The Disclaimer:
Just to be clear, nothing that I write here represents the position or opinion of my employer. Nothing I write here is proprietary or confidential to my employer. Everything I write here is my personal opinion.Pages
Subscribe to Security & Cigars
Follow me on Twitter
My Tweets-
Recent Posts
Archives
Recent Comments
- David Elfering on Back to Normal
- Terry Holberton on How To Get My Attention
- Vaughn Harring on Eric Update
- ecowper on Cigars
- Mike Childs on Cigars
Categories
- Alcohol
- Apple
- Being A Grown-Up
- Big Data
- Board Responsibilities
- BYOD
- Career
- Cigars
- Cloud
- Conferences
- Consumer Devices
- CyberWar
- Doing Adulting Right
- Food
- FUD
- General
- Government
- Health
- Home
- InfoSec
- Life and Times
- Military
- Mobility
- Pandemic
- Penetration Testing
- Please Advise
- Risk Management
- Security
- Smoking
- Teamwork
- Technology
- Travel
- Travel
- Uncategorized
- Vulnerability Management
Category Archives: Technology
The Threat & Vulnerability Management Maturity Model Arrives
If you follow my blog, you know the Threat & Vulnerability Management Maturity Model has been in the works for a while now. I’m happy to report the full model has finally been published in Core Security’s latest white paper. What’s … Continue reading
Social Stuff:
Posted in InfoSec, Security, Vulnerability Management
Tagged CORE Security, cyber-security, information security, maturity model, risk management, security, vulnerability management
Comments Off on The Threat & Vulnerability Management Maturity Model Arrives
Another Preventable Breach
Another entry in the “Preventable Breach” and “We could have prevented this” columns. This appears to be all about change and configuration management. An area that really needs some work, clearly. Brian Krebs announced last night that there has been a … Continue reading
Social Stuff:
Posted in InfoSec, Security, Vulnerability Management
Tagged breaches, change management, Krebs, leaks, maturity model
Comments Off on Another Preventable Breach
Year One
It’s the end of Year One at Core Security. Time really flies when you’re having fun. I’ve been here for 12 months now, and a couple days, and I guess I should do the “looking back after the first year” … Continue reading
Social Stuff:
Posted in Career, Cigars, InfoSec, Security, Vulnerability Management
Comments Off on Year One
The Maturity Model … Matures
We are making good progress with the Vulnerability Management Maturity Model now. We have a very nice looking graphic that aligns activity across each stage of maturity. Next steps include demonstrating the business value of improving maturity, providing an assessment … Continue reading
Social Stuff:
Posted in InfoSec, Risk Management, Security, Vulnerability Management
Tagged maturity model
Comments Off on The Maturity Model … Matures
Vulnerability Management Maturity Model
I’ve been working on this for a couple months now. Basically, we all know the truth of the matter is that intrusions happen because we security guys are not able to patch the things that matter, fix the areas that intruders … Continue reading
Social Stuff:
Posted in Conferences, InfoSec, Security, Vulnerability Management
Tagged attack paths, bad guys, data overload, maturity, Vulnerability Insanity, vulnerability management
Comments Off on Vulnerability Management Maturity Model
A Week in Vegas
Yep, here I am in Las Vegas. Sitting in my hotel room knocking out a quick post on the blog before heading down to check in for BlackHat and find people and dinner. I plan to write something every day, … Continue reading
Social Stuff:
What Is A Good Security Program?
What distinguishes a good security program? One of the hardest questions to answer in the Information Security field is whether our security program is good, or not. It’s a question we want to answer for many reasons, not least of … Continue reading
Social Stuff:
Posted in InfoSec, Penetration Testing, Risk Management, Security, Vulnerability Management
Tagged APT, Gartner, Good Security, infosec, security, The Basics
Comments Off on What Is A Good Security Program?
Vulnerability Management Re-Visited
I know, boring topic. Just part of IT and Security operations. Nothing sexy here. It’s way more fun to think about how to beat those nasty, mean APT’s, how to detect malware actively on your network, how to do fancy … Continue reading
Social Stuff:
Posted in InfoSec, Risk Management, Security, Vulnerability Management
Tagged attack paths, ciso, Gartner, infosec, maturity model, TVM, vulnerability management
1 Comment
The Adobe Breach: Initial Lessons
Now that we’ve had a little time to absorb the impact of the Adobe breach, there’s a few lessons we can learn already. First, a link for those who have been living in a cave and don’t know what I … Continue reading
Social Stuff:
Posted in InfoSec, Risk Management, Security, Vulnerability Management
Tagged Adobe, Lessons Learned, Users, Vulnerability Insanity
20 Comments
Back to Basics …. Again
It appears that the bad guys who exploited Adobe in August, and stole ColdFusion and Adobe (maybe) source code, as well as millions of credit card numbers, used a well known ColdFusion vulnerability. What seems to have happened is that … Continue reading
Social Stuff:
Posted in BYOD, InfoSec, Security, Vulnerability Management
Tagged Adobe, attack paths, ColdFusion, CORE Security, exploits, infosec, IT Operations, vulnerabilities
Comments Off on Back to Basics …. Again