- Tools The Importance of Feeling Secure
Feeling secure differs from being secure—both matter. Users may abandon effective but quiet security tools, CISOs need compelling metrics and reports even when doing excellent work, and clients need...
- Assessments Security Assessment Report as a Critique, Not Criticism
Write security assessment reports as critique, not criticism. Focus on factual findings, processes, and organizational structure rather than chastising individuals—angry readers ignore key messages....
- Career 6 Tips for Hiring and Working With Security Consultants
Before engaging security consultants, understand your requirements to stay in control. Reach out to multiple firms for perspectives and price validation, assess who specifically will work on the...
- Assessments Perception of Value in Security Consulting Projects
Clients can't evaluate specialized security work directly, so they estimate value by assessing effort—usually time. A skilled locksmith opening locks in seconds gets fewer tips than when...
- Assessments Dealing with Misinformation During Security Assessments and Forensic Investigations
Interview subjects don't always provide accurate information—they may not know details, remember incorrectly, or have incentives to mislead. Look for discrepancies between sources, ask similar...
- Social Engineering Social Engineering and Mirroring the Emotional State
Effective social engineers are "high self-monitors"—they subconsciously pick up social cues and adjust their presentation, identifying topics of interest, appearing non-threatening through nonverbal...