Tuesday, December 10, 2024

How Art Appreciation Supplements Cybersecurity Skills

How can art, literature, music, and poetry influence and improve how we approach and solve security problems? I discuss in my latest DarkReading piece: https://www.darkreading.com/cybersecurity-operations/how-art-appreciation-supplements-cybersecurity-skills.

Wednesday, December 4, 2024

Spotting the Charlatans: Red Flags for Enterprise Security Teams

I'm not currently working with any charlatans, but unfortunately, I have in the past. What are some tactics that charlatans employ and how can security teams spot the red flags before too much damage is done? I discuss in my latest SecurityWeek piece: https://www.securityweek.com/spotting-the-charlatans-red-flags-for-enterprise-security-teams/.

Tuesday, November 12, 2024

What Listening to My Father Taught Me About Cybersecurity

What did listening to my father as a teenager teach me about security? It has to do with considering and filtering advice. I discuss in my latest DarkReading piece: https://www.darkreading.com/cybersecurity-operations/what-listening-to-my-father-taught-me-about-cybersecurity.

Monday, November 4, 2024

Wednesday, October 9, 2024

Improving SecOps: How Simplification, Visibility, and Analytics Can Drive Success

Simplifying complexity, enhancing visibility, and empowering analysis can address key challenges in modern cybersecurity operations and investigations. I discuss in my latest SecurityWeek piece: https://www.securityweek.com/improving-secops-how-simplification-visibility-and-analytics-can-drive-success/.

Tuesday, September 10, 2024

10 Writing Tips for Cybersecurity Professionals

People often ask me how cybersecurity professionals can write and publish on a regular basis. I offer 10 tips in my latest DarkReading piece: https://www.darkreading.com/cybersecurity-operations/how-to-get-published-regularly.

Wednesday, August 14, 2024

It's Time to Promote Security Talent From Within

Isn't it time we promote security talent from within? Why don't we? Why should we? I discuss in my latest DarkReading piece: https://www.darkreading.com/cybersecurity-operations/it-s-time-to-promote-security-talent-from-within

Monday, August 5, 2024

Tuesday, July 9, 2024

5 Ways to Run Security as a Meritocracy

Security organizations should be meritocracies. Since actions speak louder than words, in my latest DarkReading piece, I offer five tips for encouraging a security culture based on achievements: https://www.darkreading.com/cybersecurity-operations/5-ways-to-run-security-as-a-meritocracy.

Tuesday, July 2, 2024

From the SOC to Everyday Success: Data-Driven Life Lessons from a Security Analyst

From the SOC to Everyday Success: Data-Driven Life Lessons from a Security Analyst: https://www.securityweek.com/from-the-soc-to-everyday-success-data-driven-life-lessons-from-a-security-analyst/. My latest in SecurityWeek explores what life lessons the security domain may be able to teach us.

Tuesday, June 18, 2024

Some Skills Should Not Be Ceded to AI

I am continually surprised by the number of times people ask me if I use ghostwriters or AI. I don't - I steadfastly refuse. I discuss why in my latest DarkReading piece: https://www.darkreading.com/remote-workforce/some-skills-should-not-be-ceded-to-ai.

Monday, May 20, 2024

10 Ways a Digital Shield Protects Apps and APIs

What are 10 ways a digital shield protects apps and APIs? I discuss how layers of protection can bring defense-in-depth practices to distributed clouds and modern network architectures in my latest DarkReading piece: https://www.darkreading.com/cloud-security/10-ways-a-digital-shield-protects-apps-and-apis-in-a-distributed-cloud-world.

Thursday, May 16, 2024

Legacy of Wisdom: Security Lessons Inspired by My Father

Honoring my father by translating his timeless life lessons into practical wisdom for the cybersecurity profession. My latest SecurityWeek piece is from the heart: https://www.securityweek.com/legacy-of-wisdom-security-lessons-inspired-by-my-father/. Miss you Dad.

Tuesday, April 30, 2024

Navigating Vendor Speak: A Security Practitioner’s Guide to Seeing Through the Jargon

As a security industry, we need to focus our energies on those professionals among us who know how to walk the walk. How can we tell the difference between those who can and those who cannot? I discuss in my latest SecurityWeek piece: https://www.securityweek.com/navigating-vendor-speak-a-security-practitioners-guide-to-seeing-through-the-jargon/.

Wednesday, April 10, 2024

Proper DDoS Protection Requires Both Detective and Preventive Controls

Shouldn't we implement both preventive and detective controls when we tackle DDoS Protection? Why don't we in many cases? I discuss in my latest DarkReading piece: https://www.darkreading.com/cloud-security/proper-ddos-protection-requires-both-detective-and-preventive-controls.

Wednesday, April 3, 2024

Know Your Audience When Speaking to Security Practitioners

Every now and again, I feel that the voice of the security practitioner – those in the trenches day-in and day-out defending their enterprises – needs to be heard. I discuss in my latest SecurityWeek piece: https://www.securityweek.com/know-your-audience-when-speaking-to-security-practitioners/.

Tuesday, March 12, 2024

4 Security Tips From PCI DSS 4.0 Anyone Can Use

PCI 4.0 is here. In my latest DarkReading piece, I discuss four aspects of the standard that security teams may want to be aware of: https://www.darkreading.com/cybersecurity-operations/pci-dss-4-0-is-good-security-guidance-for-everyone.

Wednesday, February 21, 2024

Diversifying Defenses: FjordPhantom Malware Shows Importance of a Multi-Pronged Approach

Security teams need to combine the angles of client-side and server-side detection in order to have the best chance of mitigating the risk of advanced mobile malware. I discuss in my latest SecurityWeek piece: https://www.securityweek.com/diversifying-defenses-fjordphantom-malware-shows-importance-of-a-multi-pronged-approach/.

Tuesday, February 13, 2024

How Changes in State CIO Priorities for 2024 Apply to API Security

What are the 2024 updates to NASCIO's State CIO priorities and what can we learn from them about securing our applications and APIs? I discuss in my latest DarkReading piece: https://www.darkreading.com/application-security/how-changes-in-state-cio-priorities-for-2024-apply-to-api-security.

Wednesday, January 17, 2024

As Enterprise Cloud Grows, So Do Challenges

What can parenting teach us about navigating the challenges of distributed cloud environments? I discuss in my latest DarkReading piece: https://www.darkreading.com/cloud-security/as-enterprise-cloud-grows-so-do-challenges.

Thursday, January 4, 2024

Beyond Protocols: How Team Camaraderie Fortifies Security

The most efficient and effective teams have healthy and constructive cultures that encourage team members to go above and beyond the call of duty. I discuss in my latest SecurityWeek piece: https://www.securityweek.com/beyond-protocols-how-team-camaraderie-fortifies-security/.