Collaborate Disseminate
Trust is confusing.
Many of the cloud security and, in fact, cloud computing discussions ultimately distill to trust. Note that the concept of trust is much broader than cyber security, and even broader than a triad of security / privacy / compliance.
… Continue reading On Externalizing Cloud Trust
For some reason, I just cannot leave the topic of Security Operation Center (SOC) alone. In fact, I now am participating in a very fun effort to write a series of papers on the future of SOC by Google Cloud and Deloitte (for the impatient: paper 1 [PDF… Continue reading New Paper: “Future of the SOC: Forces shaping modern security operations”
Look outside, we are in 2020 (can anybody really forget that?). So, we are not in 2002 anymore (perhaps the birth year of modern-ish SIEM), neither are we in 2012…
So, depending on how you count, SIEM technology (and SIM/SEM before it) has e… Continue reading Modern SIEM Mysteries
Note: Yes, this is written while wearing my vendor hat. But do keep in mind that I only work on things I believe in! So, don’t knock that hat off my head :-)
If you recall my post “So, Chronicle, Are You A SIEM?”, the conversatio… Continue reading Cyderes CNAP Makes SIEM Modernization a Snap
“Security theater” (a term widely attributed to Bruce Schneier) “refers to security measures that make people feel more secure without doing anything to actually improve their security.” This concept essentially denotes fake, &#… Continue reading More Musings on Reverse Security Theater and “Security Signalling”
A few days ago I posted the following on Twitter:
(link to full thread that has perhaps grown since this time)
Below are the suggestions I got, with TWO clear winners (votes and likes data is very relative, manually counted, etc, etc &… Continue reading Modern Cyber Defense Books
More than a decade ago, I was working for a SaaS security company that shall remain nameless in this post, but can be easily figured out from my LinkedIn profile. Its CEO had a pithy saying that stayed with me ever since: to paraphrase, “no succe… Continue reading Fake Cloud: Now There Are Two Hands in Your Pocket
This post is my admittedly imperfect attempt to “reconnect” data security controls to threats. It is also my intent to continue pulling on the thread I touched in this post — so expect more posts about that.
Let’… Continue reading Data Security and Threat Models
So, this post is more like a public service announcement for the broader GCP security products team. But I will add color to it, so it will be more fun. Also, this technology we are releasing is genuinely very useful for many organizations nowadays.
As… Continue reading Google BeyondCorp Remote Access Is Released
As I am expanding my responsibilities to cover some exciting data security topics (like, say, our cloud data discovery DLP), I wanted to briefly discuss a few broader issues I have noticed related to modern data security.
To start, would you agree that… Continue reading Musings on Modern Data Security