Risk Management

Apr

27

Encryption is Overrated

Years ago I found myself in one of those awkward elevator pairings where you are unexpectedly face to face with

Apr 27, 2023

3 min read

Nov

22

Cyber Governance: What is Fair to Expect from Board Directors and Management? 2 of 4

Episode 2: Risks In Episode 1 of this series I talked about oversight of cybersecurity threats and how a Board

Nov 22, 2022

6 min read

Nov

11

Bad CISO Archetypes

As part of my advisory work, I often help companies find and/or interview security leaders. While I'm a huge

Nov 11, 2022

4 min read

Oct

20

Episode 07 - Bug Bounties with guest Casey Ellis

Bugcrowd founder Casey Ellis joins #lifeafterCISO to talk about bug bounty programs in the wake of the Joe Sullivan Uber

Oct 20, 2022

1 min read

Oct

17

Cyber Governance: What is Fair to Expect from Board Directors and Management? 1 of 4

With mounting pressure around cyber literacy in the Boardroom, Directors are looking for specifics around what will be expected of

Oct 17, 2022

8 min read

Aug

22

Vulnerability management is dead. But GRC is hiring...

I used to have a TVM team. Threat & Vulnerability Management. The individuals in there had the word "Vulnerability" in their

Aug 22, 2022

2 min read

Aug

19

How much AppSec is too much?

I've been using the term "West Coast CISO" a lot lately. While it feels like CISOs used to be either

Aug 19, 2022

3 min read

Mar

01

Cybersecurity risk management is not too complex to articulate and address with specific, actionable measures. Adversarial Risk Management begins by

Mar 1, 2022

1 min read

Feb

24

Making Sense of Geographic Network and Travel Restrictions

There is a lot of confusion when it comes to cybersecurity "geo restrictions" on networks, and just as much when

Feb 24, 2022

8 min read

Jan

31

Patching is Overrated

Patching became a household term during the Equifax security breach and Congressional hearings. While IT maintenance and hygiene have their

Jan 31, 2022

4 min read