Category Archives: Security

The Threat & Vulnerability Management Maturity Model Arrives

Posted on October 23, 2014 by Eric

If you follow my blog, you know the Threat & Vulnerability Management Maturity Model has been in the works for a while now. I’m happy to report the full model has finally been published in Core Security’s latest white paper. What’s … Continue reading

0Shares
Posted in InfoSec, Security, Vulnerability Management | Tagged , , , , , , | Comments Off on The Threat & Vulnerability Management Maturity Model Arrives

23 Years is a Long Time

Posted on October 11, 2014 by Eric

I woke up in the Middle East this morning. In Dubai in the United Arab Emirates, to be precise. This isn’t the first time I have been in the Middle East. I’ve been to Saudi Arabia, Kuwait, Iraq, Egypt and … Continue reading

0Shares
Posted in Conferences, Travel | Tagged , , , , , , | Comments Off on 23 Years is a Long Time

Another Preventable Breach

Posted on October 8, 2014 by Eric

Another entry in the “Preventable Breach” and “We could have prevented this” columns. This appears to be all about change and configuration management. An area that really needs some work, clearly. Brian Krebs announced last night that there has been a … Continue reading

0Shares
Posted in InfoSec, Security, Vulnerability Management | Tagged , , , , | Comments Off on Another Preventable Breach

Year One

Posted on October 5, 2014 by Eric

It’s the end of Year One at Core Security. Time really flies when you’re having fun. I’ve been here for 12 months now, and a couple days, and I guess I should do the “looking back after the first year” … Continue reading

0Shares
Posted in Career, Cigars, InfoSec, Security, Vulnerability Management | Comments Off on Year One

The Maturity Model … Matures

Posted on August 26, 2014 by Eric

We are making good progress with the Vulnerability Management Maturity Model now. We have a very nice looking graphic that aligns activity across each stage of maturity. Next steps include demonstrating the business value of improving maturity, providing an assessment … Continue reading

0Shares
Posted in InfoSec, Risk Management, Security, Vulnerability Management | Tagged | Comments Off on The Maturity Model … Matures

Thinking About BlackHat – The Suits vs. The Shorts

Posted on August 13, 2014 by Eric

One of the interesting things about BlackHat is that hackers and CISOs rub elbows. One of the few places where that happens routinely. It’s kinda funny. The CISOs are trying not to look so much like a “suit”, so they … Continue reading

0Shares
Posted in Conferences, CyberWar, FUD, Security | Tagged | Comments Off on Thinking About BlackHat – The Suits vs. The Shorts

Just A Few Things Left

Posted on August 7, 2014 by Eric

That’s right, not too much more left here at BlackHat. A couple of meetings with customers, a couple of analysts. And of course, Core’s party at the RX Boiler Room. Which is supposed to be pretty epic. Then I’m gonna … Continue reading

0Shares
Posted in Conferences, Security | Tagged | Comments Off on Just A Few Things Left

Vulnerability Management Maturity Model

Posted on August 6, 2014 by Eric

I’ve been working on this for a couple months now. Basically, we all know the truth of the matter is that intrusions happen because we security guys are not able to patch the things that matter, fix the areas that intruders … Continue reading

0Shares
Posted in Conferences, InfoSec, Security, Vulnerability Management | Tagged , , , , , | Comments Off on Vulnerability Management Maturity Model

A Week in Vegas

Posted on August 4, 2014 by Eric

Yep, here I am in Las Vegas. Sitting in my hotel room knocking out a quick post on the blog before heading down to check in for BlackHat and find people and dinner. I plan to write something every day, … Continue reading

0Shares
Posted in Cigars, Conferences, General, InfoSec, Security, Vulnerability Management | Tagged , , , , | Comments Off on A Week in Vegas

August: Something I Swore I’d Never Do

Posted on July 31, 2014 by Eric

No, not August, actually. It comes every year and it would be a bit awkward to swear off of August. Imagine me having to basically go into some sort of hibernation for 31 days. What I swore I’d never do … Continue reading

0Shares
Posted in Career, Conferences, Life and Times, Security | Tagged , , , , , | Comments Off on August: Something I Swore I’d Never Do