Over the past few weeks I’ve run across, either personally or via press, case after case of companies with poor security practices. These aren’t small shops like Bob’s Bait and eCommerce site, rather big brand name organizations that have sophisticated security practices. So why do these things continue to happen?
Andy Kessler wrote an op-ed in the Wall Street Journallast week advocating for striking back against every cyberattack. I’ve written before about why that’s a bad idea for private organizations, yet in this case he’s advocating for a government response. While it’s very tempting emotionally, when we step back and look at the options and […]
I had a conversation recently with someone who’s a ‘high value target’ about how to stay safe online and recalled an article earlier this year that a famous actress no longer will take selfies with fans because they include time and location information, as well as what she’s currently wearing. She’s worried about stalkers. While […]
When people ask me what I really do for a living, I tell them I’m a storyteller: I listen to people tell how things are, apply my experience and insight to the situation, then tell a story about how we can make the future better. After a recent keynote, I was flattered when several people […]
I’ve written before that security is fundamentally an information management problem. It’s about having good sensors and instrumentation in the environment, having that information flow to a central repository where anomalies can be identified, and then being able to take action on it back in the environment. That’s traditionally be done through a SIEM solution, […]
I often open a keynote presentation by noting that organizations are undergoing a fundamental shift in security strategy – moving from compliance focused, to a risk based approach. That’s still ongoing, even for large and sophisticated organizations there is still a gravity towards ‘doing it for the audit’, rather than ‘doing it because there’s risk’. […]