-
Recent Posts
Look at Categories
Archives
- March 2024
- November 2022
- October 2021
- August 2021
- June 2021
- August 2020
- December 2019
- November 2019
- October 2019
- December 2018
- September 2017
- October 2016
- March 2015
- February 2015
- January 2013
- September 2012
- August 2012
- March 2012
- October 2011
- June 2011
- May 2011
- February 2011
- December 2010
- November 2010
- September 2010
- August 2010
Search the Blog
InfoSec Governance
Author Archives: Daniel Blander
Where should the CSO Report?
I was recently asked the question, “Where does Security belong in an organization?” It is an intriguing question, and one that I think about quite often. Currently most CSOs report to the CIO or CTO. In a few, rare cases, … Continue reading
Posted in Uncategorized
Leave a comment
The Three Phases to DevOps in Security
The Three Phases to DevOps in Security Many of those who aspire to create a high-performing security function within a company are looking at DevSecOps and what it represents. This is laudable, as the concepts that are represented in DevSecOps … Continue reading
Posted in CISO, CSO, DevOps, DevSecOps
Leave a comment
Glass Houses…and Music Majors
First, a disclaimer…this post is *not* about bashing or ranting about Equifax’s security practices. Why? Because I do not have first hand knowledge of what they did or did not do, or what specific exploits and vulnerabilities were leveraged throughout … Continue reading
Posted in Uncategorized
Leave a comment
Shifting the Conversation (An SDLC Story)
I’d like to tell a story (a mostly real one) that can help you think through how to make your DevOps transition a little smoother, level set some over-exuberance, and ensure everyone feels they are getting a fair shake in … Continue reading
Posted in Uncategorized
Leave a comment
Random Favorite Quotes
The following are quotes or paraphrased notes taken from talks I have seen, podcasts, or general conversations with people I know. If you feel you didn’t say these words, or wish to correct them, just contact me. ——— Microsoft gets … Continue reading
Posted in Uncategorized
Leave a comment
The Legacy of Controls (A DevOps Story)
I recently had a pair of encounters that have opened my eyes further to both the causes of our current messy state of IT affairs, and given me hope for a better future. In both cases the issue that came … Continue reading
Posted in Uncategorized
Leave a comment
Velocity vs. Anti-Velocity
No, its not the new anti-matter, or maybe it is. I’ve watched IT organizations now for 26 years. The sadness I feel is that I’ve continuously seen the same downward spiral: Failures are reacted to as a only that – … Continue reading
Posted in IT Governance
Leave a comment
Loving the John In All of Us
I found myself in one of my least favorite moments a few weeks ago. I was having a discussion about the build out of a new environment. Someone brought up the subject of how people should access the environment and … Continue reading
Posted in CISO, CSO, Information Security, InfoSec
Leave a comment
The Quantum Vulnerability Tunneling Effect
I know I had promised to talk about how to implement a risk management program in your small organization, but bear with me for a blog (or two). Given that my brain has been wrapping itself carefully around risk management … Continue reading
Posted in CISO, CSO, Information Security, InfoSec, IT Risk Management, Uncategorized
Leave a comment
Accuracy vs. Precision – My Risk Epiphany
Did you ever have a moment where a concept you have never been able to figure out or understand suddenly clicks in your head? I had long struggled to understand a key element of Risk Management – how to perform … Continue reading