Category: CSO

Vulnerability management – we’re doing it wrong

Security professionals (and the people who measure our performance like auditors and regulators) have traditionally taken a stance that “all serious vulnerabilities should be patched”…

Continue Reading

Cloud computing concentration and systemic risk

I came across an interesting blog post over at Finextra which got me thinking about a topic that has been in the back of my…

Continue Reading

Hunting for secrets on GitHub

We need to work with system designers and developers to make them understand that using a secure credential vault with programmatic access is not an optional luxury – it is a basic security requirement. Credentials do not belong in code, even if that code is stored in a safe inside a vault inside a volcano.

Continue Reading

Too much information?

An interesting piece in the Harvard Business Review highlights the one of the challenges information security professionals face when dealing with security awareness; we actively…

Continue Reading

Securing the real perimeter – part 1

I was thinking about the way that the concept of a “perimeter” has changed in the time I have been in information security. (Obviously, I…

Continue Reading

We’re number 1!

Something for those of us who have to continue to remind our executives how important it is to continually increase our cybersecurity budgets… Global insurer…

Continue Reading

Boredom and security

We security management types would like to think that every task we give our minions is exciting and engaging. However, there are lots of security…

Continue Reading

Can experience be a hindrance in making security decisions?

Some interesting insight from the Harvard Business Review’s January 2020 IdeaWatch section: A study looked at how people react to information which indicates that a…

Continue Reading

US DoJ guidance on responding to and reporting cyber incidents

When thinking about how to respond to cyber security incidents, you need to think about how your organization will engage with law enforcement – and…

Continue Reading

NIST & Microsoft partner for patching pointers

The US Government’s National Institute of Standards and Technology and 8,000,000 pound gorilla Microsoft are working together to provide industry with definitive guidance on keeping…

Continue Reading