“Rational Cybersecurity for the Business,” my upcoming book, will help business and security leaders see through misinformation, FUD, and hype. It will explain how to think about our challenging problems rationally, enable bold digital business strategies, and substantially… Continue reading
The cybersecurity elevator pitch is a key communication tool, but security pros tend to struggle with it. For example:
My cousin’s son Ben is an enterprising real estate agent and golfer living on a beautiful New England island. Your CEO… Continue reading
Security fatigue leads to resignation, causing users to abandon efforts to protect themselves or their organizations.
A new NIST study found that for many users, managing logins and passwords has become too burdensome to do well. Some users… Continue reading
Next week I’ll be presenting on breach notification and incident response at Cyber Security World 2015 in downtown Washington, DC. This conference is about a mix of attack, defend, response and policy topics pitched slightly to the Federal audience.… Continue reading
The bulk of what passes for “threat intelligence” is just ephemeral data, frequently changed by hackers, and only useful on short-lived blacklists. To improve their cybersecurity, organizations need to raise their “threat IQ”. The security ecosystem of vendors and… Continue reading
MISTI’s Threat Intelligence Summit 2015 is coming to Orlando September 29-30, and I’ll be speaking there on:
Separating Threat Intelligence from FUD: An Enterprise Approach
A breach here, an NSA expose there – cybersecurity’s constantly in the news. Fear,… Continue reading
Last month I wrote about attending a Department of Homeland Security (DHS) conference on its effort to create a new wave of Information Sharing Analysis Organizations (ISAOs). Along with many in the industry, I believe the future of cybersecurity… Continue reading
In the wake of the OPM hack, Federal CIO Tony Scott launched a government-wide cybersecurity Sprint on June 12, giving agencies 30 days to shore up their systems.
The audience for the sprint announcement was clearly the media.… Continue reading
Disease may be the best metaphor for our cybersecurity status, and Security Architects Partners has recorded a webinar diagnosing possible cures. With some special guests, we covered core prevention mechanisms, smart deception techniques to turn the tables… Continue reading
The breach problem has increased and cyber insurance is on the radar screen for many CEOs. The U.S. Congress is likely to create supportive legislation for cyber-insurance as a vehicle for improved security data sharing and a market-based solution … Continue reading