-
Recent Posts
Look at Categories
Archives
Search the Blog
InfoSec Governance
- DevOps is dead, long live Dev! 7 August, 2020
- I Love the Subject of Change Control 17 December, 2019
- Unicorns (and how the Gene Kim challenges us yet again…) 27 November, 2019
- Where should the CSO Report? 21 October, 2019
- The Three Phases to DevOps in Security 5 December, 2018
- Glass Houses…and Music Majors 28 September, 2017
- Shifting the Conversation (An SDLC Story) 18 October, 2016
- Random Favorite Quotes 18 October, 2016
- The Legacy of Controls (A DevOps Story) 3 March, 2015
- Velocity vs. Anti-Velocity 12 February, 2015
Category Archives: InfoSec Governance
Accuracy vs. Precision – My Risk Epiphany
Did you ever have a moment where a concept you have never been able to figure out or understand suddenly clicks in your head? I had long struggled to understand a key element of Risk Management – how to perform … Continue reading
#SecBiz or The Better Answer to Martin’s Question
I had the good fortune of a long drive (12 hours to be exact) which allowed me time to catch up on four months of backlogged Martin McKeay’s Network Security Podcasts. My fortune improved when I listened to the June … Continue reading
Do you have SOCD? (Security Obsessive Compulsive Disorder)
Are you SOCD? You have it if: You feel the constant need to force drastic security measures. You say: “This company really needs to revise all the (SOX) controls. There’s absolutely no reason to have management involved in the process.” … Continue reading
Sustainable Security by Showing Tangible Benefits
I spent a large part of my involuntary layover in Atlanta last month thinking about PCI, Control Objectives and Maturity. Sometimes interruptions to our business lives like this are good, since stepping back and interrupting our non-stop business life for … Continue reading
The One-Hundred-Zero-Fifty Rule
I had a employee in a security department that I was running come to me and say “We have a problem, and we need to take care of it right away!” Now we were in the midst of several major … Continue reading
Revolution or Evolution
I recently had a meeting with a well placed Security Officer. He made a comment that I thought really summed up the view that I hold as well regarding transformation of Information Security at a company…. “When I started working … Continue reading
In the beginning…
…there was a goal of teaching people how to communicate, interact, and learn from each other. When I wound up in InfoSec and IT Risk Management, my goal evolved into communicating to InfoSec professionals – IT Security Managers, CSO’s, Network … Continue reading