After seeing many of you again at RSA last week and recounting how the career change is going, a number of you suggested I write something about it, so here…

In the Beginning Back in 2015, I had written a three-part article called ‘Open Letters to Security Vendors’ which highlighted several things that I thought were broken in the security…

NIST CSF Please note: Version 2.1 of the tool was uploaded to the site on February 28, 2022, due to a formula bug in the privacy worksheet. I am quite…

Ed. Note: This piece has been in process for the better part of 2 years. It started following the 2020 RSA conference where several startups I work with were given…

Had a great time chatting with Katherine Cola of SailPoint about the importance of a standard identity management program and how beneficial it is for the overall governance program of…

Many thanks to Matt Alderman, Jeff Man, and Adrian Sanabria of SecurityWeekly for letting me ramble on about Identity Management and how it is truly the foundational element of the…

A super fun, quick interview with Natalie Reina, who poses one of the most challenging questions I’ve ever been asked… What if Identity Didn’t Exist? We rely on identity for…

A recent interview with The Times (UK) discussing the need for an effective awareness and training program to manage the rapid growth of the remote workforce. Cybersecurity in the age…

I recently had a wonderful opportunity to sit in on a panel discussing how the pandemic is going to change the way security practitioners think about protecting their organizations. Joining…

A fun, Halloween-themed LinkedIn Live event with Morey Haber of BeyondTrust discussing the scariest things we’ve experienced in the industry. BeyondTrust: CISO Diaries – The Scariest Thing I Ever Heard…

I had an opportunity to sit down with Nicole Thomas of SailPoint and reflect on what is takes to be a CISO, how I got here, and where I think…

A lively, engaging panel discussing third-party risk hosted by Ed Adams of Security Innovation. Topics included conducting software composition analysis (SCA), assessing threats and impacts, risk-rating your inventory, and selecting…

Another interview I did with James Rundle of the Wall Street Journal for their Cybersecurity Pro newsletter on the skyrocketing hacking attempts seen in the early phases of the COVID-19…

Whether it is internally to my board, executives, or employees; or externally for industry events or the Chronicles blog, I regularly rely on leveraging the latest industry statistics and metrics…

A recent interview I did with James Rundle of the Wall Street Journal for their Cybersecurity Pro newsletter. Companies Rush to Implement Identity Systems for Remote Working Technology adoptions are…

In response to my post on the death of George Floyd, I have received a lot of feedback on the list of volunteer organizations that are focused on addressing diversity…

An interview I did with Ericka Chickowski of DarkReading on the importance of useability of security products. From the article: Solid detection algorithms and whiz-bang defensive technologies are important in…

I have struggled a lot over the past few days. Like many of you, I have spent the better part of the last week dealing with my own personal anger,…

I feel I use the word ‘humbled’ a lot when I talk about this blog, but it is very much how I feel. When I consider all of the security-related…

A recent interview I did with SearchSecurity/TechTarget. While much was about the benefits and love of the job, the ‘job churn’ and ‘burnout’ discussions are front and center in the…

With the mass Work-From-Home push as part of the COVID-19 pandemic, many people and families are struggling with different aspects of working remotely. In this light, I have decided to…

The vast majority of my career has involved some type of work-from-home aspect. My early career as a consultant had me mainly at customer sites, but also typically a day…

Rant to follow – be forewarned. While I generally try to separate personal and professional lives here, I had an experience yesterday that has frankly just pissed me off and…

Photo by Hal Gatewood on Unsplash It’s hard to believe it’s been a year already. Twelve months ago, I took the leap and decided that it was time to start my own blog,…

Honored to have had the privilege to write the forward to the third book of Morey Haber’s trilogy of enterprise attack vectors. This installment, written with Darran Rolls, discusses the…