Helping CISOs and Board Members Communicate on Risk: A Shared Assessments Summit 2019 Recap
Returning from the Shared Assessment Summit 2019 last week, I was struck by one repeated message: CISOs and Board of Directors members are still struggling to assess and communicate risk. Early in the Summit Agenda, a CISO Panel discussion… Continue reading
Launching Rational Cybersecurity for the Business
“Rational Cybersecurity for the Business,” my upcoming book, will help business and security leaders see through misinformation, FUD, and hype. It will explain how to think about our challenging problems rationally, enable bold digital business strategies, and substantially… Continue reading
Explaining What We Do: What’s Your Cybersecurity Elevator Pitch?
The cybersecurity elevator pitch is a key communication tool, but security pros tend to struggle with it. For example:
My cousin’s son Ben is an enterprising real estate agent and golfer living on a beautiful New England island. Your CEO… Continue reading
Combatting Security Fatigue and Apathy
Security fatigue leads to resignation, causing users to abandon efforts to protect themselves or their organizations.
A new NIST study found that for many users, managing logins and passwords has become too burdensome to do well. Some users… Continue reading
Breach Notification and Incident Response: When and How
Next week I’ll be presenting on breach notification and incident response at Cyber Security World 2015 in downtown Washington, DC. This conference is about a mix of attack, defend, response and policy topics pitched slightly to the Federal audience.… Continue reading
Is Threat Intelligence a Misnomer?
The bulk of what passes for “threat intelligence” is just ephemeral data, frequently changed by hackers, and only useful on short-lived blacklists. To improve their cybersecurity, organizations need to raise their “threat IQ”. The security ecosystem of vendors and… Continue reading
Speaking at the Threat Intelligence Summit 2015
MISTI’s Threat Intelligence Summit 2015 is coming to Orlando September 29-30, and I’ll be speaking there on:
___
Separating Threat Intelligence from FUD: An Enterprise Approach
A breach here, an NSA expose there – cybersecurity’s constantly in the news. Fear,… Continue reading
How Mature are your Enterprise Security Data Sharing Practices?
Last month I wrote about attending a Department of Homeland Security (DHS) conference on its effort to create a new wave of Information Sharing Analysis Organizations (ISAOs). Along with many in the industry, I believe the future of cybersecurity… Continue reading
FEDs 30-Day Sprint is Just the First Step off the Blocks
In the wake of the OPM hack, Federal CIO Tony Scott launched a government-wide cybersecurity Sprint on June 12, giving agencies 30 days to shore up their systems.
The audience for the sprint announcement was clearly the media.… Continue reading
Regaining the Defensive Advantage in Cybersecurity
Disease may be the best metaphor for our cybersecurity status, and Security Architects Partners has recorded a webinar diagnosing possible cures. With some special guests, we covered core prevention mechanisms, smart deception techniques to turn the tables… Continue reading