InfoSec Governance- The Fallacy of Permanence 16 June, 2021
- DevOps is dead, long live Dev! 7 August, 2020
- I Love the Subject of Change Control 17 December, 2019
- Unicorns (and how the Gene Kim challenges us yet again…) 27 November, 2019
- Where should the CSO Report? 21 October, 2019
- The Three Phases to DevOps in Security 5 December, 2018
- Glass Houses…and Music Majors 28 September, 2017
- Shifting the Conversation (An SDLC Story) 18 October, 2016
- Random Favorite Quotes 18 October, 2016
- The Legacy of Controls (A DevOps Story) 3 March, 2015
Category Archives: Uncategorized
Do you have SOCD? (Security Obsessive Compulsive Disorder)
Are you SOCD? You have it if: You feel the constant need to force drastic security measures. You say: “This company really needs to revise all the (SOX) controls. There’s absolutely no reason to have management involved in the process.” … Continue reading
Mentoring Outside the Echo Chamber
I have been incensed by certain “pundit” activities through a recent encounter that unfortunately mirrors the frustration I felt 20 years ago as a result of the actions of certain academics where I once taught. The actions of which I … Continue reading
Posted in Uncategorized
Leave a comment
Sophisticated Analysis of Risk Management is Critical…don’t do Sophisticated Analysis Risk Management
There is a wonderful discussion occurring in SIRA (Society of Information Risk Analysts) these days. I missed the beginning of this group, and I regret it, because the messages coming out of the discussions are extremely insightful and critically important … Continue reading
Posted in Uncategorized
Leave a comment
Revolution or Evolution, Part II
The Security Officer I met recently told me in his “old age” he now knew that the key to security in an organization was Evolution. Engage evolution. But what does evolution mean for us InfoSec professionals? Well, I’m going to … Continue reading
Posted in Uncategorized
Leave a comment
In the beginning…
…there was a goal of teaching people how to communicate, interact, and learn from each other. When I wound up in InfoSec and IT Risk Management, my goal evolved into communicating to InfoSec professionals – IT Security Managers, CSO’s, Network … Continue reading