Blog

My writing focuses on information security, with topics ranging from broad IT trends to detailed technical advice on malware. Scroll through the posts to see whether my interests overlap with yours. Follow this blog to keep up with my latest publications.

3 Opportunities for Cybersecurity Leaders Who Choose to Stay

Several years into your role as a security leader at a company, you’ll reach a point when you ask yourself, “What’s next for me?” This article discusses three ways to proceed if you choose to stay at your current organization. (It was co-authored by Yael Nagler and Lenny Zeltser.) At this point in your CISO tenure, you…

Read more

Distribute Cybersecurity Tasks with Diffusion of Responsibility in Mind

The notion that security is everyone’s responsibility in computer systems dates back to at least the early 1980s when it was included in a US Navy training manual and hearings in the US House of Representatives. Behind the pithy slogan is the idea that every person in the organization contributes to its security program. Even…

Read more

How Security Can Better Support Software Engineering Teams

As the CISO at a tech company, my responsibilities include empowering our software engineering teams to maintain a strong security posture of our products. While everyone agrees that security is important, the different incentives of security and engineering teams can make it harder to collaborate. Here’s some advice on weaving security into the software development…

Read more

A Report Template for Incident Response

Preparing for cybersecurity and data privacy incidents involves creating checklists and documented plans to enable the response team to do their best during the incident. Preparation also includes creating a template that the team can use as the basis for the incident report, which is critical to ensuring that the incident is handled well. We…

Read more

Security Leaders Can Lower Expenses While Reducing Risk

As companies seek to optimize operations and constrain expenses, cybersecurity leaders worry about funding the projects we consider essential. Fortunately, in such an economic climate, we can achieve an outcome that benefits the organization from cybersecurity as well as financial perspectives. Here’s how. Start by critically reviewing how you’ll spend the security funds; this involves…

Read more

Withholding Single Sign-On from SaaS Customers is Bad for Business and Security

Despite years of public shaming by security professionals, some SaaS vendors only offer Single Sign-On (SSO) in high-end “enterprise” product tiers. By withholding this capability from smaller organizations, they put customers’ security at risk. Moreover, such vendors base a pricing strategy on a weak signal and miss an opportunity to lower their own security risk….

Read more

Three Ways CISOs Can Drive More Meaningful Collaboration

Today’s CISOs are more than technologists—we strive to make ourselves well-rounded business leaders. This involves aligning our efforts with business objectives and collaborating with colleagues who are not experts in IT or security. In fact, Gartner’s research found that top-performing CISOs regularly meet with three times as many non-IT stakeholders as they do with IT…

Read more

Let’s Address the Cybersecurity Careers Gap

Too many people are unsure how to enter or grow in the cybersecurity industry. It’s a relatively young field, and we haven’t done a good job of defining what it means to have a career in it. Hiring managers who are worried about finding candidates because of the much-discussed cybersecurity skills gap should consider the…

Read more

As a CISO, Are You a Builder, Fixer, or Scale Operator?

When contemplating the next step in your career as a cybersecurity leader, understand what you do best and what you enjoy doing. Figuring this out will help you identify organizations and projects that will benefit from your superpowers and accelerate your growth as a professional. As an added bonus, you’ll be more effective in communicating…

Read more

Untangling the Complexity of SaaS Ownership in the Enterprise

Before SaaS, employees had to rely on IT and other teams to procure software, which gave the organization a direct way of controlling such purchases and deployments. Now, employees can sign up for SaaS applications without involving anyone in the company. All it takes is a few clicks and (sometimes) a credit card for people to…

Read more