Helping CISOs and Board Members Communicate on Risk: A Shared Assessments Summit 2019 Recap
Returning from the Shared Assessment Summit 2019 last week, I was struck by one repeated message: CISOs and Board of Directors members are still struggling to assess and communicate risk. Early in the Summit Agenda, a CISO Panel discussion… Continue reading
Active Directory Audit: Why and How
Why is 1:00 PM EST March 26 important? That’s when I’ll be presenting an Active Directory Audit webinar. The figure below features some of the issues I’ll be covering that motivate audit. A brief description of the webinar follows.… Continue reading
Infosecurity Magazine Online Summit North America: IAM Panel on March 27
I’ll be speaking at the Infosecurity Magazine Online Summit North America on an IAM panel at 3:00 PM EST March 27. I’ll be on with Diana Kelley (Cybersecurity CTO, Microsoft) and Paul Simmonds (CEO, Global Identify Foundation).
Join us… Continue reading
RSA 2019: Has Zero Trust Become an Impediment?
RSA CEO Rohit Ghai and former Chief Strategy Officer Niloofar Razi Howe’s keynote today could have been re-titled “Standing in the Bleak Landscape of Zero Trust.” It has become an impediment, they said.
Should I be defensive, having jumped on… Continue reading
The Pros and Cons of using Blockchain in Financial Services
Webinar Title: Blockchain or Bust? The Pros and Cons of using Blockchain in Financial Services
Webcast Live Date & Time: 8:00 am PST / 11:00 am EST Mar 12 2019 United States
Duration: 60 mins
Abstract:
Judging from the headlines,… Continue reading
Network Segmentation in the Zero Trust Era
There is still a need for network segmentation in the zero trust era, but it needs to be software-defined. Otherwise, traditional network segmentation will be over-whelmed by the growing number of access and component interactions today’s applications require. 
Late… Continue reading
Launching Rational Cybersecurity for the Business
“Rational Cybersecurity for the Business,” my upcoming book, will help business and security leaders see through misinformation, FUD, and hype. It will explain how to think about our challenging problems rationally, enable bold digital business strategies, and substantially… Continue reading
How to Establish a Security Culture
Security culture is the set of ideas, customs, and social behaviors that impact security in an organization, both in a positive and a negative way. This is a fascinating discipline deserving of more coverage that organizations can apply to minimize… Continue reading
FAIRCON Showcases Quantitative Risk Analysis on the Cusp of Adoption
At FAIRCON 2018, keynote speakers described FAIR as a quantitative risk analysis “movement” to change the way industry measures and manages risk. Deep, ongoing frustration in business and government circles with the seeming inability of increased cybersecurity spending to stop… Continue reading
The New Vulnerability and Risk Management (VRM) Paradigm: Holistic, Dynamic, Adaptive
The ability to perform effective Vulnerability Risk Management (VRM) is an important marker of IT security maturity. Why? Managing the flow of vulnerabilities in complex IT environments is a major challenge. So is recognizing, categorizing, and prioritizing IT security risks.… Continue reading