Is your security workflow backwards? Curious what I could be talking about here? Have a look at my latest DarkReading piece where I discuss this important question: https://www.darkreading.com/risk/is-your-security-workflow-backwards-/a/d-id/1330619.
Monday, December 18, 2017
Friday, December 15, 2017
Security is not a technology profession
Security is not a technology profession. Or at least it shouldn't be, I would argue. I discuss in my latest SecurityWeek piece: http://www.securityweek.com/security-not-technology-profession. Hope you will agree with what, at first, may sound like a provocative statement.
Thursday, November 16, 2017
What can the philosophy of Unix teach us about security?
What can the philosophy of Unix teach us about security? My latest piece in SecurityWeek discusses: http://www.securityweek.com/what-can-philosophy-unix-teach-us-about-security. Perhaps you'll agree that we can learn a lot about security from Unix.
Sunday, November 12, 2017
20 questions security vendors need to ask themselves
What are 20 questions security vendors need to ask themselves before they write a single word of marketing material? My thoughts in my latest DarkReading piece: https://www.darkreading.com/endpoint/why-common-sense-is-not-so-common-in-security-20-answers/a/d-id/1330351?
Friday, November 10, 2017
Why am I excited to be an advisor for ExtraHop?
I recently joined ExtraHop as an advisor. Why did I do so and why am I excited about it? I discuss my thoughts here: https://www.extrahop.com/company/blog/2017/why-im-excited-to-be-an-extrahop-advisor/.
Wednesday, November 1, 2017
Are you as tired of ambulance chasing as I am?
I am downright tired of ambulance chasing in the security field. Confused about what I'm referring to? My latest piece in SecurityWeek discusses: http://www.securityweek.com/all-hail-ambulance-chasers-security. Hope you enjoy.
Monday, October 16, 2017
20 Questions to Ask Yourself before Giving a Security Conference Talk
Ever sit through a security conference talk that made you shake your head? Ever wish the speaker had taken the time to verify that the talk would hit the mark? Whether or not you have, I'm guessing you might get a kick out of my latest DarkReading piece: https://www.darkreading.com/careers-and-people/20-questions-to-ask-yourself-before-giving-a-security-conference-talk/a/d-id/1330124. Hope you enjoy.
Monday, October 9, 2017
Isn't it time to democratize security?
A seat at the security table should not be for only the elite and largest of businesses or security vendors. Small and medium-sized businesses need a seat at the table as well. The time has come to democratize security. I discuss in my latest SecurityWeek piece: http://www.securityweek.com/its-time-democratize-security.
Wednesday, September 13, 2017
20 Questions to Help Achieve Security Program Goals
How can you keep your security goals from drifting off into the sunset? I discuss in my latest DarkReading piece: https://www.darkreading.com/operations/20-questions-to-help-achieve-security-program-goals-/a/d-id/1329853?. Hope you enjoy and find the piece helpful.
The Importance of Benchmarking in Your Security Program
My latest SecurityWeek piece discusses the importance of benchmarking: http://www.securityweek.com/importance-benchmarking-your-security-program. But don't just take my word for it. Try it yourself for free here: https://www.idrra.com/benchmark/.
Tuesday, August 29, 2017
IDRRA Benchmark - free and available to all!
In just a short period of time, the closed beta of IDRRA Benchmark has proven to be a resounding success. We at IDRRA have decided to offer IDRRA Benchmark to everyone. Join thousands of others and securely benchmark your security architecture for free: https://www.idrra.com/benchmark/. We have lots of great things planned, so be sure to return and visit us often!
Wednesday, August 23, 2017
Marketing Security Solutions: Is There a Better Way?
Security marketing seems to be stuck in a bit of a “spray and pray” rut. Perhaps the time has come for security vendors to rethink how they invest their marketing budgets? I discuss in my latest SecurityWeek piece: http://www.securityweek.com/marketing-security-solutions-there-better-way. Hope you find this piece interesting.
Tuesday, August 15, 2017
20 Tactical Questions SMB Security Teams Should Ask Themselves
How can small and medium-sized businesses ensure that they make tactical progress against their strategic plans? While no guidance could ever be fully complete, I examine this topic in my latest DarkReading piece: https://www.darkreading.com/vulnerabilities---threats/20-tactical-questions-smb-security-teams-should-ask-themselves/a/d-id/1329629?. I hope you will find it helpful.
Wednesday, August 9, 2017
Interested in learning how to speak to management about security?
Interested in learning how to speak to management about security? If so, I'd love for you to join me on this upcoming DarkReading webinar with PhishMe: https://webinar.darkreading.com/3379?keycode=sbx&cid=smartbox_techweb_upcoming_webinars_8.500000761. Hope to see you there!
Wednesday, August 2, 2017
Interested in joining the IDRRA Benchmark beta program?
Over the next few weeks, we at IDRRA will expand the IDRRA Benchmark beta program. If you are an enterprise security team (whether small, medium, or large) and are interested in securely benchmarking your security architecture alongside hundreds of other companies, we would love to have you join the beta program!
If interested, please drop me a note (josh@idrra.com), and we'll set up a time to discuss the details. And, of course, feel free to share this post with others who might be interested in joining the beta program as well. Thank you!
If interested, please drop me a note (josh@idrra.com), and we'll set up a time to discuss the details. And, of course, feel free to share this post with others who might be interested in joining the beta program as well. Thank you!
Wednesday, July 26, 2017
What are security buyers looking for?
What, exactly, are security buyers looking for? It's an interesting question, isn't it? At the same time, it may be an extremely difficult question to answer, at least if we don't have the right information available to us. I discuss this topic in my latest SecurityWeek piece: http://www.securityweek.com/what-are-security-buyers-looking. I think you may be a bit surprised by the content of the piece.
Monday, July 24, 2017
20 Questions for Improving SMB Security
It's time to play 20 questions again. In this installment, I take a look at an area that doesn't get nearly enough attention in my opinion. What area could that be? Security in small and medium-sized businesses: https://www.darkreading.com/20-questions-for-improving-smb-security/a/d-id/1329423?. My hope is that the SMB community will find this piece helpful.
Thursday, July 13, 2017
What can the height of a water fountain teach us about security?
At first, the height of a water fountain may not seem the least bit related to the field of information security. But, upon further consideration, I would argue that there is indeed a lesson for us here. Curious about what I am referring to? Have a look at my latest SecurityWeek piece: http://www.securityweek.com/how-tall-water-fountain.
Friday, June 30, 2017
The Case for Crowdsourcing Security Buying Decisions
Has the time come for crowdsourcing security buying decisions? I, for one, think so. Have a look at my latest DarkReading piece and let me know if you agree: http://www.darkreading.com/the-case-for-crowdsourcing-security-buying-decisions/a/d-id/1329257?. I'd love to hear from you either way.
Thursday, June 15, 2017
Why does WannaCry really make me want to cry?
It is an interesting question, but the answer may be different than you were expecting. I discuss in my latest SecurityWeek piece: http://www.securityweek.com/why-wannacry-really-made-me-want-cry. Hope you find the piece insightful.
Thursday, June 1, 2017
We should strive to leave no one behind in security, including SMBs
As security professionals, we should strive to leave no one behind. Unfortunately, for many SMBs, that is not the reality of the situation. Often, SMBs find themselves left behind for a variety of reasons. I discuss the situation and offer some thoughts on ways ahead in my latest DarkReading piece: https://www.darkreading.com/threat-intelligence/smb-security-dont-leave-the-smaller-companies-behind/a/d-id/1328997?.
What can Shakespeare teach us about security market confusion?
I bet you're likely wondering what connection Shakespeare could possible have to security market confusion. It's a fair question, of course. I explore the connection via Romeo and Juliet in my latest SecurityWeek piece: http://www.securityweek.com/what-romeo-and-juliet-can-teach-us-about-security-market-confusion. Hope you enjoy.
Wednesday, May 3, 2017
Seeing Security from the Other Side of the Window
How can we as a security community see ourselves as others see us? What do we look like from the other side of the window? I discuss this very topic in my latest DarkReading piece: http://www.darkreading.com/careers-and-people/seeing-security-from-the-other-side-of-the-window/a/d-id/1328786?.
The Practical Effects of GDPR
The European Union's General Data Protection Regulation (GDPR) goes into effect in May of 2018. The regulation may reach farther and wider than you realize. That being said, what practical impact will this regulation have on security operations and incident response? Although GDPR is a complex regulation, there are some important points that are particularly relevant to security operations and incident response. My latest piece in SecurityWeek discusses: http://www.securityweek.com/practical-effects-gdpr-security-operations-and-incident-response.
Wednesday, April 12, 2017
The Disappearing Line
How does the disappearing line affect you? Wondering what line I am referring to you and why it is disappearing? I discuss in my latest SecurityWeek piece: http://www.securityweek.com/beyond-nation-states-disappearing-line-between-attacker-capabilities. Hope you enjoy.
Monday, March 27, 2017
Data Visualization: Keeping an Eye on Security
Lots of people want to leverage visualization as a component of their security program. But have you ever wondered why so many attempts at visualization struggle to produce results of any value? My latest piece in DarkReading discusses this topic: http://www.darkreading.com/threat-intelligence/data-visualization-keeping-an-eye-on-security/a/d-id/1328493?.
Wednesday, March 22, 2017
Intrusions Without Malware: Don't Forget the Other Sixty Percent
As a security community, we tend to be overly focused on malware. Malware is most certainly something we need to concern ourselves with, but it is not everything. What about the other 60% of intrusions that involve no malware at all? I discuss this topic in my latest SecurityWeek piece: http://www.securityweek.com/intrusions-without-malware-dont-forget-other-sixty-percent. Hope you enjoy.
Wednesday, March 1, 2017
The Importance of Speaking the Same Language in Security
What can a trip to Turkey teach us about communicating information security concepts to a wide variety of audiences? I discuss this topic in my latest SecurityWeek piece: http://www.securityweek.com/importance-speaking-same-language-security. I think you'll enjoy.
Monday, February 27, 2017
20 Questions For Security Operations Platform Providers
It's time to bring mature security operations to the masses. But doing so requires a new way of thinking -- and a new class of solutions. Enter the Security Operations Platform. But with all the noise and hype surrounding this new market, how can the security buyer make an educated and informed decision? By playing 20 questions of course. My latest DarkReading piece discusses: http://www.darkreading.com/operations/20-questions-for-secops-platform-providers/a/d-id/1328272?.
Thursday, February 16, 2017
How do you take mature security operations to the masses?
In my opinion, every organization deserves a mature security operations function, regardless of the organization's size. How can that become a reality? Is that even a realistic expectation? I discuss in my latest SecurityWeek piece: http://www.securityweek.com/taking-mature-security-operations-masses. I hope you will find the piece thought provoking.
Wednesday, January 25, 2017
Hiding in Plain Sight
No one really believes in security by obscurity anymore, do they? Sadly, some people still do, but probably for different reasons than you might expect. I discuss this topic -- with a twist -- in my latest SecurityWeek piece: http://www.securityweek.com/hiding-plain-sight-why-your-organization-cant-rely-security-obscurity. Hope you enjoy.
Friday, January 13, 2017
20 Questions Security Professionals Should Ask Ourselves
This month, like the previous several months, brings with it the latest installment in the 20 questions series. In this installment, I discuss 20 questions we should be asking ourselves. Curious what I mean? Have a look at my latest piece in DarkReading: http://www.darkreading.com/endpoint/crowdsourcing-20-answers-to-security-ops-and-ir-questions/a/d-id/1327865?.
Thursday, January 5, 2017
Good Security is a Marathon, Not a Sprint
If you cut corners in security, you may be able to fool a few people in the near-term. But in the long-term, you won't fool anyone at all. There is elegance in simplicity, but foolishness in over-simplification (and over-complication for that matter). Curious what I mean? Have a look at my latest piece in SecurityWeek: http://www.securityweek.com/good-security-marathon-not-sprint.
Subscribe to:
Posts (Atom)