Copyright © 2016 Alexey Novikov

GDPR Fines: So now we know

Over the past few years, as companies I work with have been getting ready for GDPR, everyone knew about the potential fine size, but no one really knew if they’d be as big as they could be.  Now we know. 

Continue Reading
2018-09-28 Castle Visit-047-Pano-2

Friday Photo – New Horizons

I’ll be leaving IBM at the end of the month and starting a cool new adventure with a great organization. I’m really excited about the opportunity for growth, and looking forward to jumping in with both feet. To all those I’ve worked with over the years at Big Blue, my sincere thanks for the collaboration […]

Continue Reading
(c) Depositphotos / @ duha127

It’s never ‘just email’ – secure your endpoints

Like many security folks, I always grab and read the Verizon Data Breach Investigations report when it comes out, looking for trends and themes.  One of the things that struck me this year is that email remains a broad attack surface.  At that same time, my own conversations with security teams have seen a troubling […]

Continue Reading
2012-08 Yellowstone-619

Herd Immunity and Microsoft Legacy Patches

Microsoft just released patches for a ‘wormable’ vulnerability, and took the unusual step of including XP and Server 2003. That’s prompted conversations and comments about legacy operating systems and ‘enabling’ tardy upgraders. While there are people who still have their head down in denial, there are other cases where it’s much more complicated.

Continue Reading
(c) Depositphotos / 	MichalLudwiczak

It’s 2019 and we know better

Over the past few weeks I’ve run across, either personally or via press, case after case of companies with poor security practices. These aren’t small shops like Bob’s Bait and eCommerce site, rather big brand name organizations that have sophisticated security practices. So why do these things continue to happen?

Continue Reading
(c) Depositphotos / Gorodenkoff

Striking back against cyber attack: tempting, but no

Andy Kessler wrote an op-ed in the Wall Street Journallast week advocating for striking back against every cyberattack.  I’ve written before about why that’s a bad idea for private organizations, yet in this case he’s advocating for a government response.  While it’s very tempting emotionally, when we step back and look at the options and […]

Continue Reading

Managing online risk – beyond the basics

I had a conversation recently with someone who’s a ‘high value target’ about how to stay safe online and recalled an article earlier this year that a famous actress no longer will take selfies with fans because they include time and location information, as well as what she’s currently wearing. She’s worried about stalkers. While […]

Continue Reading
2010-11-13 San Francisco-053-12

2019 Security Program Horizons

One of the things I love most about my job is the opportunity to collaborate with hundreds of security leaders across many industries and geographies.  There’s definitely industry focuses, as well as some geographic trends, yet the overarching themes are common across the security landscape.  Following the usual year end tradition, here’s what I see [...]
Continue Reading