Rethinking what security controls you MUST address
In 2008 I wrote a book, partially on the premise of cross mapping regulations together in a manner to build a common control framework for enterprises. The genius here was to address all requirements...
View ArticleIs your security compliance program sustainable?
As greater number of enterprises transform their products and services into a manner that allows delivery to clients directly, the increased dependency creates obligations to both parties. Specifically...
View ArticleMy RSA 2013 Conference Session details
I am looking forward to seeing the world in San Francisco for the RSA Conference this year! It is always such a rich experience speaking with everyone throughout the week. I have the privilege of...
View ArticleMy RSA Conference Notes and perspective – Tuesday AM 2013
Today kicked off, for me, the RSA conference. The best part of these types of events is the onslaught of ideas shared between peers – generally through networking and random encounters in hallways...
View ArticleTactical Issue: How to handle Executive Assistants and #infosec
Problem Statement: How have you seen companies handle executive assistant's access to C-level and VP accounts? Our executives heavily rely on their admins but don't realize the risk when we go to...
View ArticleHow to determine how much money to spend on security…
A question that many organizations struggle with is how much is the appropriate money to spend annually per user, per year on information security. While balancing security, privacy, usability,...
View ArticleBig Data is in early maturity stages, and could learn greatly from Infosec...
The concept of analysing large data sets, crossing data sets, and seeking the emergence of new insights and better clarity is a constant pursuit of Big Data. Given the volumn of data being produced by...
View ArticleChange all your passwords, now.. it is that simple
There is a lot of reason to change passwords and in most business settings passwords are requested to be changed every 90 days. This is usually for the end users and rarely for the system to system...
View ArticleReview – Fmr. CIA Dir. Jim Woolsey warns of existential EMP threat to America
I have been studying First World worst case scenarios where Cyber and life intertwine, and was recommended to review this session. It is a panel discussion that included former CIA Director on the...
View ArticleAmateurs Study Strategy; Experts Study Logistics – Battlefield Leadership series
In the business world, the military analogy “Amateurs strategy; experts study logistics” emphasizes the importance beyond the initial success of a surge effort. Specifically, in relation to D-Day, the...
View ArticleThe “appearance of trustability” on foo.Github.io
Github is an awesome repository system that is very popular. Basically if you want to work on something (code, a book, electronic files) and then allow others to freely make suggested modifications...
View ArticleMethodology for the identification of critical connected infrastructure and...
ENISA released a study with a methodology identifying critical infrastructure in communication networks. While this is important and valuable as a topic, I dove into this study for a particularly...
View ArticleMapping the Startup Maturity Framework to flexible information security...
After over a decade of working with startups, private equity, and over the last 5 years of deep big 4 client services acting in different executive roles (CISO, CIO Advisor, Board of Directors support)...
View ArticleFedRamp on the Cloud: AWS Architecture and Security Recommendations
In December Amazon released a nice guide with architecture layouts + tips across the NIST 800-53 standard. This is an important tool for ANY business looking to accelerate their operations into a...
View ArticleRussians used non-public exploits to hack governments; Debunking: skill vs....
Organizations being hacked is not always the result of superior adversary, but more often than not (I think the figure is closer to 85% defender mistakes vs. 15% “very skilled) the result of poor...
View ArticleHacking Drones Close to Being Drawn up by Boeing and Hacking Team
A high schooler could have done this, but these 2 didn’t get it done because of a NDA!? Sad and shows sometimes progress can be derailed by the smallest of things. Passion is finicky and when pursuing...
View Article
More Pages to Explore .....