Despite years of public shaming by security professionals, some SaaS vendors only offer Single Sign-On (SSO) in high-end “enterprise” product tiers. By withholding this capability from smaller organizations, they put customers’ security at risk. Moreover, such vendors base a pricing strategy on a weak signal and miss an opportunity to lower their own security risk….
Blog
My writing focuses on information security, with topics ranging from broad IT trends to detailed technical advice on malware. Scroll through the posts to see whether my interests overlap with yours. Follow this blog to keep up with my latest publications.
Three Ways CISOs Can Drive More Meaningful Collaboration
Today’s CISOs are more than technologists—we strive to make ourselves well-rounded business leaders. This involves aligning our efforts with business objectives and collaborating with colleagues who are not experts in IT or security. In fact, Gartner’s research found that top-performing CISOs regularly meet with three times as many non-IT stakeholders as they do with IT…
Let’s Address the Cybersecurity Careers Gap
Too many people are unsure how to enter or grow in the cybersecurity industry. It’s a relatively young field, and we haven’t done a good job of defining what it means to have a career in it. Hiring managers who are worried about finding candidates because of the much-discussed cybersecurity skills gap should consider the…
As a CISO, Are You a Builder, Fixer, or Scale Operator?
When contemplating the next step in your career as a cybersecurity leader, understand what you do best and what you enjoy doing. Figuring this out will help you identify organizations and projects that will benefit from your superpowers and accelerate your growth as a professional. As an added bonus, you’ll be more effective in communicating…
Untangling the Complexity of SaaS Ownership in the Enterprise
Before SaaS, employees had to rely on IT and other teams to procure software, which gave the organization a direct way of controlling such purchases and deployments. Now, employees can sign up for SaaS applications without involving anyone in the company. All it takes is a few clicks and (sometimes) a credit card for people to…
Shift Your Mindset from Conflict to Collaboration to Succeed in Security
In the two decades I’ve spent in cybersecurity, I’ve observed and experienced the fighting spirit of security professionals: When tasked with safeguarding information assets, we envision ourselves erecting defenses to keep threat actors at bay, or we emulate malicious actions to find flaws in the organization’s security measures before attackers exploit them. We fight. Let’s…
Cybersecurity: No Longer the “Department of No”
Cybersecurity leaders not only go against threat actors to defend the organization but also find themselves at odds with other business executives. How can we avoid fighting everyone? What does it take to ensure the security team doesn’t become the department of “no”? We’re often in the position of having to deny people’s requests. Our…
How to Ask Questions to Succeed with Security Projects
No matter the years of experience in cybersecurity, security professionals are often in situations where crucial details are missing. Yet, we often hesitate to ask questions because we don’t want to appear ignorant or don’t know what to ask. I captured my perspective on asking questions in a constructive way in a three-post series. Read…
How You Can Start Learning Malware Analysis
Malware analysis sits at the intersection of incident response, forensics, system and network administration, security monitoring, and software engineering. You can get into this field by building upon your existing skills in any of these disciplines. As someone who’s helped thousands of security professionals learn how to analyze malware at SANS Institute, I have a…
REMnux Tools List for Malware Analysis
REMnux® offers a curated collection of free tools for reverse-engineering or otherwise analyzing malicious software. How to find the right tool for the job, given how many useful utilities come as part of the distro? To guide you through the process of examining malware, REMnux documentation lists the installed tools by category. Each grouping, which…