risk management

Aug
22
Vulnerability management is dead. But GRC is hiring...

Vulnerability management is dead. But GRC is hiring...

I used to have a TVM team. Threat & Vulnerability Management. The individuals in there had the word "Vulnerability" in their
2 min read
Aug
19
How much AppSec is too much?

How much AppSec is too much?

I've been using the term "West Coast CISO" a lot lately. While it feels like CISOs used to be either
3 min read
Mar
01
Risk Management

Risk Management

Cybersecurity risk management is not too complex to articulate and address with specific, actionable measures. Adversarial Risk Management begins by
1 min read
Feb
24
Making Sense of Geographic Network and Travel Restrictions

Making Sense of Geographic Network and Travel Restrictions

There is a lot of confusion when it comes to cybersecurity "geo restrictions" on networks, and just as much when
8 min read
Jan
31
Patching is Overrated

Patching is Overrated

Patching became a household term during the Equifax security breach and Congressional hearings. While IT maintenance and hygiene have their
4 min read
Dec
27
Cybersecurity in the Three Lines Model

Cybersecurity in the Three Lines Model

Since 2010, the Three Lines of Defense model has been widely adopted as an authoritative framework for operational and financial
5 min read
Oct
13
What are they after? A threat-based approach to cybersecurity risk management

What are they after? A threat-based approach to cybersecurity risk management

I'm pleased to be a part of the publication of a substantial Cybersecurity Guide for Directors and Officers announced yesterday.
8 min read