It likely comes as no surprise that people are an extremely important part of the people, process, and technology triad. In the information security realm, finding the right people is certainly not easy for a number of different reasons. How can organizations properly vet and assess candidates for security positions to ensure they do not make critical and costly hiring mistakes? My thoughts on the topic in my latest piece in The Business Journals: http://www.bizjournals.com/bizjournals/how-to/human-resources/2015/01/how-to-hire-a-top-security-employee.html.
Tuesday, January 27, 2015
This may sound radical, but I would argue that we as a security community don't fail enough. Or rather, that we aren't failing in the right way often enough. Interested in understanding what I mean? Have a look at my latest SecurityWeek piece entitled "It's Okay to Fail": http://www.securityweek.com/its-okay-fail-security-problem-cant-be-solved. Hope you enjoy.
Tuesday, January 13, 2015
While many individuals and organizations focus on collection of relevant data for security operations, fewer focus on the analytical component of the equation. Curious what I mean? Have a look at my latest piece in SecurityWeek: http://www.securityweek.com/collection-and-analysis-two-sides-coin
Monday, January 12, 2015
We would never expect a hammer, some nails, and a pile of wood to magically build itself into a bird house. So why do we sometimes expect our security technologies to magically build themselves into solutions to our security problems? Technology is, first and foremost, a tool to be used in conjunction with intelligence and expertise. Only then can we approach a solution. My thoughts on this topic in my latest in The Business Journals: http://www.bizjournals.com/bizjournals/how-to/technology/2015/01/security-technology-as-tool-not-solution.html