Collaborate Disseminate
It’s been nearly 2 years since I’ve written anything for my blog here, and I can’t say that there’s much of a good reason for it. Part of the reason has been prohibitions from past employers on doing anything public…
The post In With A Roar, Out With… Continue reading In With A Roar, Out With A Whimper
I have a visceral reaction every time I encounter yet another article bemoaning the so-called “talent gap” or “labor gap” in cybersecurity. Having been in and out of the job market several times over the past decade (for better and,…
The post A Short… Continue reading A Shortage in Common Sense: The Myth of the Talent Gap
I don’t know about you, but I am happy to see 2018 ended. Personally, it was a very difficult year, capping a very difficult decade. Now, as we embark into 2019, it’s time to sit up and realize that we’ve…
The post Business Must Change: InfoSec in 20… Continue reading Business Must Change: InfoSec in 2019
There’s no shortage of guidance available today about how to structure, build, and run a security program. Most guidance comes from a standpoint of inherent bias, whether it be to promote a product class, specific framework/standard, or to best align….. Continue reading The Quest for Optimal Security
In the traditional parlance of infosec, we’ve been taught repeatedly that the C-I-A triad (confidentiality, integrity, availability) must be balanced in accordance with the needs of the business. This concept is foundational to all of infosec, ensconce… Continue reading Forget C-I-A, Availability Is King
I started my security (post-sysadmin) career heavily focused on security policy frameworks. It took me down many roads, but everything always came back to a few simple notions, such as that policies were a means of articulating security direction, that… Continue reading Measure Security Performance, Not Policy Compliance
There are shenanigans afoot, I tell ya; shenanigans! I was recently contacted by an intermediary asking if I’d be interested in writing a paid blog post slamming analysts, to be published on my own blog site, and then promoted by…
The post The Thankl… Continue reading The Thankless Life of Analysts
October was National Cybersecurity Awareness Month. Since today is the last day, I figured now is as good a time as any to take a contrarian perspective on what undoubtedly many organizations just did over the past few weeks; namely,…
The post Design… Continue reading Design For Behavior, Not Awareness
October was National Cybersecurity Awareness Month. Since today is the last day, I figured now is as good a time as any to take a contrarian perspective on what undoubtedly many organizations just did over the past few weeks; namely,…
The post Design… Continue reading Design For Behavior, Not Awareness
Anton Chuvakin and I were having a fun debate a couple weeks ago about whether incremental improvements are worthwhile in infosec, or if it’s really necessary to “jump to the next curve” (phrase origin: Guy Kawasaki’s “Art of Innovation,” watch…
The post Incremental “Gains” Are Just Slower Losses appeared first on Security Boulevard.