Saturday, August 26, 2017

Helpnet Post: Living in an Assume Breach world


New post up on Helpnet Security:

Living in an Assume Breach world

 

This is in addition to posts on Dark Reading and F5 Labs

 

Thursday, June 8, 2017

Blogging Elsewhere: 10 Ways Organizations can get ready for breach disclosure


10 Ways Organizations can get ready for breach disclosure

https://f5.com/labs/articles/cisotociso/compliance/10-ways-organizations-can-get-ready-for-breach-disclosure

An important part of the Assume Breach philosophy is getting ready to say "I'm sorry".  Poop happens, be prepared to deal with it.

Blogging Elsewhere: How a CISO can play a role in selling security


How a CISO can play a role in selling security

https://f5.com/labs/articles/cisotociso/leadership/how-a-ciso-can-play-a-role-in-selling-security-26942

Anyone in the CISO game knows that you end up having to "sell" the security of your organization to customers and partners... so why not name it and claim it?

Blogging elsewhere: Can your risk assessment stand up under scrutiny?


Can your risk assessment stand up under scrutiny?

https://f5.com/labs/articles/cisotociso/compliance/can-your-risk-assessment-stand-up-under-scrutiny-26784

When something in the news catches my eye, I feel compelled to dig deeper

Blogging elsewhere: 7 Upgrades to level up your security program experience


7 Upgrades to level up your security program experience

https://f5.com/labs/articles/cisotociso/strategy/7-upgrades-to-level-up-your-security-program-experience-26703

A smattering of general advice

Blogging elsewhere: Stalking in the Workplace: What can CISOs do?


Blogging elsewhere: Stalking in the Workplace: What can CISOs do?

https://f5.com/labs/articles/cisotociso/leadership/stalking-in-the-workplace-what-cisos-can-do-26165

A personal one from me.  Also covered fictionally via Heidi over here


Friday, March 17, 2017

Blogging over at F5 Labs

In case you missed it, I've been doing a lot of blogging over at F5 Labs.

The Humanization of the Security Leader: What CISOs Need to Be Successful
When someone from the IT group gets promoted into security management, a common first lesson is that “geek culture” is ineffective in the boardroom. Just watch one episode of The Big Bang Theory and you’ll recognize the classic nerd character...

How Three Low-Risk Vulnerabilities Become One High
Revisting van Beek's Microsoft Exchange Autodiscover vulnerability to make it much deadlier. (Co-author)

Using F5 Labs Application Threat Intelligence
As security professionals, we often feel like we’re fighting a losing battle when it comes to cyber security. (Co-author)

The Risk Pivot: Succeeding with Business Leadership by Quantifying Ops Risk
Getting the security investments you need often comes down to making your case to management in terms of operational risk.

The Conflicting Obligations of a Security Leader

Faced with competing pressures, CISOs are ultimately the experts at assessing what’s truly at stake in their organizations.

Building Secure Solutions Successfully Using Systems Theory
When security solutions don’t work as planned, embrace the complexity and use Systems Theory tools to adjust, regulate, and redefine.

DNS Is Still the Achilles’ Heel of the Internet
Since the Internet can’t survive without DNS, let’s make our best effort to defend it.

Will Deception as a Defense Become Mainstream?
Defensive deception works well, but needs championing before we’ll see it as a best practice or compliance requirement.


Follow the F5 Labs posts via RSS