My Writing
- Malware Market Segmentation in Computer Attacks Computer attackers segment victims by organization size (focused enterprise targets vs. mass-scale SMBs), geography (paying more for North American infections), and industry. Defenders need to...
- Risk Management Know the Alternatives When Negotiating IT Risk Mitigation Approaches When business managers reject expensive security recommendations, present alternative mitigation options—such as virtual patching as a stopgap before code fixes. Understanding your BATNA (Best...
- Risk Management Why Business Managers Ignore IT Security Risk Recommendations Business managers may dismiss security recommendations for multiple reasons: they're better positioned to make risk decisions, they've become immune to FUD, they're fatigued from constant...
- Career Which Information Security Job Titles Are Least and Most Common?
- Risk Management Choice Fatigue Might Affect Information Security Decisions Research shows judges grant parole more often after meals because mental exhaustion from repeated decisions leads to status-quo choices. Security professionals making continuous decisions about...
- Incident Response How Much Should an Information Security Book Cost?