Encryption is Overrated
Years ago I found myself in one of those awkward elevator pairings where you are unexpectedly face to face with
Cyber Governance: What is Fair to Expect from Board Directors and Management? 2 of 4
Episode 2: Risks
In Episode 1 of this series I talked about oversight of cybersecurity threats and how a Board
Bad CISO Archetypes
As part of my advisory work, I often help companies find and/or interview security leaders. While I'm a huge
Episode 07 - Bug Bounties with guest Casey Ellis
Bugcrowd founder Casey Ellis joins #lifeafterCISO to talk about bug bounty programs in the wake of the Joe Sullivan Uber
Cyber Governance: What is Fair to Expect from Board Directors and Management? 1 of 4
With mounting pressure around cyber literacy in the Boardroom, Directors are looking for specifics around what will be expected of
Vulnerability management is dead. But GRC is hiring...
I used to have a TVM team. Threat & Vulnerability Management. The individuals in there had the word "Vulnerability" in their
How much AppSec is too much?
I've been using the term "West Coast CISO" a lot lately. While it feels like CISOs used to be either
Risk Management
Cybersecurity risk management is not too complex to articulate and address with specific, actionable measures. Adversarial Risk Management begins by
Making Sense of Geographic Network and Travel Restrictions
There is a lot of confusion when it comes to cybersecurity "geo restrictions" on networks, and just as much when
Patching is Overrated
Patching became a household term during the Equifax security breach and Congressional hearings. While IT maintenance and hygiene have their