Vulnerability management is dead. But GRC is hiring...
I used to have a TVM team. Threat & Vulnerability Management. The individuals in there had the word "Vulnerability" in their
How much AppSec is too much?
I've been using the term "West Coast CISO" a lot lately. While it feels like CISOs used to be either
Cybersecurity risk management is not too complex to articulate and address with specific, actionable measures. Adversarial Risk Management begins by
Making Sense of Geographic Network and Travel Restrictions
There is a lot of confusion when it comes to cybersecurity "geo restrictions" on networks, and just as much when
Patching is Overrated
Patching became a household term during the Equifax security breach and Congressional hearings. While IT maintenance and hygiene have their
Cybersecurity in the Three Lines Model
Since 2010, the Three Lines of Defense model has been widely adopted as an authoritative framework for operational and financial
What are they after? A threat-based approach to cybersecurity risk management
I'm pleased to be a part of the publication of a substantial Cybersecurity Guide for Directors and Officers announced yesterday.