The Risk Acceptance Myth
The notion of "Risk Acceptance" has always challenged me. For the uninitiated, Risk Acceptance is a concept often discussed in
Encryption is Overrated
Years ago I found myself in one of those awkward elevator pairings where you are unexpectedly face to face with
Network Egress and Ingress Fundamentals
There is a lot of confusion about network ingress and egress. This isn't limited to junior staff; I've witnessed this
Episode 07 - Bug Bounties with guest Casey Ellis
Bugcrowd founder Casey Ellis joins #lifeafterCISO to talk about bug bounty programs in the wake of the Joe Sullivan Uber
Episode 06 - Retire Many Times with guest Sounil Yu
Sounil Yu joins the #lifeafterCISO podcast and shares the idea of "retiring many times". Sounil is the renowned author of
How much AppSec is too much?
I've been using the term "West Coast CISO" a lot lately. While it feels like CISOs used to be either
It's not the 2FA.. it's the 1TP!!!
Multifactor authentication (MFA / 2FA) is arguably the most powerful security control deployed over the past 20 years. But it dawned
Quick trick to assess your vulnerability to SIM swapping
I listened to an NPR story on SMS SIM swapping on my drive in this morning. This is a pretty