Security Management Practices

Many of my recent articles examine tactical and strategic aspects information security management.

Critical Log Review Checklist for Security Incidents

This cheat sheet presents a checklist for reviewing critical logs when responding to a security incident. It can also be used for routine log review. (Co-authored with Anton Chuvakin.)

How to Be Heard in IT Security and Business.

How to make your message, request, or proposal heard by the people whos support you require? Read my 10 tips with recommendations to capturing the individuals' attention.

3 Steps to Improving Your Data Safeguards

Protecting data in dynamic and diverse environments is a formidable challenge. This article explains how to better safeguard data with the help of data inventory, sharing practices, and leak detection.

How to Suck at Information Security

This cheat sheet presents common information security mistakes, so you can avoid making them.

Emerging Information Security Threats

This article reviews the emerging threats landscape of information security, including targeted attacks, client-side infections, advanced malware, bots, and browser malware.

Situational Awareness for Infosec Professionals

This article describes a three-pronged approach to ensuring a project's success by becoming attuned to the organization's dynamics.

A Practical Routine for Reviewing Security Logs

This article presents several tips for establishing a practical routine for reviewing information security logs.

Trends and Dynamics of the Endpoint Security Industry

This paper examines trends and dynamics of the endpoint security industry, and evaluates the performance of market leaders such as Symantec in the context of these factors.