Category: CSO
Leaking company secrets via generative AIs like ChatGPT
For a third party, knowing what people from company X are asking of ChatGPT (or any other generative AI) could be quite interesting and profitable…
Talking about ChatGPT with your colleagues
I wonder how many security teams have reached out to their colleagues about the use of ChatGPT and other hot new generative AI tools. Here’s…
Vulnerability management – we’re doing it wrong
Security professionals (and the people who measure our performance like auditors and regulators) have traditionally taken a stance that “all serious vulnerabilities should be patched”…
Cloud computing concentration and systemic risk
I came across an interesting blog post over at Finextra which got me thinking about a topic that has been in the back of my…
Hunting for secrets on GitHub
We need to work with system designers and developers to make them understand that using a secure credential vault with programmatic access is not an optional luxury – it is a basic security requirement. Credentials do not belong in code, even if that code is stored in a safe inside a vault inside a volcano.
Too much information?
An interesting piece in the Harvard Business Review highlights the one of the challenges information security professionals face when dealing with security awareness; we actively…
Securing the real perimeter – part 1
I was thinking about the way that the concept of a “perimeter” has changed in the time I have been in information security. (Obviously, I…
We’re number 1!
Something for those of us who have to continue to remind our executives how important it is to continually increase our cybersecurity budgets… Global insurer…
Boredom and security
We security management types would like to think that every task we give our minions is exciting and engaging. However, there are lots of security…
Can experience be a hindrance in making security decisions?
Some interesting insight from the Harvard Business Review’s January 2020 IdeaWatch section: A study looked at how people react to information which indicates that a…