cyberops

Dec
15
The Risk Acceptance Myth

The Risk Acceptance Myth

The notion of "Risk Acceptance" has always challenged me. For the uninitiated, Risk Acceptance is a concept often discussed in
4 min read
Oct
19
Cyber Governance: What is Fair to Expect from Board Directors and Management? 3 of 4

Cyber Governance: What is Fair to Expect from Board Directors and Management? 3 of 4

Episode 3: Incidents In Episode 1 of this series I talked about oversight of cybersecurity threats and how a Board
10 min read
Aug
25
Overrated? On TPRM, SBOM, Solarwinds, and Supply Chain Security

Overrated? On TPRM, SBOM, Solarwinds, and Supply Chain Security

We've all run to the same side of the boat on supply chain security when it comes to cyber. Rather
2 min read
Apr
27

Encryption is Overrated

Years ago I found myself in one of those awkward elevator pairings where you are unexpectedly face to face with
3 min read
Dec
07
Network Egress and Ingress Fundamentals

Network Egress and Ingress Fundamentals

There is a lot of confusion about network ingress and egress. This isn't limited to junior staff; I've witnessed this
5 min read
Jun
22
The value of the True Positive

The value of the True Positive

As originally published on Vectra's Unfiltered at https://www.unfilteredcxo.com/ Cybersecurity is afflicted with the duty of “proving a
3 min read
Mar
01
Cybersecurity Strategy

Cybersecurity Strategy

Even mature, highly-resourced cybersecurity programs can overlook articulating a strategy in the absence of specific regulatory requirements. All organizations are
1 min read
Feb
05
IOCs aren't for blocking - they are for control validation

IOCs aren't for blocking - they are for control validation

There is a misconception out there that security departments should be ingesting feeds of Indicators of Compromise (IOCs) and loading
3 min read
Jan
31
Patching is Overrated

Patching is Overrated

Patching became a household term during the Equifax security breach and Congressional hearings. While IT maintenance and hygiene have their
4 min read
Oct
01
It's not the 2FA.. it's the 1TP!!!

It's not the 2FA.. it's the 1TP!!!

Multifactor authentication (MFA / 2FA) is arguably the most powerful security control deployed over the past 20 years. But it dawned
2 min read