Zero Trust Architecture: Implementing Best Practices in the US
Compliance, Due Diligence, & More: Navigating Upcoming TPRM Trends
Millicom Builds Transformational Identity Security Program
The perimeter is dissolving. Employees are using any device from any location for work. With limited visibility from our traditional networking and endpoint security controls, how do we protect our…
Identity Management as a Foundation for Future-Proofing your Security
The perimeter is dissolving. Employees are using any device from any location for work. With limited visibility from our traditional networking and endpoint security controls, how do we protect our…
What if Identity Didn’t Exist?
The concept of Identity is critical to what we do. If it didn't exist, how would it change your approach and how would you answer the question?
Cybersecurity in the age of the pandemic
An interview with The Times (UK) around the need for an effective awareness and training program to manage the rapid growth of the remote workforce.
Companies Battle Another Pandemic: Skyrocketing Hacking Attempts
An interview with the Wall Street Journal around the rapid uptick in enterprise attacks seen amongst the initial weeks of the COVID-19 outbreak.
Companies Rush to Implement Identity Systems for Remote Working
An interview with the Wall Street Journal around the need for an effective identity management solution to manage the rapid growth of the remote workforce.
Identity Attack Vectors, by Haber and Rolls
Honored to have had the privilege to write the forward to the third book of Morey Haber‘s trilogy of enterprise attack vectors. This installment, written with Darran Rolls, discusses the…
3 Fundamental Questions to Ask of Your Identity Program
This is an abbreviated version of my Identity Catechism piece that I wrote in early 2019. This piece focuses on the three key topics to focus on when planning and…
Two-factor Authentication Is Not Dead
I’ve had just about enough of the fear mongering and lazy ‘reporting’ that’s been in the press recently around how two-factor authentication is broken. I’m not sure about you, but…
The Identity Catechism: Questions every CISO should ask of their Identity program
The evolution is underway. Our infrastructures are borderless, our critical data is cloud-based, and our users work from anyplace on the globe – or 36,000 feet above it. Our legacy…
A Contrarian View of the NIST Digital ID Standards
Recently, while attending a conference in DC, I was part of a discussion around the new NIST Digital Identity Guidelines (SP 800-63) and how “…it turned the password world upside…
SC Magazine: Case study on Privileged Access
The MIAX Security team was honored to be a case study on deploying a real-world, fully integrated Privileged Access Management solution. The MIAX Options Exchange needed more than a way…
Privileged Account Management: A BeyondTrust Case Study
A case study on the enterprise-wide deployment of a fully integrated privileged account management solution, the potential deployment challenges, and the numerous post-deployment security and productivity benefits. Challenge: Provide Regulatory…
The Best Security Control You Never Use
Consider for a moment the business lines that drive your company’s revenue. If the president of that business unit had an 85% assurance that a new business venture would be…
The Current State and Future of Biometrics
Recently, I had the opportunity to sit down with Morey Haber, VP of Technology, BeyondTrust to discuss the future of biometrics and the role it played in advanced authentication techniques.…
SecurityCurrent: 10 CISOs Say Passwords are Failing and Must be Augmented or Supplanted
A SecurityCurrent interview around the demise of passwords and a need for a capable password-replacement solution. Ten CISOs from across industries weigh in on the effectiveness of passwords, with most…
Three Things to Consider in 2016
With having a bit of downtime over the holiday season this year, I had an opportunity to catch up on a lot of my fellow security pundits predictions for 2016.…
It’s All About the (Privileged) User
Some time ago, I had a moment of introspection, which oddly, sounded a lot like Redd Foxx, in his best deadpan Fred Sanford delivery…. ‘It’s the privileged user …. Dummy!’…
The Plight of Passwords
Recently, I read an article about how a CISO talked his way out of having an internal auditor write up a finding about weak passwords – which eventually lead to…