Posts

  • Compliance Corner Series: Compliance Landscape 2023

    Compliance Corner Series: Compliance Landscape 2023

    This blog post is part of the Compliance Corner Series developed in partnership with Milan Patel. This series will include a variety of discussion topics around the intersection of security and compliance. The series will include blog posts, live web streams (with Q&A) and video blogs. “How has globalization, increasing regulatory requirements from governments and Read more

  • Software Supply Chain Security Considerations

    Software Supply Chain Security Considerations

    Over the past five years there has been increased scrutiny on the security of supply chains and in particular software supply chains. The Solar Winds attack in 2020 brought this issue to the foreground as yet another requirement for a well rounded security program and also has been codified into several security guidelines such as, Read more

  • Can Risk Truly Be Measured?

    Can Risk Truly Be Measured?

    As a CSO, everything you do needs to be evaluated in terms of risk to the business. When you build a security program, prioritize objectives or respond to incidents all of your decisions will take into consideration risk and how to effectively manage it. Which begs the question: Can Risk Truly Be Measured? The Problem Read more

  • Security Vendor Questionnaires: Too Much or Not Enough?

    Security Vendor Questionnaires: Too Much or Not Enough?

    Over the past few years there has been an increasing trend for customers and partners to request security teams to fill out lengthy security questionnaires seeking specific details about the state of their security program. These requests often come as part of routine audits, regulatory requirements or contract negotiations. As someone who has both sent Read more

  • The Problem With Vulnerability Scanners

    The Problem With Vulnerability Scanners

    Vulnerability scanners are table stakes for any security program and they help security teams proactively identify and report on the security posture of assets, but unless you tune them properly they can lead to more problems than they fix. Here are a few things you need to take into consideration when selecting and using a Read more

  • The Different States Of A Security Program

    The Different States Of A Security Program

    It may be obvious, but every company that has a security program is in a different state of maturity. As a CSO, it is important to recognize and understand what these different states mean in terms of where your energy will be applied. If you are interviewing or hiring into a company, it is critically Read more