2012-08 Yellowstone-619

Herd Immunity and Microsoft Legacy Patches

Microsoft just released patches for a ‘wormable’ vulnerability, and took the unusual step of including XP and Server 2003. That’s prompted conversations and comments about legacy operating systems and ‘enabling’ tardy upgraders. While there are people who still have their head down in denial, there are other cases where it’s much more complicated.

Continue Reading
(c) Depositphotos / 	MichalLudwiczak

It’s 2019 and we know better

Over the past few weeks I’ve run across, either personally or via press, case after case of companies with poor security practices. These aren’t small shops like Bob’s Bait and eCommerce site, rather big brand name organizations that have sophisticated security practices. So why do these things continue to happen?

Continue Reading
(c) Depositphotos / Gorodenkoff

Striking back against cyber attack: tempting, but no

Andy Kessler wrote an op-ed in the Wall Street Journallast week advocating for striking back against every cyberattack.  I’ve written before about why that’s a bad idea for private organizations, yet in this case he’s advocating for a government response.  While it’s very tempting emotionally, when we step back and look at the options and […]

Continue Reading

Managing online risk – beyond the basics

I had a conversation recently with someone who’s a ‘high value target’ about how to stay safe online and recalled an article earlier this year that a famous actress no longer will take selfies with fans because they include time and location information, as well as what she’s currently wearing. She’s worried about stalkers. While […]

Continue Reading
2010-11-13 San Francisco-053-12

2019 Security Program Horizons

One of the things I love most about my job is the opportunity to collaborate with hundreds of security leaders across many industries and geographies.  There’s definitely industry focuses, as well as some geographic trends, yet the overarching themes are common across the security landscape.  Following the usual year end tradition, here’s what I see [...]
Continue Reading
2017-10 Australia-983-12

Friday Photo – Ready for the Storm: Cape Otway Lighthouse

On our trip to Victoria, Australia we revisited our previous route along the Great Ocean Road.  Last time we didn't have a chance to head down Cape Otway and see the lighthouse, so we made a point to add it to the itinerary.  We visited on a blustery October day, with the wind biting and [...]
Continue Reading
(C) Copyright Depositphotos / @luislouro

Technical Storytelling – Keeping your Audience Awake

When people ask me what I really do for a living, I tell them I’m a storyteller: I listen to people tell how things are, apply my experience and insight to the situation, then tell a story about how we can make the future better. After a recent keynote, I was flattered when several people […]

Continue Reading
2018-09-28 Castle Visit-005-12

Friday Photo – Thanksgiving, turkey, and Cherokee Ranch

Just south of Denver, is the Cherokee Ranch and Castle - one of those hidden gems that you miss unless you go looking for it.  The castle sits on top of a mesa, overlooking the whole front range (I'll share a sunset pano sometime soon).  We had the chance to go visit for the Elk [...]
Continue Reading
(C) Depositphotos / @ooGleb

Beyond SIEM – Next Generation Security Analytics

I’ve written before that security is fundamentally an information management problem. It’s about having good sensors and instrumentation in the environment, having that information flow to a central repository where anomalies can be identified, and then being able to take action on it back in the environment. That’s traditionally be done through a SIEM solution, […]

Continue Reading