- Assessments Tips for Creating a Strong Cybersecurity Assessment Report
In a strong cybersecurity assessment report, you rate each finding by its risk to the organization rather than its raw tool score. You give readers the context and remediation steps they need to act...
- Cheat Sheets How to Suck at Information Security - A Cheat Sheet
A tongue-in-cheek collection of common security mistakes to avoid: deploying products without tuning them, treating all assets with equal rigor regardless of risk, locking down infrastructure so...
- Risk Management The Illusion of Invulnerability in Cybersecurity
Healthcare workers wash hands more often when signs emphasize protecting patients rather than themselves, because people overestimate their own invulnerability but not others'. Security messaging may...
- Incident Response The Adversarial Cycle of Computer Attacks and Defenses
The adversarial cycle has four phases: Attack (unfettered), Detect (forming response), Defense (attack rendered ineffective), and Mutate (attacker adapts). Defenders shorten Attack/Detect through...
- Leadership 9 Convenient Lies in Cybersecurity
Familiar security claims like "we use AES-256" or "we're SOC 2 compliant" are technically true. Each one omits conditions that determine risk, and we need to communicate them carefully to avoid...
- Malware Enterprises Won't Adopt Adobe Reader X Any Time Soon
Adobe Reader X's Protected Mode sandbox significantly improves security, yet 56% of enterprise installations ran vulnerable older versions. Organizations lack skills for large-scale non-Microsoft...