Author Archives: Daniel Blander

About Daniel Blander

Information Security consultant who has spent twenty plus years listening, discussing, designing, and creating solutions that fit the requirements presented. President, Techtonica, Inc.

Sustainable Security by Showing Tangible Benefits

I spent a large part of my involuntary layover in Atlanta last month thinking about PCI, Control Objectives and Maturity.  Sometimes interruptions to our business lives like this are good, since stepping back and interrupting our non-stop business life for … Continue reading

Posted in Information Security, Information Security Governance, InfoSec, InfoSec Governance, Security Governance | Leave a comment

They Just Don’t Get It

“They just don’t get security!” As InfoSec professionals we often curse our management, our users or our customers (or all three) because they have done something “stupid” which either creates or nearly creates a security incident.  We howl, we complain, … Continue reading

Posted in Information Security, InfoSec | Leave a comment

Model for Building PCI Control Objectives

Maybe it’s the excitement of getting re-Tweeted today, or maybe it’s just the outpouring of love and emotion I felt when I watched the video of the Mike+Josh hug, but I thought I’d provide a bit more thought around how … Continue reading

Posted in CISO, CSO, Information Security, IT Risk Management, PCI | Leave a comment

Moving Beyond Compliance – Commentary on PCI-Hug-It-Out

I finally got around to listening to the Tripwire sponsored, Martin McKeay and Gene Kim hosted PCI Hug It Out with Josh Corman and Mike Dahn.  If you haven’t heard it, you should.  Two very smart people (well four actually, … Continue reading

Posted in Information Security, InfoSec, PCI | 1 Comment

The One-Hundred-Zero-Fifty Rule

I had a employee in a security department that I was running come to me and say “We have a problem, and we need to take care of it right away!”  Now we were in the midst of several major … Continue reading

Posted in CISO, CSO, Information Security Governance, InfoSec Governance, IT Risk Management, Security Governance | Leave a comment

Revolution or Evolution, Part II

The Security Officer I met recently told me in his “old age” he now knew that the key to security in an organization was Evolution.  Engage evolution. But what does evolution mean for us InfoSec professionals? Well, I’m going to … Continue reading

Posted in Uncategorized | Leave a comment

Revolution or Evolution

I recently had a meeting with a well placed Security Officer.  He made a comment that I thought really summed up the view that I hold as well regarding transformation of Information Security at a company…. “When I started working … Continue reading

Posted in CISO, CSO, Information Security, Information Security Governance, InfoSec, InfoSec Governance, IT Risk Management, Security Governance | Leave a comment

In the beginning…

…there was a goal of teaching people how to communicate, interact, and learn from each other.  When I wound up in InfoSec and IT Risk Management, my goal evolved into communicating to InfoSec professionals – IT Security Managers, CSO’s, Network … Continue reading

Posted in CISO, CSO, Information Security, Information Security Governance, InfoSec, InfoSec Governance, IT Governance, IT Risk Management, Security Governance, Uncategorized | Tagged | Leave a comment