As a security community, we tend to be overly focused on malware. Malware is most certainly something we need to concern ourselves with, but it is not everything. What about the other 60% of intrusions that involve no malware at all? I discuss this topic in my latest SecurityWeek piece: http://www.securityweek.com/intrusions-without-malware-dont-forget-other-sixty-percent. Hope you enjoy.
Wednesday, March 22, 2017
Wednesday, March 1, 2017
What can a trip to Turkey teach us about communicating information security concepts to a wide variety of audiences? I discuss this topic in my latest SecurityWeek piece: http://www.securityweek.com/importance-speaking-same-language-security. I think you'll enjoy.
Monday, February 27, 2017
It's time to bring mature security operations to the masses. But doing so requires a new way of thinking -- and a new class of solutions. Enter the Security Operations Platform. But with all the noise and hype surrounding this new market, how can the security buyer make an educated and informed decision? By playing 20 questions of course. My latest DarkReading piece discusses: http://www.darkreading.com/operations/20-questions-for-secops-platform-providers/a/d-id/1328272?.
Thursday, February 16, 2017
In my opinion, every organization deserves a mature security operations function, regardless of the organization's size. How can that become a reality? Is that even a realistic expectation? I discuss in my latest SecurityWeek piece: http://www.securityweek.com/taking-mature-security-operations-masses. I hope you will find the piece thought provoking.
Wednesday, January 25, 2017
No one really believes in security by obscurity anymore, do they? Sadly, some people still do, but probably for different reasons than you might expect. I discuss this topic -- with a twist -- in my latest SecurityWeek piece: http://www.securityweek.com/hiding-plain-sight-why-your-organization-cant-rely-security-obscurity. Hope you enjoy.
Friday, January 13, 2017
This month, like the previous several months, brings with it the latest installment in the 20 questions series. In this installment, I discuss 20 questions we should be asking ourselves. Curious what I mean? Have a look at my latest piece in DarkReading: http://www.darkreading.com/endpoint/crowdsourcing-20-answers-to-security-ops-and-ir-questions/a/d-id/1327865?.
Thursday, January 5, 2017
If you cut corners in security, you may be able to fool a few people in the near-term. But in the long-term, you won't fool anyone at all. There is elegance in simplicity, but foolishness in over-simplification (and over-complication for that matter). Curious what I mean? Have a look at my latest piece in SecurityWeek: http://www.securityweek.com/good-security-marathon-not-sprint.