Since launching the Rational Cybersecurity for the Business book project to kick off the New Year, I’ve made great progress, completing more than 20 security leadership interviews, and drafts for 5 of the 10 chapters.
Rational Cybersecurity for the Business’s… Continue reading
Returning from the Shared Assessment Summit 2019 last week, I was struck by one repeated message: CISOs and Board of Directors members are still struggling to assess and communicate risk. Early in the Summit Agenda, a CISO Panel discussion… Continue reading
Why is 1:00 PM EST March 26 important? That’s when I’ll be presenting an Active Directory Audit webinar. The figure below features some of the issues I’ll be covering that motivate audit. A brief description of the webinar follows.… Continue reading
I’ll be speaking at the Infosecurity Magazine Online Summit North America on an IAM panel at 3:00 PM EST March 27. I’ll be on with Diana Kelley (Cybersecurity CTO, Microsoft) and Paul Simmonds (CEO, Global Identify Foundation).
Join us… Continue reading
RSA CEO Rohit Ghai and former Chief Strategy Officer Niloofar Razi Howe’s keynote today could have been re-titled “Standing in the Bleak Landscape of Zero Trust.” It has become an impediment, they said.
Should I be defensive, having jumped on… Continue reading
Webinar Title: Blockchain or Bust? The Pros and Cons of using Blockchain in Financial Services
Webcast Live Date & Time: 8:00 am PST / 11:00 am EST Mar 12 2019 United States
Duration: 60 mins
There is still a need for network segmentation in the zero trust era, but it needs to be software-defined. Otherwise, traditional network segmentation will be over-whelmed by the growing number of access and component interactions today’s applications require. 
Late… Continue reading
“Rational Cybersecurity for the Business,” my upcoming book, will help business and security leaders see through misinformation, FUD, and hype. It will explain how to think about our challenging problems rationally, enable bold digital business strategies, and substantially… Continue reading
Security culture is the set of ideas, customs, and social behaviors that impact security in an organization, both in a positive and a negative way. This is a fascinating discipline deserving of more coverage that organizations can apply to minimize… Continue reading
At FAIRCON 2018, keynote speakers described FAIR as a quantitative risk analysis “movement” to change the way industry measures and manages risk. Deep, ongoing frustration in business and government circles with the seeming inability of increased cybersecurity spending to stop… Continue reading