Commentary Archives | Chronicles of a CISO

Free COVID-19 Resources

Mar 18, 2020John MasseriniCommentaryCOVID-19, Information Security

This page will list various personal and family-related ‘remote’ STEM activities to participate in as well as other free offerings to help companies, individuals and families cope with their newfound way of working.

A Few Leadership Work-From-Home Tips

Mar 13, 2020John Masserini2 CommentsCommentaryCritical_Reads, Management

With so many people now being asked to work-from-home as part of the evolving COVAD-19 precautions, I figured it was worthwhile to put together a few tried-and-true practices to keep you productive and sane while spending an unexpected few weeks in the home office.

Tech Hiring is Broken

Feb 28, 2020John MasseriniCommentaryManagement

As a hiring manager, how does someone make a person go through three video interviews, do two coding assignments, be so impressed with the coding that they then fly the person up for in-person interviews, and only then decide the coding skills aren’t exactly what they are looking for?!?

The First Anniversary of Chronicles of a CISO

Feb 4, 2020John Masserini3 CommentsCommentaryInformation Security, Marketing

It’s hard to believe it’s been a year already. Twelve months ago, I took the leap and decided that it was time to start my own blog, and now, here we are celebrating the 1st anniversary. Over 110,000 visits later, I am shocked, honored, and above all, humbled that this little pet project has been…

Identity Attack Vectors, by Haber and Rolls

Dec 23, 2019John Masserini1 CommentCommentary

Honored to have had the privilege to write the forward to the third book of Morey Haber‘s trilogy of enterprise attack vectors. This installment, written with Darran Rolls, discusses the details of identity-based attacks and how to protect against them. I’ve written frequently about the necessity of adequately managing the digital identities of our enterprise…

Few Firms Use Segmentation, Despite Security Benefits

Dec 19, 2019RSS FeedCommentary, RSSInformation Security

The move to a segmented infrastructure is not a revolutionary effort, its an evolutionary one. The slow, steady migration to segmentation is the only realistic path to success. Networking teams should take advantage of the migration to the cloud or other virtual infrastructure to move to a segmented model in a methodological way; new applications…

My Daily Cybersecurity Reading List

Jul 22, 2019John Masserini4 CommentsCommentary

Overwhelmingly, there is one question about cybersecurity I am asked far more than any other. What’s the best solution I’ve used? Nope. What’s my favorite conference to attend? Negative. How did I get started in Information Security? Nahh… Without question, the one thing I am asked most these days is… What do you read every…

When Security Metrics Miss The Point

May 9, 2019John Masserini2 CommentsCommentaryManagement, Metrics

After countless years of presenting to boards, executives, and colleagues, I’ve found that I’ve developed almost a split-personality when I’m asked about what metrics to track.

Two-factor Authentication Is Not Dead

Apr 1, 2019John Masserini3 CommentsCommentary2FA, Authentication, IAM, Identity, MFA

I’ve had just about enough of the fear mongering and lazy ‘reporting’ that’s been in the press recently around how two-factor authentication is broken. I’m not sure about you, but the way the doomsday preachers in mass media have torn apart two-factor authentication lately really has me wondering about the state of journalism anymore. I…

Free NIST CSF Maturity Tool

Jan 28, 2019John Masserini5 CommentsCommentaryManagement, Maturity, NIST

In my previous post, ‘My Three Wishes for 2019’, I had wished that we all find a way to give back to the industry, even a little bit. In an effort to fulfill that desire, I wanted to share a simple, but effective tool I’ve used, in various forms, for many years. The NIST CSF…

John MasseriniFollow

Opinionated security geek trying to make a difference. Dealing with InfoSec since early 90's - way before it was 'cool'

John Masserini @John_Masserini·

Maldoc XLS Invoice with Excel 4 Macros, (Sun, Apr 5th) https://isc.sans.edu/diary/rss/25986?utm_source=twitter&utm_medium=social_Twitter&utm_campaign=Twitter_Posts #coac #informationsecurity #cybersecurity

Reply on Twitter 1247203649438318592 Retweet on Twitter 1247203649438318592 Like on Twitter 1247203649438318592 Twitter 1247203649438318592

John Masserini @John_Masserini·

Amid a Major Skills Shortage, CISOs Are Turning to Security Analytics and Threat Intelligence https://securityboulevard.com/2020/04/amid-a-major-skills-shortage-cisos-are-turning-to-security-analytics-and-threat-intelligence/?utm_source=twitter&utm_medium=social_Twitter&utm_campaign=Twitter_Posts #coac #informationsecurity #cybersecurity

Reply on Twitter 1247188367315554306 Retweet on Twitter 1247188367315554306 Like on Twitter 1247188367315554306 Twitter 1247188367315554306

John Masserini @John_Masserini·

Achieving DevSecOps Requires Cutting Through the Jargon Establishing a culture where security can work easily with developers starts with making sure they can at least speak the same language. https://www.darkreading.com/application-security/achieving-devsecops-requires-cutting-through-the-jargon/a/d-id/1337235?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple&utm_source=twitter&utm_medium=social_Twitter&utm_campaign=Twitter_Posts #coac #informationsecurity #cybersecurity

Reply on Twitter 1247173334460219394 Retweet on Twitter 12471733344602193941 Like on Twitter 12471733344602193941 Twitter 1247173334460219394

John Masserini @John_Masserini·

Introducing Zero-Trust Access https://www.darkreading.com/cloud/introducing-zero-trust-access-/a/d-id/1337362?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple&utm_source=twitter&utm_medium=social_Twitter&utm_campaign=Twitter_Posts #coac #informationsecurity #cybersecurity

Reply on Twitter 1247158647240736768 Retweet on Twitter 12471586472407367681 Like on Twitter 1247158647240736768 Twitter 1247158647240736768

John Masserini @John_Masserini·

Cyber Resilience Benchmarks 2020 https://www.darkreading.com/attacks-breaches/cyber-resilience-benchmarks-2020/a/d-id/1337288?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple&utm_source=twitter&utm_medium=social_Twitter&utm_campaign=Twitter_Posts #coac #informationsecurity #cybersecurity

Reply on Twitter 1247143136578678784 Retweet on Twitter 1247143136578678784 Like on Twitter 1247143136578678784 Twitter 1247143136578678784

John Masserini @John_Masserini·

Results Speak Louder Than Words: A Guide to Evaluating ICS Security Tools https://securityboulevard.com/2020/04/results-speak-louder-than-words-a-guide-to-evaluating-ics-security-tools/?utm_source=twitter&utm_medium=social_Twitter&utm_campaign=Twitter_Posts #coac #informationsecurity #cybersecurity

Reply on Twitter 1247128052745854978 Retweet on Twitter 1247128052745854978 Like on Twitter 1247128052745854978 Twitter 1247128052745854978

John Masserini @John_Masserini·

4 Apr

Obfuscated with a Simple 0x0A, (Fri, Apr 3rd) {JJM}Sometimes, the simplest things work the best. https://isc.sans.edu/diary/rss/25982?utm_source=twitter&utm_medium=social_Twitter&utm_campaign=Twitter_Posts #coac #informationsecurity #cybersecurity

Reply on Twitter 1246474203739586568 Retweet on Twitter 12464742037395865681 Like on Twitter 1246474203739586568 Twitter 1246474203739586568

John Masserini @John_Masserini·

4 Apr

What the NIST Zero Trust Architecture Means for Business Continuity https://securityboulevard.com/2020/04/what-the-nist-zero-trust-architecture-means-for-business-continuity/?utm_source=twitter&utm_medium=social_Twitter&utm_campaign=Twitter_Posts #coac #informationsecurity #cybersecurity

Reply on Twitter 1246459388442939400 Retweet on Twitter 12464593884429394003 Like on Twitter 12464593884429394001 Twitter 1246459388442939400

John Masserini @John_Masserini·

4 Apr

Self-Propagating Malware Targets Thousands of Docker Ports Per Day https://threatpost.com/self-propagating-malware-docker-ports/154453/?utm_source=twitter&utm_medium=social_Twitter&utm_campaign=Twitter_Posts #coac #informationsecurity #cybersecurity

Reply on Twitter 1246444003517661186 Retweet on Twitter 12464440035176611863 Like on Twitter 1246444003517661186 Twitter 1246444003517661186

John Masserini @John_Masserini·

4 Apr

US Government Advises Everyone to Upgrade Google Chrome as Soon as Possible https://hotforsecurity.bitdefender.com/blog/us-government-advises-everyone-to-upgrade-google-chrome-as-soon-as-possible-22826.html?utm_source=twitter&utm_medium=social_Twitter&utm_campaign=Twitter_Posts #coac #informationsecurity #cybersecurity

Reply on Twitter 1246428947946094592 Retweet on Twitter 12464289479460945923 Like on Twitter 1246428947946094592 Twitter 1246428947946094592