Tuesday, December 19, 2023

API Security: The Big Picture

API security is all the rage these days. Hype won't solve operational security problems though. In my latest DarkReading piece, I discuss 10 important points to consider when evaluating API security solutions: https://www.darkreading.com/application-security/api-security-the-big-picture.

Monday, December 18, 2023

Beyond the Noise: Appreciating the Quiet Work of Effective Doers

More often than not, we are grateful for and celebrate the wrong people. It is incumbent on all of us to take the time to appreciate and acknowledge the doers in our lives. I discuss in my latest SecurityWeek piece: https://www.securityweek.com/beyond-the-noise-appreciating-the-quiet-work-of-effective-doers/.

Wednesday, November 22, 2023

Humans Are Notoriously Bad at Assessing Risk

As humans, we are notoriously bad at assessing risk. Even so, all is not lost. I discuss some techniques for more objectively assessing risk in my latest SecurityWeek piece: https://www.securityweek.com/humans-are-notoriously-bad-at-assessing-risk/.

Tuesday, November 14, 2023

A Closer Look at State and Local Government Cybersecurity Priorities

Let's dig a bit deeper into a few of the NASCIO top 10 and take a closer look at state and local government cybersecurity priorities. I discuss in my latest DarkReading piece: https://www.darkreading.com/edge/a-closer-look-at-state-and-local-government-cybersecurity-priorities.

Tuesday, October 24, 2023

How State and Local Governments Can Serve Citizens More Securely

How can the NASCIO top 10 guide state and local governments to serve citizens more securely? I discuss in my latest DarkReading piece: https://www.darkreading.com/edge/how-state-and-local-governments-can-serve-citizens-more-securely.

Thursday, October 12, 2023

Applying AI to API Security

Beyond the hype, what are some security problems that AI can help solve? I would argue that API security is one of them. I discuss in my latest SecurityWeek piece: https://www.securityweek.com/applying-ai-to-api-security/.

Wednesday, September 20, 2023

Staying on Topic in an Off Topic World

How can we stay on topic in an off topic world? I believe this to be an important skill for security professionals. I discuss in my latest SecurityWeek piece: https://www.securityweek.com/staying-on-topic-in-an-off-topic-world/

Tuesday, September 12, 2023

Being Flexible Can Improve Your Security Posture

Be flexible. Changing your approach when necessary pays dividends, especially in these six areas. I discuss in my latest DarkReading piece: https://www.darkreading.com/edge-articles/being-flexible-can-improve-your-security-posture.

Monday, August 14, 2023

7 Reasons People Don't Understand What You Tell Them

Have you ever noticed that what we write, say, or do and what another person reads, hears, or perceives can be vastly different? I discuss this and offer some tips to improve communication in my latest DarkReading piece: https://www.darkreading.com/edge/7-reasons-people-don-t-understand-what-you-tell-them.

Managing and Securing Distributed Cloud Environments

The complexity and challenge of distributed cloud environments often necessitate managing multiple, redundant stacks, policies, and controls. There is a better way. I discuss in my latest SecurityWeek piece: https://www.securityweek.com/managing-and-securing-distributed-cloud-environments/.

Thursday, July 20, 2023

10 Steps to Help Secure Your APIs

API security is a hot topic these days. Beyond the hype, what are 10 steps enterprises can take to help secure their applications and APIs? I discuss in my latest SecurityWeek piece: https://www.securityweek.com/10-steps-to-help-secure-your-apis/.

Tuesday, July 11, 2023

10 Features an API Security Service Needs to Offer

What are 10 important features to consider when selecting an API Security partner? I discuss in my latest DarkReading piece: https://www.darkreading.com/edge/10-features-an-api-security-service-needs-to-offer

Friday, June 9, 2023

Stay Focused on What’s Important

How important is staying focused in security? Very important. I discuss the "Why", the "What", and the "When" in my latest SecurityWeek piece: https://www.securityweek.com/stay-focused-on-whats-important/.

Wednesday, May 10, 2023

Monday, April 24, 2023

External Signs of Narcissism – Raising Awareness to Avoid Collateral Damage

Narcissism can be a big problem for security and fraud teams. Raising awareness around the signs of narcissism is the first step to combatting it. I discuss this important topic in my latest SecurityWeek piece: https://www.securityweek.com/external-signs-of-narcissism-raising-awareness-to-avoid-collateral-damage/.

Tuesday, April 11, 2023

How and Why to Put Multicloud to Work

What are the challenges and opportunities that hybrid and multicloud environments present? I discuss in my latest DarkReading piece - my 100th - a personal milestone: https://www.darkreading.com/edge-articles/how-and-why-to-put-multicloud-to-work

Wednesday, March 29, 2023

What Makes an Effective Anti-Bot Solution?

What makes for an effective anti-bot solution? In my latest SecurityWeek piece, I discuss several interesting points for buyers to consider: https://www.securityweek.com/what-makes-an-effective-anti-bot-solution/

Wednesday, February 8, 2023

Application Security Protection for the Masses

While there are many routes to application security, bundles that allow security teams to quickly and easily secure applications and affect security posture in a self-service manner are becoming increasingly popular. I discuss in my latest SecurityWeek piece: https://www.securityweek.com/application-security-protection-for-the-masses/.

Tuesday, February 7, 2023

5 Ways to Survive Scam Season — or Rather, Tax Season

What are some ways in which we can protect our enterprises and our end-users from scams? Hint: user education is not enough. I discuss in my latest DarkReading piece: https://www.darkreading.com/edge-articles/5-ways-to-survive-scam-season-or-rather-tax-season.

Tuesday, January 10, 2023

7 Use Cases for Distributed Cloud Environments

As infrastructure has grown more complex, the need to effectively manage it has grown, too – particularly for applications and APIs. I discuss in my latest DarkReading piece: https://www.darkreading.com/edge-articles/7-use-cases-for-distributed-cloud-environments.

Secrets to a Good Security Webinar or Conference Presentation

Tips for making a presentation that will help improve the state of security programs and reflect favorably on the presenters and their companies: https://www.securityweek.com/secrets-good-security-webinar-or-conference-presentation.