The Disclaimer:
Just to be clear, nothing that I write here represents the position or opinion of my employer. Nothing I write here is proprietary or confidential to my employer. Everything I write here is my personal opinion.Pages
Subscribe to Security & Cigars
Follow me on Twitter
My Tweets-
Recent Posts
Archives
Recent Comments
- David Elfering on Back to Normal
- Terry Holberton on How To Get My Attention
- Vaughn Harring on Eric Update
- ecowper on Cigars
- Mike Childs on Cigars
Categories
- Alcohol
- Apple
- Being A Grown-Up
- Big Data
- Board Responsibilities
- BYOD
- Career
- Cigars
- Cloud
- Conferences
- Consumer Devices
- CyberWar
- Doing Adulting Right
- Food
- FUD
- General
- Government
- Health
- Home
- InfoSec
- Life and Times
- Military
- Mobility
- Pandemic
- Penetration Testing
- Please Advise
- Risk Management
- Security
- Smoking
- Teamwork
- Technology
- Travel
- Travel
- Uncategorized
- Vulnerability Management
Category Archives: InfoSec
Getting Back To New Normal and Good Security Hygiene
Today at work we were working with some clients who still had some very old, and insecure, authentication methods in their networks. Methods that could enable a malicious person to take over their entire Active Directory domain in a matter … Continue reading
Social Stuff:
Posted in InfoSec, Pandemic, Security
Tagged Back to Security Basics, Detect and Respond, New Normal, Security Hygiene
Comments Off on Getting Back To New Normal and Good Security Hygiene
How To Get My Attention
A couple days ago, I let it be known on LinkedIn that I had taken a new position as the Director, Information Security at Esterline Technologies. Then I got a bunch of private messages from sales folks trying to sell … Continue reading
Social Stuff:
Posted in Career, FUD, InfoSec, Life and Times
Tagged facebook, linkedin, new job, sales people, social media, twitter
1 Comment
Trolls
I hate it when I get caught by trolls. No, there is no new LinkedIn breach. I read the article and missed the date on it. Thanks Jayson Street for pointing out the date to me.
Social Stuff:
Information Security and Tanks
Not too long ago my good friend, Michael Farnum, invited me to be the closing speaker at HouSecCon. I told him I would love to … then he asked me to give a talk that involved my military experience and … Continue reading
Social Stuff:
Posted in Career, InfoSec, Life and Times, Military
Tagged Army, information security, infosec, Tanks
Comments Off on Information Security and Tanks
Emergency Preparedness and Cyber Security
This week I had the opportunity to be the plenary speaker for the Alaska Homeland Security Preparedness Conference. It was a great chance to talk to folks who worry about terrorism and natural disasters and convey to them the impact that … Continue reading
Social Stuff:
Posted in Conferences, CyberWar, InfoSec, Security
Tagged cyber-security, Emergency Readiness, Homeland Security, Threats
Comments Off on Emergency Preparedness and Cyber Security
Do The Security Basics Well ….. AGAIN (and again, and again)
I’m not really sure what it is going to take for people to do Information Security basics well. Just how many multi-million credit card breach, PLA attacks a hospital company, hacktivists use insider to breach you headlines is it going … Continue reading
Social Stuff:
Posted in Career, InfoSec, Security
Tagged Board of Directors, CEO, information security, security basics
Comments Off on Do The Security Basics Well ….. AGAIN (and again, and again)
The Threat & Vulnerability Management Maturity Model Arrives
If you follow my blog, you know the Threat & Vulnerability Management Maturity Model has been in the works for a while now. I’m happy to report the full model has finally been published in Core Security’s latest white paper. What’s … Continue reading
Social Stuff:
Posted in InfoSec, Security, Vulnerability Management
Tagged CORE Security, cyber-security, information security, maturity model, risk management, security, vulnerability management
Comments Off on The Threat & Vulnerability Management Maturity Model Arrives
Another Preventable Breach
Another entry in the “Preventable Breach” and “We could have prevented this” columns. This appears to be all about change and configuration management. An area that really needs some work, clearly. Brian Krebs announced last night that there has been a … Continue reading
Social Stuff:
Posted in InfoSec, Security, Vulnerability Management
Tagged breaches, change management, Krebs, leaks, maturity model
Comments Off on Another Preventable Breach
Year One
It’s the end of Year One at Core Security. Time really flies when you’re having fun. I’ve been here for 12 months now, and a couple days, and I guess I should do the “looking back after the first year” … Continue reading
Social Stuff:
Posted in Career, Cigars, InfoSec, Security, Vulnerability Management
Comments Off on Year One
The Maturity Model … Matures
We are making good progress with the Vulnerability Management Maturity Model now. We have a very nice looking graphic that aligns activity across each stage of maturity. Next steps include demonstrating the business value of improving maturity, providing an assessment … Continue reading
Social Stuff:
Posted in InfoSec, Risk Management, Security, Vulnerability Management
Tagged maturity model
Comments Off on The Maturity Model … Matures