GRC Featured GRC is Technical I’m about to say something that might ruffle some feathers. But here it is: GRC is technical and it’s high time we stopped pretending it’s not. This may sound harsh to some. I’ve heard the whispers: “Oh, GRC is for people who aren’t technical. It’
GRC Featured When I Stopped Needing to Be Right GRC isn’t just about frameworks and risk matrices: it’s fundamentally about people. And people are anything but simple.
Careers We can't build the cybersecurity workforce on passion alone Envisioning the transition of cybersecurity from a passion and skill-driven activity to a casual business profession.
Breaches Security Needs Data: Insights From the Data Breach Investigation Report Reviewing the Data Breach Investigation Report for a source of credible data about the real cyber threats we must worry about.
Careers How could senior management training revolutionize information security? Building an efficient information security management system is not just about policies, data, and metrics. We must influence leadership to build secure organizations. The secret ingredient? Security people's innate sense of community.
GRC How to Balance Security and Privacy? Considering the balance between security and privacy, my experience as a security specialist has taught me that privacy is now integral to building effective security tools
GRC Why security must not report to IT Industry stories and personal anecdotes prove that independent security and tech leadership breed superior security results
GRC Cybersecurity is all about relationships How you can build relationships by being relevant to your colleagues and harnessing your influence to provoke lasting security improvements to information systems.
Careers Do you need to learn to code to work in cybersecurity? Do you have to know how to code to work in cybersecurity? Not necessarily, but lacking these skills might limit your career prospects.
Careers Teaching cybersecurity I have been hired as a part-time cybersecurity teacher for evening classes at a local college! Explaining why I am choosing this path and what it means for the blog.
Breaches Top Security Stories of 2023 Telling this year's most relevant security stories to remember what matters most in today's threat landscape
Careers 5 Horror stories about cybersecurity consultants (and how to avoid them) Anecdotes about consulting services gone wrong in the context of enterprise information security. The core issue? A misunderstanding of how to use consulting by companies that hire them.
Security Why Access control is security's most critical battlefield Telling some stories about access control failures and why access management is like cleaning up toilets.
Emotional-Intelligence You don’t go into cybersecurity to make friends Stories about how I've come to embrace security's role as the "bad cops" in enterprises. My secret? Staying grounded in security's core purpose, which is to defend best practices and integrity.
GRC How to convince developers to fix their security vulnerabilities? Presenting developers with vulnerabilities is one of the most common -and frustrating- tasks of any security analyst. Here's a list of the most common excuses developers come up with to avoid fixing vulnerabilities and how I react to them.
GRC How to incorporate security into your branding strategy? Everybody claims their product is secure. Then why are there so many data breaches? Instead of promising the impossible -zero incidents!- companies should showcase their expertise and commitment to integrity.
ELI5 What you need to know before you start your bug bounty program Tips and tricks on what to expect from a bug bounty program in your organization: how will the program help your security posture, and how to take care of your response team who is going to be on the front lines.
Emotional-Intelligence Featured What Ted Lasso can teach us about cybersecurity leadership Examining common themes in cybersecurity leadership and the leadership concepts explored in Ted Lasso, the popular comedy-drama about a football coach leaving for Europe to coach soccer.
Emotional-Intelligence How to handle conflicts in information security Sharing experiences in solving conflicts inherent to the cybersecurity profession.
Careers Inside insights on the state of cybersecurity that you won't find in textbooks How do cybersecurity professionals see the current state of security when they are discussing with their peers?
Security The importance of cybersecurity: Who are we protecting? A reflection on the fundamental reasons why security matters for each individual online.
Careers Breaking Into Cybersecurity: A Story About Overcoming Professional Anxiety My story of how I was able to break into cybersecurity. While I ended up going the college route, my path remains atypical.
Hacking Are You Prepared for Next-Gen Phishing Threats? Phishing is no longer some email scams warning you about account dues and foreign princes. Today's threat actors leverage deepfake, advanced detection evasion mechanisms and extensive research to attack you.
Security Centralized vs. Decentralized Security: My Professional Take Looking at pros and cons of a centralized vs decentralized approach to cybersecurity teams, and how in the end there is no right answer. This is a cycle and we should focus on relationships rather than hierarchies.
Emotional-Intelligence Neurodiversity in Cybersecurity: How People with ADHD and Asperger's Find a Home Examining how people with Aspergers and attention deficit hyperactivity disorder (ADHD) can be successful cybersecurity professionals.
