Newsletter Security Needs Data: Insights From the Data Breach Investigation Report Reviewing the Data Breach Investigation Report for a source of credible data about the real cyber threats we must worry about.
Newsletter How could senior management training revolutionize information security? Building an efficient information security management system is not just about policies, data, and metrics. We must influence leadership to build secure organizations. The secret ingredient? Security people's innate sense of community.
Newsletter Why security must not report to IT Industry stories and personal anecdotes prove that independent security and tech leadership breed superior security results
Newsletter Cybersecurity is all about relationships How you can build relationships by being relevant to your colleagues and harnessing your influence to provoke lasting security improvements to information systems.
Newsletter Do you need to learn to code to work in cybersecurity? Do you have to know how to code to work in cybersecurity? Not necessarily, but lacking these skills might limit your career prospects.
Newsletter Teaching cybersecurity I have been hired as a part-time cybersecurity teacher for evening classes at a local college! Explaining why I am choosing this path and what it means for the blog.
Newsletter Top Security Stories of 2023 Telling this year's most relevant security stories to remember what matters most in today's threat landscape
Newsletter 5 Horror stories about cybersecurity consultants (and how to avoid them) Anecdotes about consulting services gone wrong in the context of enterprise information security. The core issue? A misunderstanding of how to use consulting by companies that hire them.
Newsletter Why Access control is security's most critical battlefield Telling some stories about access control failures and why access management is like cleaning up toilets.
Newsletter You don’t go into cybersecurity to make friends Stories about how I've come to embrace security's role as the "bad cops" in enterprises. My secret? Staying grounded in security's core purpose, which is to defend best practices and integrity.
Newsletter How to convince developers to fix their security vulnerabilities? Presenting developers with vulnerabilities is one of the most common -and frustrating- tasks of any security analyst. Here's a list of the most common excuses developers come up with to avoid fixing vulnerabilities and how I react to them.
Newsletter How to incorporate security into your branding strategy? Everybody claims their product is secure. Then why are there so many data breaches? Instead of promising the impossible -zero incidents!- companies should showcase their expertise and commitment to integrity.
ELI5 What you need to know before you start your bug bounty program Tips and tricks on what to expect from a bug bounty program in your organization: how will the program help your security posture, and how to take care of your response team who is going to be on the front lines.
Newsletter Featured What Ted Lasso can teach us about cybersecurity leadership Examining common themes in cybersecurity leadership and the leadership concepts explored in Ted Lasso, the popular comedy-drama about a football coach leaving for Europe to coach soccer.
Newsletter How to handle conflicts in information security Sharing experiences in solving conflicts inherent to the cybersecurity profession.
Newsletter Inside insights on the state of cybersecurity that you won't find in textbooks How do cybersecurity professionals see the current state of security when they are discussing with their peers?
Newsletter The importance of cybersecurity: Who are we protecting? A reflection on the fundamental reasons why security matters for each individual online.
Newsletter Breaking Into Cybersecurity: A Story About Overcoming Professional Anxiety My story of how I was able to break into cybersecurity. While I ended up going the college route, my path remains atypical.
Newsletter Are You Prepared for Next-Gen Phishing Threats? Phishing is no longer some email scams warning you about account dues and foreign princes. Today's threat actors leverage deepfake, advanced detection evasion mechanisms and extensive research to attack you.
Newsletter Centralized vs. Decentralized Security: My Professional Take Looking at pros and cons of a centralized vs decentralized approach to cybersecurity teams, and how in the end there is no right answer. This is a cycle and we should focus on relationships rather than hierarchies.
Newsletter Neurodiversity in Cybersecurity: How People with ADHD and Asperger's Find a Home Examining how people with Aspergers and attention deficit hyperactivity disorder (ADHD) can be successful cybersecurity professionals.
Newsletter The Cyber Threats in Universities Nobody's Talking About Universities host valuable data about vulnerable individuals. They are faced with a barrage of cyber attacks. Cyber espionage is a growing concern. Underfunding of IT is a major obstacle.
Newsletter 10 Harsh Truths About Cloud Security As a specialist in cloud security due diligence and third-party security risk management, I present the hardest aspects of the discipline. Questionnaires and scanners have created a culture of "checkmarkism" that lead to fast results but low value advice.
Newsletter Why is security so expensive? IT managers sometimes call InfoSec the "security tax". Yes, security is expensive due to skilled experts, evolving tech, and attack surfaces. Security paywalls and compliance checkmarks give it a bad rep. In the end, it's a question of showing the value of security.
Newsletter Why the Media Should Stop Reporting on Security Breaches Not every security breach is the same. These complex events are not always of public interest. Media coverage may use them to fuel your anger and anxieties, rather than inform you.
