Category Archives: InfoSec

Vulnerability Management Maturity Model

I’ve been working on this for a couple months now. Basically, we all know the truth of the matter is that intrusions happen because we security guys are not able to patch the things that matter, fix the areas that intruders … Continue reading

0Shares
Posted in Conferences, InfoSec, Security, Vulnerability Management | Tagged , , , , , | Comments Off on Vulnerability Management Maturity Model

A Week in Vegas

Yep, here I am in Las Vegas. Sitting in my hotel room knocking out a quick post on the blog before heading down to check in for BlackHat and find people and dinner. I plan to write something every day, … Continue reading

0Shares
Posted in Cigars, Conferences, General, InfoSec, Security, Vulnerability Management | Tagged , , , , | Comments Off on A Week in Vegas

What Is A Good Security Program?

What distinguishes a good security program? One of the hardest questions to answer in the Information Security field is whether our security program is good, or not. It’s a question we want to answer for many reasons, not least of … Continue reading

0Shares
Posted in InfoSec, Penetration Testing, Risk Management, Security, Vulnerability Management | Tagged , , , , , | Comments Off on What Is A Good Security Program?

Vulnerability Management Re-Visited

I know, boring topic. Just part of IT and Security operations. Nothing sexy here. It’s way more fun to think about how to beat those nasty, mean APT’s, how to detect malware actively on your network, how to do fancy … Continue reading

0Shares
Posted in InfoSec, Risk Management, Security, Vulnerability Management | Tagged , , , , , , | 1 Comment

You Can’t Defend Without Intelligence

Imagine you are an Army General. And you have been given responsibility to defend a town that is the key to the local road network. You have a specific set of units under your command and several days to prepare … Continue reading

0Shares
Posted in InfoSec, Security | Tagged , , , , , | 3 Comments

2013: A Roller Coaster

Or, as my wife put it, Random Ramblings of a Security Executive. Yes, it’s that time. Writing a blog post to wrap up the year, just all the rest of you do. I decided I’d cover my personal and professional … Continue reading

0Shares
Posted in Career, Government, InfoSec, Life and Times, Security | Tagged , , , , , , , , , | 2 Comments

Thinking About Healthcare.gov’s Security

Now that the Information Technology and Security communities have had time to digest what’s going on with Healthcare.gov, they are starting to think about what the “glitches” mean from a security perspective. For example, here’s some coverage in eWeek. And … Continue reading

0Shares
Posted in InfoSec | Tagged | 5 Comments

The Adobe Breach: Initial Lessons

Now that we’ve had a little time to absorb the impact of the Adobe breach, there’s a few lessons we can learn already. First, a link for those who have been living in a cave and don’t know what I … Continue reading

0Shares
Posted in InfoSec, Risk Management, Security, Vulnerability Management | Tagged , , , | 20 Comments

Back to Basics …. Again

It appears that the bad guys who exploited Adobe in August, and stole ColdFusion and Adobe (maybe) source code, as well as millions of credit card numbers, used a well known ColdFusion vulnerability. What seems to have happened is that … Continue reading

0Shares
Posted in BYOD, InfoSec, Security, Vulnerability Management | Tagged , , , , , , , | Comments Off on Back to Basics …. Again

Day 3 at CORE

Yet another day of fun at CORE today. Spent the day getting to know the people, figuring out critical strategies, and places where I can start inserting myself to have some immediate impact. Started working on goals for the next … Continue reading

0Shares
Posted in CyberWar, FUD, General, InfoSec, Life and Times | Tagged , , , , , , , | Comments Off on Day 3 at CORE