Tuesday, December 20, 2016
20 Questions Security Pros Should Ask Themselves Before Moving To The Cloud
Wednesday, December 14, 2016
What can the printing press teach us about security?
Thursday, December 1, 2016
20 Questions Smart Security Pros Should Ask About 'Intelligence'
Wednesday, November 30, 2016
Focus on the Ends, Not the Means
Wednesday, November 9, 2016
Searching for answers? Try listening.
Friday, October 28, 2016
20 Endpoint Security Questions You Never Thought to Ask
Wednesday, October 26, 2016
Collection, Sensing, and Alerting: Yesterday's News
Friday, October 14, 2016
Analytics is What's Next for Detection
Wednesday, October 5, 2016
Want better security? Be a pragmatist.
Anyone interested in another game of 20 questions?
Tuesday, September 20, 2016
Ever wonder how you can get more out of visualization?
Thursday, September 15, 2016
Anyone up for a game of 20 questions?
Wednesday, August 31, 2016
The Only Constant is Change
Wednesday, August 17, 2016
It's All About The Base
Thursday, August 11, 2016
Theory Vs Practice: Getting The Most Out Of Infosec
Wednesday, August 3, 2016
The Pen is Mightier Than Hot Air
Wednesday, July 27, 2016
5 Failsafe Techniques For Interviewing Security Candidates
Hiring is, and will likely remain, a strategic challenge for quite some time. At the same time, a bad hire can have disastrous consequences for an organization. Given this, interviewing candidates well becomes extremely important. How can organizations interview well? My thoughts in my latest DarkReading piece: http://www.darkreading.com/vulnerabilities---threats/5-failsafe-techniques-for-interviewing-security-candidates/a/d-id/1326360?.
Wednesday, July 13, 2016
Hacking is Sexy, But Defending is the Grown-up Thing To Do
Wednesday, June 29, 2016
The Increasing Importance Of Security Analytics
Although many people talk about analytics in the security field, there is still a tremendous amount of confusion around the topic. I discuss this in depth in my latest SecurityWeek piece: http://www.securityweek.com/increasing-importance-security-analytics. I think it's a dialogue the infosec community sorely needs to have.
Monday, June 27, 2016
Mind The Gap: CISOs Versus 'Operators'
In order for a security organization to evolve and mature, it needs to mind the gap. What exactly am I referring to here? Check out my latest piece in DarkReading to find out: http://www.darkreading.com/vulnerabilities---threats/mind-the-gap-cisos-versus-operators/a/d-id/1326050?. I think it's an important topic, and I hope you will agree.
Sunday, June 26, 2016
How can SMBs deal with security work overload?
Almost all security organizations have more work than they can realistically do. SMBs feel this pain more acutely than others. What can security organizations do to ease the pain? My thoughts in my latest piece in The Business Journals: http://www.bizjournals.com/bizjournals/how-to/technology/2016/06/how-to-deal-with-tech-security-work-overload.html
Wednesday, June 8, 2016
Security Teams: Trust the One You're With
Thursday, May 26, 2016
All the world's a stage
One can always create another stage upon which to present. But is that necessarily a good thing for the advancement of the information security profession? My thoughts in my latest DarkReading piece: http://www.darkreading.com/operations/a-wish-list-for-the-security-conference-stage/a/d-id/1325694
Wednesday, May 18, 2016
Security Resources: Don't Put All Your Eggs in One Basket
Are you at risk of putting all of your security resources in one basket? Curious what I mean by that? Have a look at my latest SecurityWeek piece for a discussion on the topic: http://www.securityweek.com/security-resources-dont-put-all-your-eggs-one-basket. Hope you enjoy it and find it thought provoking.
Wednesday, May 4, 2016
What is the Point of Analysis Anyway?
Sunday, May 1, 2016
Time to get back to basics when it comes to information security
Wednesday, April 27, 2016
8 Signs Your Security Culture Lacks Consistency
Wednesday, April 20, 2016
Cyber Insurance: Security Tool or Hype?
Wednesday, March 23, 2016
What can the common cold teach us about infosec?
Does your security team most often treat the symptoms of problems, rather than the problems themselves? Interested in reading more about what I'm referring to? My latest piece in SecurityWeek discusses: http://www.securityweek.com/your-security-team-treating-symptoms-rather-problems.