My Writing
- Tools When Successful Security Measures Are Taken For Granted When security controls consistently protect without incident, beneficiaries may question their value: "No breaches recently—why do we need a CISO?" Collect meaningful metrics showing safeguards are...
- Social Networking Explaining Computer Security Terms to Ordinary People Technical jargon that security professionals use daily may be meaningless to non-IT people. A collaborative effort with SANS Institute defines commonly-used security terms like firewall, exploit, and...
- Social Networking Twitter Social Networking Among Information Security People Twitter offers three-fold value for security professionals: discovering curated content (users act as content curators), interacting with peers (social stigmas almost non-existent), and researching...
- Incident Response 9 Convenient Lies in Information Security Common security claims are often oversimplifications: encryption alone doesn't secure data, compliance doesn't address all necessary controls, security seals reflect limited scans, background checks...
- Malware 5 Events in 2011 That Challenged Online Security and Trust Assumptions
- Tools Design Information Security With Failure in Mind Security controls will eventually fail despite best intentions—design architecture to detect suspicious activities early and limit incident scope when breaches occur. Like boats engineered to stay...