When people ask me what I really do for a living, I tell them I’m a storyteller: I listen to people tell how things are, apply my experience and insight to the situation, then tell a story about how we can make the future better. After a recent keynote, I was flattered when several people […]
I’ve written before that security is fundamentally an information management problem. It’s about having good sensors and instrumentation in the environment, having that information flow to a central repository where anomalies can be identified, and then being able to take action on it back in the environment. That’s traditionally be done through a SIEM solution, […]
I often open a keynote presentation by noting that organizations are undergoing a fundamental shift in security strategy – moving from compliance focused, to a risk based approach. That’s still ongoing, even for large and sophisticated organizations there is still a gravity towards ‘doing it for the audit’, rather than ‘doing it because there’s risk’. […]
So all your preventative measures have failed – to be fair, they succeeded for the last few thousand hacks, but the bad guys got lucky once, and you now have a full blown incident underway. Unfortunately you (the CEO) is at 23,000’ knocking K2 off their bucket list. How does your company execute?