SecurityCurrent: 10 CISOs Say Passwords are Failing and Must be Augmented or Supplanted
A SecurityCurrent interview around the demise of passwords and a need for a capable password-replacement solution. Ten CISOs from across industries weigh in on the effectiveness of passwords, with most…
Alice and Bob’s Entangled Quantum Relationship
Quantum Key Distribution (QKD), Quantum Entanglement (QE), and Quantum Random Number Generators (QRNG) are turning the cryptography world upside down. Indeed, one of the most enjoyable aspects of being in…
Three Things to Consider in 2016
With having a bit of downtime over the holiday season this year, I had an opportunity to catch up on a lot of my fellow security pundits predictions for 2016.…
It’s All About the (Privileged) User
Some time ago, I had a moment of introspection, which oddly, sounded a lot like Redd Foxx, in his best deadpan Fred Sanford delivery…. ‘It’s the privileged user …. Dummy!’…
An Open Letter to Security Vendors – Part III
The Good.. The Bad.. The Tech.. In Part I, we discussed the issues around vendors marketing approach and the failed messaging that’s resulted. In Part II, we reviewed the need…
An Open Letter to Security Vendors – Part II
Partner with me… Don’t F.U.D. me In Part I, I gave you some food for thought about getting your message out there in a clean, crisp, and concise way. In…
An Open Letter to Security Vendors – Part I
It’s all about the message.. So tell me – did you hear the news?? Apparently, the rumors are indeed true.. 2015 is the year of the Security Startup. And in…
Thomson Reuters: Responses To Data Security Threats At Law Firms
Recap of a panel discussion which focused on a few key data security topics and included Mike Marsilio, director of security and compliance, DTI; Mark Connelly, CISO, Thomson Reuters; Steve…
T.E.N./ISE Success Story: John Masserini
A profile piece by the folks at T.E.N./ISE after winning the 2014 North America Information Security Project of the Year. While these days, there are countless organizations who provide networking…
Booth Babes Banned at RSA – A CSO’s View
While I was unable to attend RSA this year, after reading Chenxi Wang’s LinkedIn post on ‘Booth Babes’, I have to say… It’s about damn time. To briefly recount a…
Waters Technology: Rise of the CISO
CISO’s and Security executives from across the industry talk about how their role has grown in prominence in the capital markets industry. They come from different backgrounds: some have experience…
CIO Magazine: We All Work In Information Security Now
To ensure both safety and survival, we all have to recognize our personal responsibility for information security. Admiral Michael Rogers, the director of the National Security Agency, said he expects…
The Plight of Passwords
Recently, I read an article about how a CISO talked his way out of having an internal auditor write up a finding about weak passwords – which eventually lead to…
BCP: The CISOs Secret Weapon
BCP. Three little letters that, unfortunately, strike mind-numbing boredom into most CIOS’s. The truth is, Business Continuity Planning isn’t synonymous with the excitement that is typically found in the Information…
From the War Room to the Boardroom – The true elevation of the CISO
In the aftermath of the Target breach, there has been a lot of press lately on the need for a CISO in the boardroom. The Wall Street Journal, the NY…
FUD 2.0 – Redefining the FUD factor
The time for FUD is over… Long Live FUD… I’ve been known to say that ‘I’ve been in InfoSec since before it was cool’. After twenty years of being on…
InfoSecurity Magazine: Explosion in Advanced Evasion Techniques (AET)
An interview with Info Security magazine around the maturation of advanced evasion techniques and how attackers abilities to evade detection have matured. With the average cost of a data breach…
Technically Philly: Fears challenge ‘bring your own device’ trend
Technically Philly held a panel discussion featuring several prominent local CISO’s to talk about the evolving cybersecurity industry, the challenges we face with bring your own device, and what the…
The CISO Job – Getting and Keeping It
A Politics of Information Security Webcast Earlier this year, a panel of Chief Security Officers from some of the nation’s highest profile companies met to talk about how to get…
POA: Ensuring Privacy through Secure Enclaves
The very first piece I had published was in 2002 for the International Association of Privacy Professionals newsletter, discussing how secure enclaves would be beneficial to the privacy effort. The…