Author Archives: Daniel Blander

About Daniel Blander

Information Security consultant who has spent twenty plus years listening, discussing, designing, and creating solutions that fit the requirements presented. President, Techtonica, Inc.

Model for Building PCI Control Objectives

Posted on 2 November, 2010 by Daniel Blander

Maybe it’s the excitement of getting re-Tweeted today, or maybe it’s just the outpouring of love and emotion I felt when I watched the video of the Mike+Josh hug, but I thought I’d provide a bit more thought around how … Continue reading

Posted in CISO, CSO, Information Security, IT Risk Management, PCI | Leave a comment

Moving Beyond Compliance – Commentary on PCI-Hug-It-Out

Posted on 1 November, 2010 by Daniel Blander

I finally got around to listening to the Tripwire sponsored, Martin McKeay and Gene Kim hosted PCI Hug It Out with Josh Corman and Mike Dahn.  If you haven’t heard it, you should.  Two very smart people (well four actually, … Continue reading

Posted in Information Security, InfoSec, PCI | 1 Comment

The One-Hundred-Zero-Fifty Rule

Posted on 29 September, 2010 by Daniel Blander

I had a employee in a security department that I was running come to me and say “We have a problem, and we need to take care of it right away!”  Now we were in the midst of several major … Continue reading

Posted in CISO, CSO, Information Security Governance, InfoSec Governance, IT Risk Management, Security Governance | Leave a comment

Revolution or Evolution, Part II

Posted on 17 September, 2010 by Daniel Blander

The Security Officer I met recently told me in his “old age” he now knew that the key to security in an organization was Evolution.  Engage evolution. But what does evolution mean for us InfoSec professionals? Well, I’m going to … Continue reading

Posted in Uncategorized | Leave a comment

Revolution or Evolution

Posted on 3 September, 2010 by Daniel Blander

I recently had a meeting with a well placed Security Officer.  He made a comment that I thought really summed up the view that I hold as well regarding transformation of Information Security at a company…. “When I started working … Continue reading

Posted in CISO, CSO, Information Security, Information Security Governance, InfoSec, InfoSec Governance, IT Risk Management, Security Governance | Leave a comment

In the beginning…

Posted on 21 August, 2010 by Daniel Blander

…there was a goal of teaching people how to communicate, interact, and learn from each other.  When I wound up in InfoSec and IT Risk Management, my goal evolved into communicating to InfoSec professionals – IT Security Managers, CSO’s, Network … Continue reading

Posted in CISO, CSO, Information Security, Information Security Governance, InfoSec, InfoSec Governance, IT Governance, IT Risk Management, Security Governance, Uncategorized | Tagged | Leave a comment