Thursday, June 15, 2017

Why does WannaCry really make me want to cry?

It is an interesting question, but the answer may be different than you were expecting.  I discuss in my latest SecurityWeek piece: http://www.securityweek.com/why-wannacry-really-made-me-want-cry.  Hope you find the piece insightful.

Thursday, June 1, 2017

We should strive to leave no one behind in security, including SMBs

As security professionals, we should strive to leave no one behind.  Unfortunately, for many SMBs, that is not the reality of the situation.  Often, SMBs find themselves left behind for a variety of reasons.  I discuss the situation and offer some thoughts on ways ahead in my latest DarkReading piece: https://www.darkreading.com/threat-intelligence/smb-security-dont-leave-the-smaller-companies-behind/a/d-id/1328997?.

What can Shakespeare teach us about security market confusion?

I bet you're likely wondering what connection Shakespeare could possible have to security market confusion.  It's a fair question, of course.  I explore the connection via Romeo and Juliet in my latest SecurityWeek piece: http://www.securityweek.com/what-romeo-and-juliet-can-teach-us-about-security-market-confusion.  Hope you enjoy.

Wednesday, May 3, 2017

Seeing Security from the Other Side of the Window

How can we as a security community see ourselves as others see us?  What do we look like from the other side of the window?  I discuss this very topic in my latest DarkReading piece: http://www.darkreading.com/careers-and-people/seeing-security-from-the-other-side-of-the-window/a/d-id/1328786?.

The Practical Effects of GDPR

The European Union's General Data Protection Regulation (GDPR) goes into effect in May of 2018.  The regulation may reach farther and wider than you realize.  That being said, what practical impact will this regulation have on security operations and incident response?  Although GDPR is a complex regulation, there are some important points that are particularly relevant to security operations and incident response.  My latest piece in SecurityWeek discusses: http://www.securityweek.com/practical-effects-gdpr-security-operations-and-incident-response.

Wednesday, April 12, 2017

The Disappearing Line

How does the disappearing line affect you?  Wondering what line I am referring to you and why it is disappearing?  I discuss in my latest SecurityWeek piece: http://www.securityweek.com/beyond-nation-states-disappearing-line-between-attacker-capabilities.  Hope you enjoy.

Monday, March 27, 2017

Data Visualization: Keeping an Eye on Security

Lots of people want to leverage visualization as a component of their security program.  But have you ever wondered why so many attempts at visualization struggle to produce results of any value?  My latest piece in DarkReading discusses this topic: http://www.darkreading.com/threat-intelligence/data-visualization-keeping-an-eye-on-security/a/d-id/1328493?.

Wednesday, March 22, 2017

Intrusions Without Malware: Don't Forget the Other Sixty Percent

As a security community, we tend to be overly focused on malware.  Malware is most certainly something we need to concern ourselves with, but it is not everything.  What about the other 60% of intrusions that involve no malware at all?  I discuss this topic in my latest SecurityWeek piece: http://www.securityweek.com/intrusions-without-malware-dont-forget-other-sixty-percent.  Hope you enjoy.

Wednesday, March 1, 2017

The Importance of Speaking the Same Language in Security

What can a trip to Turkey teach us about communicating information security concepts to a wide variety of audiences?  I discuss this topic in my latest SecurityWeek piece: http://www.securityweek.com/importance-speaking-same-language-security.  I think you'll enjoy.

Monday, February 27, 2017

20 Questions For Security Operations Platform Providers

It's time to bring mature security operations to the masses.  But doing so requires a new way of thinking -- and a new class of solutions.  Enter the Security Operations Platform.  But with all the noise and hype surrounding this new market, how can the security buyer make an educated and informed decision?  By playing 20 questions of course.  My latest DarkReading piece discusses: http://www.darkreading.com/operations/20-questions-for-secops-platform-providers/a/d-id/1328272?.

Thursday, February 16, 2017

How do you take mature security operations to the masses?

In my opinion, every organization deserves a mature security operations function, regardless of the organization's size.  How can that become a reality?  Is that even a realistic expectation?  I discuss in my latest SecurityWeek piece: http://www.securityweek.com/taking-mature-security-operations-masses.  I hope you will find the piece thought provoking.

Wednesday, January 25, 2017

Hiding in Plain Sight

No one really believes in security by obscurity anymore, do they?  Sadly, some people still do, but probably for different reasons than you might expect.  I discuss this topic -- with a twist -- in my latest SecurityWeek piece: http://www.securityweek.com/hiding-plain-sight-why-your-organization-cant-rely-security-obscurity.  Hope you enjoy.

Friday, January 13, 2017

20 Questions Security Professionals Should Ask Ourselves

This month, like the previous several months, brings with it the latest installment in the 20 questions series.  In this installment, I discuss 20 questions we should be asking ourselves.  Curious what I mean?  Have a look at my latest piece in DarkReading: http://www.darkreading.com/endpoint/crowdsourcing-20-answers-to-security-ops-and-ir-questions/a/d-id/1327865?.

Thursday, January 5, 2017

Good Security is a Marathon, Not a Sprint

If you cut corners in security, you may be able to fool a few people in the near-term.  But in the long-term, you won't fool anyone at all.  There is elegance in simplicity, but foolishness in over-simplification (and over-complication for that matter).  Curious what I mean?  Have a look at my latest piece in SecurityWeek: http://www.securityweek.com/good-security-marathon-not-sprint.