The Disclaimer:
Just to be clear, nothing that I write here represents the position or opinion of my employer. Nothing I write here is proprietary or confidential to my employer. Everything I write here is my personal opinion.Pages
Subscribe to Security & Cigars
Follow me on Twitter
My Tweets-
Recent Posts
Archives
Recent Comments
- David Elfering on Back to Normal
- Terry Holberton on How To Get My Attention
- Vaughn Harring on Eric Update
- ecowper on Cigars
- Mike Childs on Cigars
Categories
- Alcohol
- Apple
- Being A Grown-Up
- Big Data
- Board Responsibilities
- BYOD
- Career
- Cigars
- Cloud
- Conferences
- Consumer Devices
- CyberWar
- Doing Adulting Right
- Food
- FUD
- General
- Government
- Health
- Home
- InfoSec
- Life and Times
- Military
- Mobility
- Pandemic
- Penetration Testing
- Please Advise
- Risk Management
- Security
- Smoking
- Teamwork
- Technology
- Travel
- Travel
- Uncategorized
- Vulnerability Management
Category Archives: Security
What Is A Good Security Program?
What distinguishes a good security program? One of the hardest questions to answer in the Information Security field is whether our security program is good, or not. It’s a question we want to answer for many reasons, not least of … Continue reading
Posted in InfoSec, Penetration Testing, Risk Management, Security, Vulnerability Management
Tagged APT, Gartner, Good Security, infosec, security, The Basics
Comments Off on What Is A Good Security Program?
Vulnerability Management Re-Visited
I know, boring topic. Just part of IT and Security operations. Nothing sexy here. It’s way more fun to think about how to beat those nasty, mean APT’s, how to detect malware actively on your network, how to do fancy … Continue reading
Posted in InfoSec, Risk Management, Security, Vulnerability Management
Tagged attack paths, ciso, Gartner, infosec, maturity model, TVM, vulnerability management
1 Comment
You Can’t Defend Without Intelligence
Imagine you are an Army General. And you have been given responsibility to defend a town that is the key to the local road network. You have a specific set of units under your command and several days to prepare … Continue reading
Posted in InfoSec, Security
Tagged Attack Intelligence, Checklists, Compliance, Defense, Intelligence, security
3 Comments
New Year’s Resolution: Stop Being a Victim
I was recently asked what I thought should be the most important resolution for consumers going in to 2014. A resolution in the context of improving the individual consumers personal and financial security. Since the request was for publication in … Continue reading
Posted in Security
Tagged con artists, consumer security, cyber-security, financial crime, hackers, malware, New Year's Resolution, social engineering
1 Comment
2013: A Roller Coaster
Or, as my wife put it, Random Ramblings of a Security Executive. Yes, it’s that time. Writing a blog post to wrap up the year, just all the rest of you do. I decided I’d cover my personal and professional … Continue reading
Posted in Career, Government, InfoSec, Life and Times, Security
Tagged 2013, 2014, CORE Security, cyber-, healthcare, infosec, personal life, professional life, security, travel
2 Comments
Thinking About Healthcare.gov’s Security
Now that the Information Technology and Security communities have had time to digest what’s going on with Healthcare.gov, they are starting to think about what the “glitches” mean from a security perspective. For example, here’s some coverage in eWeek. And … Continue reading
The Adobe Breach: Initial Lessons
Now that we’ve had a little time to absorb the impact of the Adobe breach, there’s a few lessons we can learn already. First, a link for those who have been living in a cave and don’t know what I … Continue reading
Posted in InfoSec, Risk Management, Security, Vulnerability Management
Tagged Adobe, Lessons Learned, Users, Vulnerability Insanity
20 Comments
Back to Basics …. Again
It appears that the bad guys who exploited Adobe in August, and stole ColdFusion and Adobe (maybe) source code, as well as millions of credit card numbers, used a well known ColdFusion vulnerability. What seems to have happened is that … Continue reading
Posted in BYOD, InfoSec, Security, Vulnerability Management
Tagged Adobe, attack paths, ColdFusion, CORE Security, exploits, infosec, IT Operations, vulnerabilities
Comments Off on Back to Basics …. Again
Day 3 at CORE
Yet another day of fun at CORE today. Spent the day getting to know the people, figuring out critical strategies, and places where I can start inserting myself to have some immediate impact. Started working on goals for the next … Continue reading
Posted in CyberWar, FUD, General, InfoSec, Life and Times
Tagged back doors, cyber-security, cyberwar, encryption, infosec, instapundit, NSA, security
Comments Off on Day 3 at CORE
Building CISO Relevance: Written For BitSight
BitSight is a very interesting security startup that is trying to do something we all have wanted for a long time. Their goal is to find ways to actually quantify risk in a measurable, objective way. If they achieve anything … Continue reading
Posted in Big Data, General, InfoSec, Risk Management
Tagged ciso, information security, relevance, risk
Comments Off on Building CISO Relevance: Written For BitSight