Monday, December 29, 2014

Always Answer a Question with a Question

Why should you always answer a question with a question?  Why not?  Curious why I'm asking?  Have a look at my most recent SecurityWeek piece entitled "Always Answer a Question with a  Question": http://www.securityweek.com/always-answer-question-question.  In security, the question is often times more important than the answer.

Monday, December 15, 2014

Spear Alerting: Improving Efficiency of Security Operations and Incident Response

Do you practice spear alerting?  Curious what that means?  Give my latest SecurityWeek piece a read to see what spear alerting is all about: http://www.securityweek.com/spear-alerting-improving-efficiency-security-operations-and-incident-response.  I hope you enjoy the piece, and I invite your feedback and thoughts as always.

Saturday, December 13, 2014

Creating the right mix of cloud and on-premises tech systems

To insource or outsource?  To host in the cloud or on-premises?  Those are sometimes difficult questions to answer, particularly when it comes to technology and product in support of information security.  I've put together some thoughts to help with the decision making process in my next piece for The Business Journals entitled "Creating the right mix of cloud and on-premises tech systems": http://www.bizjournals.com/bizjournals/how-to/technology/2014/12/interesting-way-to-communicate-with-your-assistant.html.

Tuesday, December 2, 2014

Is Budget a Good Security Metric?

When discussing the effectiveness or maturity of a security program, budget is one of the criteria most often mentioned.  Does it make sense to evaluate security in terms of budget?  Further, is budget necessarily a good way to measure a security program?  My thoughts on this topic are in my latest SecurityWeek piece entitled "Is Budget A Good Security Metric?": http://www.securityweek.com/budget-good-security-metric.