Monday, October 16, 2017

20 Questions to Ask Yourself before Giving a Security Conference Talk

Ever sit through a security conference talk that made you shake your head?  Ever wish the speaker had taken the time to verify that the talk would hit the mark?  Whether or not you have, I'm guessing you might get a kick out of my latest DarkReading piece:  Hope you enjoy.

Monday, October 9, 2017

Isn't it time to democratize security?

A seat at the security table should not be for only the elite and largest of businesses or security vendors.  Small and medium-sized businesses need a seat at the table as well.  The time has come to democratize security.  I discuss in my latest SecurityWeek piece:

Wednesday, September 13, 2017

20 Questions to Help Achieve Security Program Goals

How can you keep your security goals from drifting off into the sunset?  I discuss in my latest DarkReading piece:  Hope you enjoy and find the piece helpful.

The Importance of Benchmarking in Your Security Program

My latest SecurityWeek piece discusses the importance of benchmarking:  But don't just take my word for it.  Try it yourself for free here:

Tuesday, August 29, 2017

IDRRA Benchmark - free and available to all!

In just a short period of time, the closed beta of IDRRA Benchmark has proven to be a resounding success.  We at IDRRA have decided to offer IDRRA Benchmark to everyone.  Join thousands of others and securely benchmark your security architecture for free:  We have lots of great things planned, so be sure to return and visit us often!

Wednesday, August 23, 2017

Marketing Security Solutions: Is There a Better Way?

Security marketing seems to be stuck in a bit of a “spray and pray” rut.  Perhaps the time has come for security vendors to rethink how they invest their marketing budgets?  I discuss in my latest SecurityWeek piece:  Hope you find this piece interesting.

Tuesday, August 15, 2017

20 Tactical Questions SMB Security Teams Should Ask Themselves

How can small and medium-sized businesses ensure that they make tactical progress against their strategic plans?  While no guidance could ever be fully complete, I examine this topic in my latest DarkReading piece:  I hope you will find it helpful.

Wednesday, August 9, 2017

Interested in learning how to speak to management about security?

Interested in learning how to speak to management about security?  If so, I'd love for you to join me on this upcoming DarkReading webinar with PhishMe:  Hope to see you there!

Wednesday, August 2, 2017

Interested in joining the IDRRA Benchmark beta program?

Over the next few weeks, we at IDRRA will expand the IDRRA Benchmark beta program.  If you are an enterprise security team (whether small, medium, or large) and are interested in securely benchmarking your security architecture alongside hundreds of other companies, we would love to have you join the beta program!

If interested, please drop me a note (, and we'll set up a time to discuss the details.  And, of course, feel free to share this post with others who might be interested in joining the beta program as well.  Thank you!

Wednesday, July 26, 2017

What are security buyers looking for?

What, exactly, are security buyers looking for?  It's an interesting question, isn't it?  At the same time, it may be an extremely difficult question to answer, at least if we don't have the right information available to us.  I discuss this topic in my latest SecurityWeek piece:  I think you may be a bit surprised by the content of the piece.

Monday, July 24, 2017

20 Questions for Improving SMB Security

It's time to play 20 questions again.  In this installment, I take a look at an area that doesn't get nearly enough attention in my opinion.  What area could that be?  Security in small and medium-sized businesses:  My hope is that the SMB community will find this piece helpful.

Thursday, July 13, 2017

What can the height of a water fountain teach us about security?

At first, the height of a water fountain may not seem the least bit related to the field of information security.  But, upon further consideration, I would argue that there is indeed a lesson for us here.  Curious about what I am referring to?  Have a look at my latest SecurityWeek piece:

Friday, June 30, 2017

The Case for Crowdsourcing Security Buying Decisions

Has the time come for crowdsourcing security buying decisions?  I, for one, think so.  Have a look at my latest DarkReading piece and let me know if you agree:  I'd love to hear from you either way.

Thursday, June 15, 2017

Why does WannaCry really make me want to cry?

It is an interesting question, but the answer may be different than you were expecting.  I discuss in my latest SecurityWeek piece:  Hope you find the piece insightful.

Thursday, June 1, 2017

We should strive to leave no one behind in security, including SMBs

As security professionals, we should strive to leave no one behind.  Unfortunately, for many SMBs, that is not the reality of the situation.  Often, SMBs find themselves left behind for a variety of reasons.  I discuss the situation and offer some thoughts on ways ahead in my latest DarkReading piece:

What can Shakespeare teach us about security market confusion?

I bet you're likely wondering what connection Shakespeare could possible have to security market confusion.  It's a fair question, of course.  I explore the connection via Romeo and Juliet in my latest SecurityWeek piece:  Hope you enjoy.

Wednesday, May 3, 2017

Seeing Security from the Other Side of the Window

How can we as a security community see ourselves as others see us?  What do we look like from the other side of the window?  I discuss this very topic in my latest DarkReading piece:

The Practical Effects of GDPR

The European Union's General Data Protection Regulation (GDPR) goes into effect in May of 2018.  The regulation may reach farther and wider than you realize.  That being said, what practical impact will this regulation have on security operations and incident response?  Although GDPR is a complex regulation, there are some important points that are particularly relevant to security operations and incident response.  My latest piece in SecurityWeek discusses:

Wednesday, April 12, 2017

The Disappearing Line

How does the disappearing line affect you?  Wondering what line I am referring to you and why it is disappearing?  I discuss in my latest SecurityWeek piece:  Hope you enjoy.

Monday, March 27, 2017

Data Visualization: Keeping an Eye on Security

Lots of people want to leverage visualization as a component of their security program.  But have you ever wondered why so many attempts at visualization struggle to produce results of any value?  My latest piece in DarkReading discusses this topic:

Wednesday, March 22, 2017

Intrusions Without Malware: Don't Forget the Other Sixty Percent

As a security community, we tend to be overly focused on malware.  Malware is most certainly something we need to concern ourselves with, but it is not everything.  What about the other 60% of intrusions that involve no malware at all?  I discuss this topic in my latest SecurityWeek piece:  Hope you enjoy.

Wednesday, March 1, 2017

The Importance of Speaking the Same Language in Security

What can a trip to Turkey teach us about communicating information security concepts to a wide variety of audiences?  I discuss this topic in my latest SecurityWeek piece:  I think you'll enjoy.

Monday, February 27, 2017

20 Questions For Security Operations Platform Providers

It's time to bring mature security operations to the masses.  But doing so requires a new way of thinking -- and a new class of solutions.  Enter the Security Operations Platform.  But with all the noise and hype surrounding this new market, how can the security buyer make an educated and informed decision?  By playing 20 questions of course.  My latest DarkReading piece discusses:

Thursday, February 16, 2017

How do you take mature security operations to the masses?

In my opinion, every organization deserves a mature security operations function, regardless of the organization's size.  How can that become a reality?  Is that even a realistic expectation?  I discuss in my latest SecurityWeek piece:  I hope you will find the piece thought provoking.

Wednesday, January 25, 2017

Hiding in Plain Sight

No one really believes in security by obscurity anymore, do they?  Sadly, some people still do, but probably for different reasons than you might expect.  I discuss this topic -- with a twist -- in my latest SecurityWeek piece:  Hope you enjoy.

Friday, January 13, 2017

20 Questions Security Professionals Should Ask Ourselves

This month, like the previous several months, brings with it the latest installment in the 20 questions series.  In this installment, I discuss 20 questions we should be asking ourselves.  Curious what I mean?  Have a look at my latest piece in DarkReading:

Thursday, January 5, 2017

Good Security is a Marathon, Not a Sprint

If you cut corners in security, you may be able to fool a few people in the near-term.  But in the long-term, you won't fool anyone at all.  There is elegance in simplicity, but foolishness in over-simplification (and over-complication for that matter).  Curious what I mean?  Have a look at my latest piece in SecurityWeek: