Collaborate Disseminate
I have a pet peeve. Ok, I have several, but nonetheless, we’re going to talk about one of them today. That pet peeve is security professionals wasting time and energy pushing a “security culture” agenda. This practice of talking about… Continue reading Quit Talking About “Security Culture” – Fix Org Culture!
Soul-crushing failure. If asked, that is how I would describe the last 10 years of my career, since leaving AOL. I made one mistake, one bad decision, and it’s completely and thoroughly derailed my entire career. Worse, it’s unclear if… Continue reading Confessions of an InfoSec Burnout
Folks: Please stop calling every soup-to-nuts, everything-but-the-kitchen-sink security job a “security architect” role. It’s harmful to the industry and it’s doing you no favors trying to find the right resources. In fact, please stop posting these “o… Continue reading On Titles, Jobs, and Job Descriptions (Not All Roles Are Architects)
Folks: Please stop calling every soup-to-nuts, everything-but-the-kitchen-sink security job a “security architect” role. It’s harmful to the industry and it’s doing you no favors trying to find the right resources. In fact, please stop posting these “o… Continue reading On Titles, Jobs, and Job Descriptions (Not All Roles Are Architects)
In a moment of introspection last night, it occurred to me that working from home tends to amplify any perceived slight or sources of negativity. Most of my “human” interactions are online only, which – for this extrovert – means… Continue reading Reflection on Working From Home
Alrighty… now that my RSA summary post is out of the way, let’s get into a deeply personal post about how absolutely horrible of a week I had at RSA. Actually, that’s not fair. The first half of the week… Continue reading Introspection on a Recent Downward Spiral
Now that I’ve had a week to recover from the annual infosec circus event to end all circus events, I figured it’s a good time to attempt being reflective and proffer my thoughts on the event, themes, what I saw,… Continue reading RSA USA 2017 In Review
From my NCS blog post: Despite the rapid growth of DevOps practices throughout various industries, there still seems to be a fair amount of trepidation, particularly among security practitioners and auditors. One of the first concerns that pops up is… Continue reading NCS Blog: DevOps and Separation of Duties
“If you’re a startup trying to get a product off the ground, you’ve probably been told to build an “MVP” – a minimum viable product – as promoted by the Lean Startup methodology. This translates into products being rapidly developed… Continue reading NCS Blog: “Minimum Viable” MUST Include Security
“If you’re a startup trying to get a product off the ground, you’ve probably been told to build an “MVP” – a minimum viable product – as promoted by the Lean Startup methodology. This translates into products being rapidly developed… Continue reading NCS Blog: “Minimum Viable” MUST Include Security