When I hear a CISO speaking about threats on an information security podcasts I know most everyone probably thinks they are talking about nation-state or criminal actors. The truth is … Continue reading “What CISO’s really mean when they say “threat””
Tagged As:
infosec
Low effort s***post about TikTok
I’m glad that the federal government along with states have started taking action against the app for its apparent theft of sensitive information. This is good and all but what … Continue reading “Low effort s***post about TikTok”
RSAC CISO Boot Camp 2023
I’m humbled to be brought back as a panel speaker at the CISO Boot Camp. I was involved in designing and ended up MC’ing the first two CISO Boot Camps (2019 and 2020).
SGA (Some Good Advice)
I submitted a short blurb to an effort to gather advice from CISO’s. I believe many CISO’s (especially new ones) will focus primarily on advanced security controls and miss the … Continue reading “SGA (Some Good Advice)”
Security tool costs
I really miss the days when I paid maintenance for software. The new ARC paradigm really sucks for the consumer. The only positive piece is that the financial implications of … Continue reading “Security tool costs”
Trying to capture cost per vulnerability patched and why I don’t believe it’s a good idea
This post is part experiment, part memorializing a short conversation I had with Sasha Romanosky (one of the creators of CVSS). I have more thoughts on the subject of the … Continue reading “Trying to capture cost per vulnerability patched and why I don’t believe it’s a good idea”