- Leadership 5 Bad Habits of Cybersecurity Professionals
Activity doesn't guarantee progress. Security teams keep falling into five habits that look productive, but leave our programs no stronger than before.
- Leadership Breaking Down the Walls Between Application and Infrastructure Security
When separate teams run application security and infrastructure security, attackers exploit the gap between them and you spend on the wrong risks. The technology has already merged the two domains,...
- Leadership The Worrisome State of the Cybersecurity Industry
What's most telling about the security community's long list of complaints is how little it has changed over the years. Tools that don't fit our needs, vendors that overpromise, spending divorced...
- Risk Management Non-Financial "Currency" for Framing Security Discussions
Frame security discussions using internal "currency" beyond dollars—reputation, service availability, trade secrets. Also consider individual concerns: looking bad in front of managers, being fired...
- Risk Management Which Information Security Controls Are Most Important?
Comparing Securosis, PwC, and SANS 20 Critical Controls projects, system hardening appears across all three lists. Other consistently important controls include centralized security event monitoring,...
- Leadership CISOs Can Find Allies at the General Counsel Office
CISOs who build strong working relationships with General Counsel gain a powerful ally for navigating compliance obligations, protecting intellectual property, and managing risk. The regulatory...