On this episode of Cyber Security Business, we sit down with John Masserini, CISO, Millicom, to discuss identity and access management in the current security environment. Excerpt: Kevin West: Welcome to…
Please note: Version 2.1 of the tool was uploaded to the site on February 28, 2022, due to a formula bug in the privacy worksheet. I am quite thrilled to…
The perimeter is dissolving. Employees are using any device from any location for work. With limited visibility from our traditional networking and endpoint security controls, how do we protect our…
A collection of information security metrics and statistic resources to use when discussing the state of information security. Many of the typical suspects are here – DDoS, Ransomware, SPAM, Insider…
The perimeter is dissolving. Employees are using any device from any location for work. With limited visibility from our traditional networking and endpoint security controls, how do we protect our…
I recently had a wonderful opportunity to sit in on a panel discussing how the pandemic is going to change the way security practitioners think about protecting their organizations.
Panel discussion on third-party risk. Topics included conducting software composition analysis (SCA), assessing threats and impacts, risk-rating your inventory, and selecting the right controls.
An interview with the Wall Street Journal around the need for an effective identity management solution to manage the rapid growth of the remote workforce.
In holding myself accountable to my own call-to-action, I have dedicated a page to share all of the diversity-centric resources I have collected over the years. From How-To guides to…
A recent interview I did with SearchSecurity/TechTarget. While much was about the benefits and love of the job, the 'job churn' and 'burnout' discussions are front and center in the…
This page will list various personal and family-related ‘remote’ STEM activities to participate in as well as other free offerings to help companies, individuals and families cope with their newfound…
As a hiring manager, how does someone make a person go through three video interviews, do two coding assignments, be so impressed with the coding that they then fly the…
Honored to have had the privilege to write the forward to the third book of Morey Haber‘s trilogy of enterprise attack vectors. This installment, written with Darran Rolls, discusses the…
This is an abbreviated version of my Identity Catechism piece that I wrote in early 2019. This piece focuses on the three key topics to focus on when planning and…
KLogix:Cyber Security Business Podcast
On this episode of Cyber Security Business, we sit down with John Masserini, CISO, Millicom, to discuss identity and access management in the current security environment. Excerpt: Kevin West: Welcome to…
New Version of the NIST CSF Tool
Please note: Version 2.1 of the tool was uploaded to the site on February 28, 2022, due to a formula bug in the privacy worksheet. I am quite thrilled to…
The Problem With The Industry Analyst
Thoughts on the damage caused by Research Firms to the Information Security field and why the role of the Industry Analyst must change.
Millicom Builds Transformational Identity Security Program
The perimeter is dissolving. Employees are using any device from any location for work. With limited visibility from our traditional networking and endpoint security controls, how do we protect our…
New Resource: Industry Statistics and Metrics
A collection of information security metrics and statistic resources to use when discussing the state of information security. Many of the typical suspects are here – DDoS, Ransomware, SPAM, Insider…
Identity Management as a Foundation for Future-Proofing your Security
The perimeter is dissolving. Employees are using any device from any location for work. With limited visibility from our traditional networking and endpoint security controls, how do we protect our…
What if Identity Didn’t Exist?
The concept of Identity is critical to what we do. If it didn't exist, how would it change your approach and how would you answer the question?
Cybersecurity in the age of the pandemic
An interview with The Times (UK) around the need for an effective awareness and training program to manage the rapid growth of the remote workforce.
CSNP: How Working From Home Is Changing The Business Environment
I recently had a wonderful opportunity to sit in on a panel discussing how the pandemic is going to change the way security practitioners think about protecting their organizations.
BeyondTrust: CISO Diaries
I had the honor of participating in the LinkedIn Live event on some of the scarest things I have ever heard from my security team.
CISO 101: How to Walk & Talk Like a CISO
I had an opportunity to reflect on what is takes to be a CISO, how I got here, and where I think the industry is heading.
Ed Talks: Kicking 3rd-Party Software Risk to the Curb
Panel discussion on third-party risk. Topics included conducting software composition analysis (SCA), assessing threats and impacts, risk-rating your inventory, and selecting the right controls.
Companies Battle Another Pandemic: Skyrocketing Hacking Attempts
An interview with the Wall Street Journal around the rapid uptick in enterprise attacks seen amongst the initial weeks of the COVID-19 outbreak.
Companies Rush to Implement Identity Systems for Remote Working
An interview with the Wall Street Journal around the need for an effective identity management solution to manage the rapid growth of the remote workforce.
Diversity Resources to Make a Change
In holding myself accountable to my own call-to-action, I have dedicated a page to share all of the diversity-centric resources I have collected over the years. From How-To guides to…
Dark Reading Usability Interview
An interview I did with Ericka Chickowski of DarkReading on the importance of useability of security products.
Let’s Use This Outrage to Make a Change
The outrage over the George Floyd murder is causing many to push for change. Will you use your outrage to fix the diversity issues you see every day?
2020 Best New Blog – Security Bloggers Awards
Chronicles of a CISO was named 2020 Best New Blog of the Year by the Security Blogger Network
CISO position burnout causes high churn rate
A recent interview I did with SearchSecurity/TechTarget. While much was about the benefits and love of the job, the 'job churn' and 'burnout' discussions are front and center in the…
Free COVID-19 Resources
This page will list various personal and family-related ‘remote’ STEM activities to participate in as well as other free offerings to help companies, individuals and families cope with their newfound…
A Few Leadership Work-From-Home Tips
A few tried-and-true practices to keep you productive and sane while spending an unexpected few weeks in the home office.
Tech Hiring is Badly Broken
As a hiring manager, how does someone make a person go through three video interviews, do two coding assignments, be so impressed with the coding that they then fly the…
The First Anniversary of Chronicles of a CISO
It’s hard to believe it’s been a year already. Twelve months ago, I took the leap and decided that it was time to start my own blog, and now, here…
Identity Attack Vectors, by Haber and Rolls
Honored to have had the privilege to write the forward to the third book of Morey Haber‘s trilogy of enterprise attack vectors. This installment, written with Darran Rolls, discusses the…
3 Fundamental Questions to Ask of Your Identity Program
This is an abbreviated version of my Identity Catechism piece that I wrote in early 2019. This piece focuses on the three key topics to focus on when planning and…