RSA 2016 Sessions Favs and Recommendations (#RSAC2016)
#RSAC2016 will again bring much of the cybersecurity industry together for a week of intense learning, networking and exhibiting. My mailbox is filling up with vendor briefing requests and I’m pulling the calendar together.
It’s going to be a… Continue reading
How to Perform Cloud Security Assessments in a Hybrid World
Cloud risk standards, such as FedRAMP and the Cloud Security Alliance (CSA) Cloud Control Matrix (CCM) 3.0 may make it seem like you’ve got your security requirements under control, but its not obvious how to use them for… Continue reading
Towards Practical Recipes for Active Defense
What I call the militarization of security has raised the bar for defenders. For the last few years I’ve been telling clients to “assume your enterprise is already compromised,” especially if its in government, financial services, high technology, media or… Continue reading