Posts

  • Defining Your Security Front Door

    Defining Your Security Front Door

    A key skill for any security program is to partner with and enable the business to be successful. CISOs need to ensure their security teams are approachable, reasonable and most importantly balancing the needs of the business against potential security risks. While security teams exist to help protect the business, they don’t own the business Read more

  • Annual Planning For CISOs

    Annual Planning For CISOs

    The beginning of the year is a popular time for making personal resolutions, which can focus on health, finance or love. While the beginning of the year is a popular time to set resolutions, really what we are talking about is setting goals to improve ourselves. I’m a huge proponent of setting personal goals for Read more

  • Career Options Post CISO

    Career Options Post CISO

    Last year was a busy year for CISOs. Increased regulation from the SEC and other entities are raising the stakes for companies and CISOs. 2023 demonstrated that regulators and law enforcement are not only going to hold companies accountable for incidents and breaches, but they will also pursue accountability against individual CISOs. The CISO role Read more

  • 2023 End Of Year Review & 2024 Look Ahead

    2023 End Of Year Review & 2024 Look Ahead

    At the start of 2023 I created personal and professional goals for myself to speak at conferences more, attend more professional events and capture my professional experience in a series of blog posts. In this post I’ll share what worked, what didn’t and how my results compared to my goals. At the end I’ll discuss Read more

  • Opsec During Incidents

    Opsec During Incidents

    When I first got into Information Technology over 20 years ago, I started out in networking and data centers. When doing work, we always made sure to have another method of accessing our gear in case a configuration change didn’t work and eliminated access to the equipment or environment. Also, during my military service we Read more

  • Will CVSS 4.0 Help Companies Manage Vulnerabilities Better?

    Will CVSS 4.0 Help Companies Manage Vulnerabilities Better?

    About two weeks ago FIRST published version 4.0 of the Common Vulnerability Scoring Standard (CVSS), largely in response to feedback from the industry on the shortcomings of CVSS 3.1 and previous versions. The main complaint from industry with version 3.1 was that it didn’t offer any way to add additional context in a way that Read more