The Reading Room
Occasionally, I will come across an article or blog that I feel is valuable enough to archive. It may be on a new approach to something, a piece that provides a fundamental understanding of a topic, or just some article that I think is critical reading for some reason or another. The Reading Room will be such a collection of articles.
The Reading Room
The Interrupt-driven Life of a CISO
After seeing many of you again at RSA last week and recounting how the career change is going, a number of you suggested I write something about it, so here…
Simplify Your Value Statement
In the Beginning Back in 2015, I had written a three-part article called ‘Open Letters to Security Vendors’ which highlighted several things that I thought were broken in the security…
New Version of the NIST CSF Tool
NIST CSF Please note: Version 2.1 of the tool was uploaded to the site on February 28, 2022, due to a formula bug in the privacy worksheet. I am quite…
The Problem With The Industry Analyst
Ed. Note: This piece has been in process for the better part of 2 years. It started following the 2020 RSA conference where several startups I work with were given…
Millicom Builds Transformational Identity Security Program
Had a great time chatting with Katherine Cola of SailPoint about the importance of a standard identity management program and how beneficial it is for the overall governance program of…
Identity Management as a Foundation for Future-Proofing your Security
Many thanks to Matt Alderman, Jeff Man, and Adrian Sanabria of SecurityWeekly for letting me ramble on about Identity Management and how it is truly the foundational element of the…
What if Identity Didn’t Exist?
A super fun, quick interview with Natalie Reina, who poses one of the most challenging questions I’ve ever been asked… What if Identity Didn’t Exist? We rely on identity for…
Cybersecurity in the age of the pandemic
A recent interview with The Times (UK) discussing the need for an effective awareness and training program to manage the rapid growth of the remote workforce. Cybersecurity in the age…
CSNP: How Working From Home Is Changing The Business Environment
I recently had a wonderful opportunity to sit in on a panel discussing how the pandemic is going to change the way security practitioners think about protecting their organizations. Joining…
BeyondTrust: CISO Diaries
A fun, Halloween-themed LinkedIn Live event with Morey Haber of BeyondTrust discussing the scariest things we’ve experienced in the industry. BeyondTrust: CISO Diaries – The Scariest Thing I Ever Heard…
CISO 101: How to Walk & Talk Like a CISO
I had an opportunity to sit down with Nicole Thomas of SailPoint and reflect on what is takes to be a CISO, how I got here, and where I think…
Ed Talks: Kicking 3rd-Party Software Risk to the Curb
A lively, engaging panel discussing third-party risk hosted by Ed Adams of Security Innovation. Topics included conducting software composition analysis (SCA), assessing threats and impacts, risk-rating your inventory, and selecting…
Companies Battle Another Pandemic: Skyrocketing Hacking Attempts
Another interview I did with James Rundle of the Wall Street Journal for their Cybersecurity Pro newsletter on the skyrocketing hacking attempts seen in the early phases of the COVID-19…
New Resource: Industry Statistics and Metrics
Whether it is internally to my board, executives, or employees; or externally for industry events or the Chronicles blog, I regularly rely on leveraging the latest industry statistics and metrics…
Companies Rush to Implement Identity Systems for Remote Working
A recent interview I did with James Rundle of the Wall Street Journal for their Cybersecurity Pro newsletter. Companies Rush to Implement Identity Systems for Remote Working Technology adoptions are…
Diversity Resources to Make a Change
In response to my post on the death of George Floyd, I have received a lot of feedback on the list of volunteer organizations that are focused on addressing diversity…
Dark Reading Usability Interview
An interview I did with Ericka Chickowski of DarkReading on the importance of useability of security products. From the article: Solid detection algorithms and whiz-bang defensive technologies are important in…
Let’s Use This Outrage to Make a Change
I have struggled a lot over the past few days. Like many of you, I have spent the better part of the last week dealing with my own personal anger,…
2020 Best New Blog – Security Bloggers Awards
I feel I use the word ‘humbled’ a lot when I talk about this blog, but it is very much how I feel. When I consider all of the security-related…
CISO position burnout causes high churn rate
A recent interview I did with SearchSecurity/TechTarget. While much was about the benefits and love of the job, the ‘job churn’ and ‘burnout’ discussions are front and center in the…
Free COVID-19 Resources
With the mass Work-From-Home push as part of the COVID-19 pandemic, many people and families are struggling with different aspects of working remotely. In this light, I have decided to…
A Few Leadership Work-From-Home Tips
The vast majority of my career has involved some type of work-from-home aspect. My early career as a consultant had me mainly at customer sites, but also typically a day…
Tech Hiring is Badly Broken
Rant to follow – be forewarned. While I generally try to separate personal and professional lives here, I had an experience yesterday that has frankly just pissed me off and…
The First Anniversary of Chronicles of a CISO
Photo by Hal Gatewood on Unsplash It’s hard to believe it’s been a year already. Twelve months ago, I took the leap and decided that it was time to start my own blog,…
Identity Attack Vectors, by Haber and Rolls
Honored to have had the privilege to write the forward to the third book of Morey Haber’s trilogy of enterprise attack vectors. This installment, written with Darran Rolls, discusses the…