After countless years of presenting to boards, executives, and colleagues, I’ve found that I’ve developed almost a split-personality when I’m asked about what metrics to track.
This is an interview with George Hulme is an internationally recognized writer who has been covering the technology and information security space for more than 20 years, with pieces appearing…
I’ve had just about enough of the fear mongering and lazy ‘reporting’ that’s been in the press recently around how two-factor authentication is broken. I’m not sure about you, but…
For a number of years, I’ve had the honor of participating on the T.E.N. ISE® Sales and Marketing Breakfast panel at RSA. This year’s panel included some of my most…
A Q&A with John Masserini, CISO at Millicom Telecommunications This Merritt Group blog is part of an ongoing Q&A series with CISOs on preferred marketing and sales techniques, leading up…
In 1998, the US passed The Digital Millennium Copyright Act (DMCA) in an effort to enact several of the requirements of World Intellectual Property Organization (WIPO). DMCA makes it a…
The evolution is underway. Our infrastructures are borderless, our critical data is cloud-based, and our users work from anyplace on the globe – or 36,000 feet above it. Our legacy…
Developing clear, well defined cybersecurity metrics are necessary for the business lines to understand the risk they face. Therefore, it is often a challenge because technical risk doesn’t always relate…
Recently, while attending a conference in DC, I was part of a discussion around the new NIST Digital Identity Guidelines (SP 800-63) and how “…it turned the password world upside…
I’m posting this for two reasons. First, it’s a great read for security vendor’s salespeople. You need to memorize these rules. Secondly, and I have to be honest, I’m pretty…
As I write this, it is the celebration of Alan Turing’s 106th birthday (June 23, 1912). As someone who wears their Geek Badge proudly, one has to wonder what the…
Truly honored to be a featured CISO in the Klogix Profiles in Confidence magazine. Feats of Strength is a business-focused information security magazine created by K logix. They provide a platform for a diverse…
Honored to be included in this multi-topic whitepaper on how to manage risk throughout the enterprise by partnering with your business lines. In this special Risk Management report by Ethisphere and…
An interview with Radware around identifying cybersecurity talent in unexpected places within your enterprise. Companies are scrambling to fill cybersecurity positions. Some 41 percent of CIOs surveyed by recruiting firm…
An interview with SecurityWeek around how FUD permeates the cybersecurity industry and how security vendors use it to sell unnecessary products. Increasingly, vendors have come under scrutiny with the never…
TechTarget interview around aligning Crisis Management and Business Continuity with the control structures of the organization. All CISOs have responsibilities and pressures that make the job fun, interesting and sometimes…
An interview with CSOonline around the hiring challenges the security industry continues to face. New U.S. Attorney General Jeff Sessions may disagree about whether there is a shortage of skilled…
The report includes an overview of the technology, staffing implications, recommendations for selling User Behavior Analytics (UBA) to the C-Suite and possible objections. It also features a market assessment based…
I recently had the honor of participating in an IBM/International Consortium of Minority Cybersecurity Professionals (ICMCP) event in Manhattan. This is coverage of the panel I was on which discussed…
The Internet of Things is here.. By now, you’re probably well aware of the fate recently befallen on the Brian Krebs site KrebsOnSecurity.com. A Distributed Denial of Service (DDoS) attack…
In this conversation, MIAX Options CSO John Masserini discusses the threat detection and response space with AlienVault President and CEO Barmak Meftah. An early adopter of threat intelligence, Masserini notes…
Interview in SecurityWeek around the pros/cons of legacy antivirus endpoint and next-gen antivirus endpoint solutions. There is bad feeling between what can be described as traditional antivirus (Trad AV) and…
When Security Metrics Miss The Point
After countless years of presenting to boards, executives, and colleagues, I’ve found that I’ve developed almost a split-personality when I’m asked about what metrics to track.
Q&A with John Masserini, Global CISO at Millicom
This is an interview with George Hulme is an internationally recognized writer who has been covering the technology and information security space for more than 20 years, with pieces appearing…
Two-factor Authentication Is Not Dead
I’ve had just about enough of the fear mongering and lazy ‘reporting’ that’s been in the press recently around how two-factor authentication is broken. I’m not sure about you, but…
RSA Sales & Marketing Panel on Relationships
For a number of years, I’ve had the honor of participating on the T.E.N. ISE® Sales and Marketing Breakfast panel at RSA. This year’s panel included some of my most…
How to Personalize Your Product Pitch for CISOs
A Q&A with John Masserini, CISO at Millicom Telecommunications This Merritt Group blog is part of an ongoing Q&A series with CISOs on preferred marketing and sales techniques, leading up…
Free NIST CSF Maturity Tool
In my previous post, ‘My Three Wishes for 2019’, I had wished that we all find a way to give back to the industry, even a little bit. In an…
My Three Wishes for 2019
It’s the end of the year and like all of you, my news feed has been filled with ‘Predictions for 2019’ to such a point that I basically ignore them.…
The Identity Maturity Calculator
The Authentication Maturity Stack
Fahrenheit 451 – Security Research Edition
In 1998, the US passed The Digital Millennium Copyright Act (DMCA) in an effort to enact several of the requirements of World Intellectual Property Organization (WIPO). DMCA makes it a…
The Identity Catechism: Questions every CISO should ask of their Identity program
The evolution is underway. Our infrastructures are borderless, our critical data is cloud-based, and our users work from anyplace on the globe – or 36,000 feet above it. Our legacy…
SecurityWeek: Quest for Cybersecurity Metrics Fit for Business
Developing clear, well defined cybersecurity metrics are necessary for the business lines to understand the risk they face. Therefore, it is often a challenge because technical risk doesn’t always relate…
A Contrarian View of the NIST Digital ID Standards
Recently, while attending a conference in DC, I was part of a discussion around the new NIST Digital Identity Guidelines (SP 800-63) and how “…it turned the password world upside…
Whitehawk: 10 Rules for Cybersecurity Salespeople
I’m posting this for two reasons. First, it’s a great read for security vendor’s salespeople. You need to memorize these rules. Secondly, and I have to be honest, I’m pretty…
Why Diversity Matters in Leadership
As I write this, it is the celebration of Alan Turing’s 106th birthday (June 23, 1912). As someone who wears their Geek Badge proudly, one has to wonder what the…
Klogix: Profiles in Confidence – John Masserini
Truly honored to be a featured CISO in the Klogix Profiles in Confidence magazine. Feats of Strength is a business-focused information security magazine created by K logix. They provide a platform for a diverse…
Ethisphere/Opus: Risk Management as a Team Sport
Honored to be included in this multi-topic whitepaper on how to manage risk throughout the enterprise by partnering with your business lines. In this special Risk Management report by Ethisphere and…
Radware: Places to find cybersecurity talent
An interview with Radware around identifying cybersecurity talent in unexpected places within your enterprise. Companies are scrambling to fill cybersecurity positions. Some 41 percent of CIOs surveyed by recruiting firm…
SecurityWeek: Fighting CyberSecurity FUD and Hype
An interview with SecurityWeek around how FUD permeates the cybersecurity industry and how security vendors use it to sell unnecessary products. Increasingly, vendors have come under scrutiny with the never…
TechTarget: Security’s role in business continuity
TechTarget interview around aligning Crisis Management and Business Continuity with the control structures of the organization. All CISOs have responsibilities and pressures that make the job fun, interesting and sometimes…
CSOonline: Should security pros get special H-1B visa consideration?
An interview with CSOonline around the hiring challenges the security industry continues to face. New U.S. Attorney General Jeff Sessions may disagree about whether there is a shortage of skilled…
SecurityCurrent: CISOs Investigate: User Behavior Analytics
The report includes an overview of the technology, staffing implications, recommendations for selling User Behavior Analytics (UBA) to the C-Suite and possible objections. It also features a market assessment based…
SC Magazine: Diversity, one key to solving cybersecurity job gap
I recently had the honor of participating in an IBM/International Consortium of Minority Cybersecurity Professionals (ICMCP) event in Manhattan. This is coverage of the panel I was on which discussed…
The Army of Things in an IoT World
The Internet of Things is here.. By now, you’re probably well aware of the fate recently befallen on the Brian Krebs site KrebsOnSecurity.com. A Distributed Denial of Service (DDoS) attack…
SecurityCurrent: Podcast with Barmak Meftah, President and CEO AlienVault, About Threat Detection and Response
In this conversation, MIAX Options CSO John Masserini discusses the threat detection and response space with AlienVault President and CEO Barmak Meftah. An early adopter of threat intelligence, Masserini notes…
SecurityWeek: Inside The Competitive Testing Battlefield of Endpoint Security
Interview in SecurityWeek around the pros/cons of legacy antivirus endpoint and next-gen antivirus endpoint solutions. There is bad feeling between what can be described as traditional antivirus (Trad AV) and…