Articles on Assessments

Below are my perspectives on Assessments, drawn from my work as a security leader and practitioner.

• Assessments Scope Security Assessments for Attack Paths, Not Org Charts
  When assessment scope follows organizational lines, gaps open where team boundaries meet and real attackers don't stop. Pulling adjacent teams into the scoping conversation and following attack logic...
• Assessments Experts Cannot Help Overstating Their Expertise
  Self-proclaimed experts are more likely to claim knowledge of things they don't know, including nonexistent terms in their fields of expertise. This overclaiming tendency means security professionals...
• Assessments Tips for Creating a Strong Cybersecurity Assessment Report
  Creating a strong security assessment report requires analyzing data beyond tool output, prioritizing findings by risk, documenting methodology and scope, and providing practical remediation...
• Assessments Information Security Assessment RFP Cheat Sheet
  Effective security assessment RFPs require understanding what's driving the need, ensuring staff availability, and defining realistic timelines and budgets. Key elements include specifying assessment...
• Communication Balancing Brevity and Verbosity in Business Communications
  Brevity is valuable when audiences lack time or inclination—use elevator pitches for executives, SWOT matrices for pros and cons, and keep emails short. Verbosity is appropriate when responding to...
• Assessments Looking for Infected Systems as Part of a Security Assessment
  Security assessments often produce predictable results—missing patches—so consider adding malware detection tasks. Techniques include identifying unmanaged systems, analyzing autorun entries for...