The Reading Room

The Reading Room

Occasionally, I will come across an article or blog that I feel is valuable enough to archive. It may be on a new approach to something, a piece that provides a fundamental understanding of a topic, or just some article that I think is critical reading for some reason or another. The Reading Room will be such a collection of articles.

The Reading Room

The Interrupt-driven Life of a CISO

Jun 16, 2022

After seeing many of you again at RSA last week and recounting how the career change is going, a number of you suggested I write something about it, so here…

Simplify Your Value Statement

Jun 1, 2022

In the Beginning Back in 2015, I had written a three-part article called ‘Open Letters to Security Vendors’ which highlighted several things that I thought were broken in the security…

New Version of the NIST CSF Tool

Feb 18, 2022

NIST CSF Please note: Version 2.1 of the tool was uploaded to the site on February 28, 2022, due to a formula bug in the privacy worksheet. I am quite…

The Problem With The Industry Analyst

Feb 8, 2022

Ed. Note: This piece has been in process for the better part of 2 years. It started following the 2020 RSA conference where several startups I work with were given…

Millicom Builds Transformational Identity Security Program

Aug 3, 2021

Had a great time chatting with Katherine Cola of SailPoint about the importance of a standard identity management program and how beneficial it is for the overall governance program of…

Identity Management as a Foundation for Future-Proofing your Security

May 21, 2021

Many thanks to Matt Alderman, Jeff Man, and Adrian Sanabria of SecurityWeekly for letting me ramble on about Identity Management and how it is truly the foundational element of the…

What if Identity Didn’t Exist?

Jan 26, 2021

A super fun, quick interview with Natalie Reina, who poses one of the most challenging questions I’ve ever been asked… What if Identity Didn’t Exist? We rely on identity for…

Cybersecurity in the age of the pandemic

Nov 23, 2020

A recent interview with The Times (UK) discussing the need for an effective awareness and training program to manage the rapid growth of the remote workforce. Cybersecurity in the age…

CSNP: How Working From Home Is Changing The Business Environment

Nov 6, 2020

I recently had a wonderful opportunity to sit in on a panel discussing how the pandemic is going to change the way security practitioners think about protecting their organizations. Joining…

BeyondTrust: CISO Diaries

Oct 10, 2020

A fun, Halloween-themed LinkedIn Live event with Morey Haber of BeyondTrust discussing the scariest things we’ve experienced in the industry. BeyondTrust: CISO Diaries – The Scariest Thing I Ever Heard…

CISO 101: How to Walk & Talk Like a CISO

Sep 30, 2020

I had an opportunity to sit down with Nicole Thomas of SailPoint and reflect on what is takes to be a CISO, how I got here, and where I think…

Ed Talks: Kicking 3rd-Party Software Risk to the Curb

Sep 1, 2020

A lively, engaging panel discussing third-party risk hosted by Ed Adams of Security Innovation. Topics included conducting software composition analysis (SCA), assessing threats and impacts, risk-rating your inventory, and selecting…

Companies Battle Another Pandemic: Skyrocketing Hacking Attempts

Aug 22, 2020

Another interview I did with James Rundle of the Wall Street Journal for their Cybersecurity Pro newsletter on the skyrocketing hacking attempts seen in the early phases of the COVID-19…

New Resource: Industry Statistics and Metrics

Aug 17, 2020

Whether it is internally to my board, executives, or employees; or externally for industry events or the Chronicles blog, I regularly rely on leveraging the latest industry statistics and metrics…

Companies Rush to Implement Identity Systems for Remote Working

Jul 2, 2020

A recent interview I did with James Rundle of the Wall Street Journal for their Cybersecurity Pro newsletter. Companies Rush to Implement Identity Systems for Remote Working Technology adoptions are…

Diversity Resources to Make a Change

Jun 14, 2020

In response to my post on the death of George Floyd, I have received a lot of feedback on the list of volunteer organizations that are focused on addressing diversity…

Dark Reading Usability Interview

Jun 4, 2020

An interview I did with Ericka Chickowski of DarkReading on the importance of useability of security products. From the article: Solid detection algorithms and whiz-bang defensive technologies are important in…

Let’s Use This Outrage to Make a Change

Jun 3, 2020

I have struggled a lot over the past few days. Like many of you, I have spent the better part of the last week dealing with my own personal anger,…

2020 Best New Blog – Security Bloggers Awards

May 25, 2020

I feel I use the word ‘humbled’ a lot when I talk about this blog, but it is very much how I feel. When I consider all of the security-related…

CISO position burnout causes high churn rate

May 6, 2020

A recent interview I did with SearchSecurity/TechTarget. While much was about the benefits and love of the job, the ‘job churn’ and ‘burnout’ discussions are front and center in the…

Free COVID-19 Resources

Mar 18, 2020

With the mass Work-From-Home push as part of the COVID-19 pandemic, many people and families are struggling with different aspects of working remotely. In this light, I have decided to…

A Few Leadership Work-From-Home Tips

Mar 13, 2020

The vast majority of my career has involved some type of work-from-home aspect. My early career as a consultant had me mainly at customer sites, but also typically a day…

Tech Hiring is Badly Broken

Feb 28, 2020

Rant to follow – be forewarned. While I generally try to separate personal and professional lives here, I had an experience yesterday that has frankly just pissed me off and…

The First Anniversary of Chronicles of a CISO

Feb 4, 2020

Photo by Hal Gatewood on Unsplash It’s hard to believe it’s been a year already. Twelve months ago, I took the leap and decided that it was time to start my own blog,…

Identity Attack Vectors, by Haber and Rolls

Dec 23, 2019

Honored to have had the privilege to write the forward to the third book of Morey Haber’s trilogy of enterprise attack vectors. This installment, written with Darran Rolls, discusses the…