Posts

  • What’s Better – Complete Coverage With Multiple Tools Or Partial Coverage With One Tool?

    What’s Better – Complete Coverage With Multiple Tools Or Partial Coverage With One Tool?

    The debate between complete coverage with multiple tools versus imperfect coverage with one tool regularly pops up in discussions between security professionals. What we are really talking about is attempting to choose between maximum functionality and simplicity. Having pursued both extremes over the course of my security career I offer this post to share my… Read more

  • If Data Is Our Most Valuable Asset, Why Aren’t We Treating It That Way?

    If Data Is Our Most Valuable Asset, Why Aren’t We Treating It That Way?

    There have been several high profile data breaches and ransomware attacks in the news lately and the common theme between all of them has been the disclosure (or threat of disclosure) of customer data. The after effects of a data breach or ransomware attack are far reaching and typically include loss of customer trust, refunds… Read more

  • Security Considerations For M&A and Divestitures

    Security Considerations For M&A and Divestitures

    I’ve been speaking to security startups over the last few weeks and some of the discussions made me think about the non-technical aspects of security that CISOs need to worry about. Specifically, things like mergers, acquisitions and divestitures and the different risks you will run into when executing these activities. There are a number of… Read more

  • Should There Be A Professional CISO Certification and Organization?

    Should There Be A Professional CISO Certification and Organization?

    I’ve been thinking a lot about the CISO role and how it is rapidly maturing from a technology and compliance role to a more generalized business executive role that specializes in security and risk. The primary catalyst for this evolution is the recent release of the SEC rules requiring companies to report material incidents on… Read more

  • Are We Peak CISO?

    Are We Peak CISO?

    Let’s be honest…the CISO role is weird right now. It is going through a transformative phase and the industry is at an inflection point similar to what other C-Level roles (like the CFO) have gone through in the past. What makes the role weird? The CISO community and any company that has a CISO is… Read more

  • Security Theater Is The Worst

    Security Theater Is The Worst

    We have all been there…we’ve had moments in our life where we have had to “comply” or “just do it” to meet a security requirement that doesn’t make sense. We see this throughout our lives when we travel, in our communities and in our every day jobs. While some people may think security theater has… Read more