Category: Commentary

The SEC has put the executives of SolarWinds, including the CFO and CISO on notice. How will this impact the future of the security industry?

New regulations and business drivers are forcing Private Equity firms to take a closer look at cybersecurity risk pre & post-acquisition.

The term ESG has become a common parlance in the corporate world. How can a CISO leverage ESG to further their program and be better corporate citizens?

Career and education resources for those on active duty or veterans who are looking to move into cybersecurity or S.T.E.M. careers.

Cyber insurance is increasingly difficult to obtain and more expensive than ever. A recent study identified the top 10 controls insurance carriers look for when determining coverage and cost. By…

The interrupt-driven life of a CISO and how stress impacts our thought process and the changes we make to how our minds work.

In order to communicate their message quickly, Vendors need to develop a value statement that appeals to a CISO by quickly articulating how your solution reduces risk, minimizes staffing issues,…

Please note: Version 2.1 of the tool was uploaded to the site on February 28, 2022, due to a formula bug in the privacy worksheet. I am quite thrilled to…

Thoughts on the damage caused by Research Firms to the Information Security field and why the role of the Industry Analyst must change.

The perimeter is dissolving. Employees are using any device from any location for work. With limited visibility from our traditional networking and endpoint security controls, how do we protect our…

A collection of information security metrics and statistic resources to use when discussing the state of information security. Many of the typical suspects are here – DDoS, Ransomware, SPAM, Insider…

The perimeter is dissolving. Employees are using any device from any location for work. With limited visibility from our traditional networking and endpoint security controls, how do we protect our…

The concept of Identity is critical to what we do. If it didn't exist, how would it change your approach and how would you answer the question?

An interview with The Times (UK) around the need for an effective awareness and training program to manage the rapid growth of the remote workforce.

I recently had a wonderful opportunity to sit in on a panel discussing how the pandemic is going to change the way security practitioners think about protecting their organizations.

I had the honor of participating in the LinkedIn Live event on some of the scarest things I have ever heard from my security team.

I had an opportunity to reflect on what is takes to be a CISO, how I got here, and where I think the industry is heading.

With so many people now being asked to work-from-home as part of the evolving COVAD-19 precautions, I figured it was worthwhile to put together a few tried-and-true practices to keep…

Panel discussion on third-party risk. Topics included conducting software composition analysis (SCA), assessing threats and impacts, risk-rating your inventory, and selecting the right controls.

An interview with the Wall Street Journal around the rapid uptick in enterprise attacks seen amongst the initial weeks of the COVID-19 outbreak.

An interview with the Wall Street Journal around the need for an effective identity management solution to manage the rapid growth of the remote workforce.

In holding myself accountable to my own call-to-action, I have dedicated a page to share all of the diversity-centric resources I have collected over the years. From How-To guides to…

An interview I did with Ericka Chickowski of DarkReading on the importance of useability of security products.

The outrage over the George Floyd murder is causing many to push for change. Will you use your outrage to fix the diversity issues you see every day?

Chronicles of a CISO was named 2020 Best New Blog of the Year by the Security Blogger Network