Posts

  • Should Compensation Be Tied To Security Performance?

    Should Compensation Be Tied To Security Performance?

    Lately, I’ve been thinking about how to incentivize security performance across an organization that struggles with the discipline for good security. When done correctly, security can actually help accelerate development lifecycles and is strongly tied to increased organization performance. However, for organizations that struggle, I wonder if they can reward good security behavior with some Read more

  • Vendors: If You Want To Reach CISOs Stop All The Noise

    Vendors: If You Want To Reach CISOs Stop All The Noise

    I had an interesting conversation with a bunch of CISO friends last week about the current problem with vendor communications and particularly how there is a high volume of noise in the industry right now. The current problem is predicated on the assumption that more volume of communication will lead to sales leads, which will Read more

  • When Risk Management Goes Wrong

    When Risk Management Goes Wrong

    Last week I took the opportunity to take some time off and spend a few days with my family at a popular amusement park in California. On the second day my kids and I decided to go to the water park to go down the water slides and during this experience my kids and I Read more

  • A CISO Primer On Navigating Build vs Buy Decisions

    A CISO Primer On Navigating Build vs Buy Decisions

    Every year CISOs propose and are allocated annual budgets to accomplish their goals for the upcoming year. Within these budgets are allocations for purchasing tooling or hiring new headcount. As part of this exercise CISOs and their respective security teams are asking: should we build this thing ourselves or should we just buy it? It Read more

  • Why Veterans Make Great Security Team Members

    Why Veterans Make Great Security Team Members

    Every year the United States honors its fallen service members during Memorial Day. As a Navy Veteran, I spent this past memorial day reflecting on my time in service, the memories I’ve taken away and most importantly remembering the people I served with who made the ultimate sacrifice. I also thought about the incredible number Read more

  • Centralized vs. De-Centralized Security Team?

    Centralized vs. De-Centralized Security Team?

    Whether you are building a security team from scratch, expanding your team or re-allocating resources, you may be wondering what is more effective – a centralized or decentralized security team? Both have their pros and cons and I’ll discuss them and my experience with each in this blog post. Centralized Security Team This is probably Read more