CSNP: How Working From Home Is Changing The Business Environment
I recently had a wonderful opportunity to sit in on a panel discussing how the pandemic is going to change the way security practitioners think about protecting their organizations.
BeyondTrust: CISO Diaries
I had the honor of participating in the LinkedIn Live event on some of the scarest things I have ever heard from my security team.
CISO 101: How to Walk & Talk Like a CISO
I had an opportunity to reflect on what is takes to be a CISO, how I got here, and where I think the industry is heading.
The Weekly Hotwash: May 29, 2020
The Weekly Hotwash: The demise of SHA-1 is a road sign on the deterioration of security controls and how embedded open-source unknowingly introduces risk.
The Weekly Hotwash: May 22, 2020
The Weekly Hotwash: How a study of pandemic statistical reporting can help you develop better security metrics.
The Weekly Hotwash: May 15, 2020
The Weekly Hotwash: The CISSP vs Masters firestorm and revisiting the secure application development process.
The Weekly Hotwash: May 8, 2020
The Weekly Hotwash: Why the hiring process is more to blame than the lack of InfoSec resources and the new NIST Secure Software Development Standards
CISO position burnout causes high churn rate
A recent interview I did with SearchSecurity/TechTarget. While much was about the benefits and love of the job, the ‘job churn’ and ‘burnout’ discussions are front and center in the industry these days.
A Few Leadership Work-From-Home Tips
A few tried-and-true practices to keep you productive and sane while spending an unexpected few weeks in the home office.
Tech Hiring is Badly Broken
As a hiring manager, how does someone make a person go through three video interviews, do two coding assignments, be so impressed with the coding that they then fly the person up for in-person interviews, and only then decide the coding skills aren’t exactly what they are looking for?!?
My Daily Cybersecurity Reading List
Overwhelmingly, there is one question about cybersecurity I am asked far more than any other. What’s the best solution I’ve used? Nope. What’s my favorite conference to attend? Negative. How …
When Security Metrics Miss The Point
After countless years of presenting to boards, executives, and colleagues, I’ve found that I’ve developed almost a split-personality when I’m asked about what metrics to track.
Free NIST CSF Maturity Tool
In my previous post, ‘My Three Wishes for 2019’, I had wished that we all find a way to give back to the industry, even a little bit. In an …
The Identity Maturity Calculator
The Authentication Maturity Stack
SecurityWeek: Quest for Cybersecurity Metrics Fit for Business
Developing clear, well defined cybersecurity metrics are necessary for the business lines to understand the risk they face. Therefore, it is often a challenge because technical risk doesn’t always relate …
Why Diversity Matters in Leadership
As I write this, it is the celebration of Alan Turing’s 106th birthday (June 23, 1912). As someone who wears their Geek Badge proudly, one has to wonder what the …
Ethisphere/Opus: Risk Management as a Team Sport
Honored to be included in this multi-topic whitepaper on how to manage risk throughout the enterprise by partnering with your business lines. In this special Risk Management report by Ethisphere and …
Radware: Places to find cybersecurity talent
An interview with Radware around identifying cybersecurity talent in unexpected places within your enterprise. Companies are scrambling to fill cybersecurity positions. Some 41 percent of CIOs surveyed by recruiting firm …
SecurityWeek: Fighting CyberSecurity FUD and Hype
An interview with SecurityWeek around how FUD permeates the cybersecurity industry and how security vendors use it to sell unnecessary products. Increasingly, vendors have come under scrutiny with the never …
CSOonline: Should security pros get special H-1B visa consideration?
An interview with CSOonline around the hiring challenges the security industry continues to face. New U.S. Attorney General Jeff Sessions may disagree about whether there is a shortage of skilled …
SC Magazine: Diversity, one key to solving cybersecurity job gap
I recently had the honor of participating in an IBM/International Consortium of Minority Cybersecurity Professionals (ICMCP) event in Manhattan. This is coverage of the panel I was on which discussed …
SC Magazine: Case study on Privileged Access
The MIAX Security team was honored to be a case study on deploying a real-world, fully integrated Privileged Access Management solution. The MIAX Options Exchange needed more than a way to …
Privileged Account Management: A BeyondTrust Case Study
A case study on the enterprise-wide deployment of a fully integrated privileged account management solution, the potential deployment challenges, and the numerous post-deployment security and productivity benefits. Challenge: Provide Regulatory …