Something’s Missing I’ve been at RSAC 2026 this week [edit: well, last week but work and travel got in the way of posting], and in the numerous sessions, talks, and … Continue reading “The Unmonitored Layer”
Tagged As:
ciso
The Cyber Ecosystem Shift
As federal cyber leadership pulls back, the balance is shifting across states, agencies, and industries. Here’s what that means—and why timing matters. Ecosystems are interconnected, interdependent systems. Think of a … Continue reading “The Cyber Ecosystem Shift”
FFFFFFFound in the archive
I was cleaning up my hard drive when I found an unpublished blog post I had written in 2008 during my stint at American Airlines as an information security architect. … Continue reading “FFFFFFFound in the archive”
Categories: Security
Author Dan GPosted on 3 Comments on tl;dr – A Wonk’s Guide to Effective Vulnerability Management
Author Dan GPosted on 3 Comments on tl;dr – A Wonk’s Guide to Effective Vulnerability Management tl;dr – A Wonk’s Guide to Effective Vulnerability Management
I published a rather lengthy blog post about the importance of patch management to the success of a security program. Due to the length of the post I thought I’d … Continue reading “tl;dr – A Wonk’s Guide to Effective Vulnerability Management”
Categories: SecurityAuthor Dan GPosted on 3 Comments on A Wonk’s Guide to Effective Vulnerability Management
Author Dan GPosted on 3 Comments on A Wonk’s Guide to Effective Vulnerability Management A Wonk’s Guide to Effective Vulnerability Management
I’m going to cover something that arguably has the greatest impact on the security posture of an organization and is not something that information security is typically responsible for. It’s … Continue reading “A Wonk’s Guide to Effective Vulnerability Management”
What CISO’s really mean when they say “threat”
When I hear a CISO speaking about threats on an information security podcasts I know most everyone probably thinks they are talking about nation-state or criminal actors. The truth is … Continue reading “What CISO’s really mean when they say “threat””
RSAC CISO Boot Camp 2023
I’m humbled to be brought back as a panel speaker at the CISO Boot Camp. I was involved in designing and ended up MC’ing the first two CISO Boot Camps (2019 and 2020).
Eating the elephant
I’ve seen it time and time again. An executive wants a to fund a transformational project of specious value but requires multiple years of expensive funding. The executive will work … Continue reading “Eating the elephant”
Trying to capture cost per vulnerability patched and why I don’t believe it’s a good idea
This post is part experiment, part memorializing a short conversation I had with Sasha Romanosky (one of the creators of CVSS). I have more thoughts on the subject of the … Continue reading “Trying to capture cost per vulnerability patched and why I don’t believe it’s a good idea”