reading
Posted in CISO, CSO, Information Security, InfoSec, IT Risk Management
Leave a comment