2012-08 Yellowstone-1395

Don’t Poke the Buffalo

Ranchers know that there’s little that can stop a determined buffalo – barbed wire is at best a suggestion. That’s why taunting or poking one is just a bad idea (the guy in Yellowstone recently was extremely lucky). Malicious actors can be a bit like that too – that’s why I’ve written before that ‘hacking back’ is [...]
Continue Reading
(c) Dreamstime / Mosich.com

How much should you spend on security?

I regularly get asked by new CISOs for information – benchmarks – on how much organizations like theirs should spend on security. That’s a deceptively simple question, and while there’s plenty of surveys that you can reference, none of them provide more than a rough starting point – there’s just too many variables.

Continue Reading
(C) Depositphotos / Ysign

Disaster Recovery isn’t Security Recovery

I had an interesting conversation about data integrity attacks recently. Those involve altering records, rather than stealing them. The initial reaction was that they’d just restore from backup (like a disaster recovery plan). When I pointed out that most advanced attacks are in the environment for months before discovery, the light bulb went off: You […]

Continue Reading
2010-07-23 Alaska Day 3-695

Friday Photo: Summer on an Alaskan Beach

We set out from Valdez for a day-long cruise into Prince William Sound on the Lulu Belle (highly recommended if you're there).  It was a beautiful day, crisp and cold - just like how I enjoy July, when we came upon these guys sunning themselves on a classic "Alaskan Beach".  They looked at the crazy [...]
Continue Reading
(C) Depositphotos / @ filmfoto

Blockchain: One strong link doesn’t make a strong chain

I’ve written before about the hype around AI, where there’s lots of potential, a ton of smoke and mirrors, and a few real things. Blockchain is right there contending for the king of the mountain. So what’s real, what’s hype, what’s plain dumb, and what isn’t anyone really talking about?

Continue Reading
20061025-Hawaii-676

Friday Photo – Hawaiian Runoff

As I started getting more serious about taking photographs, I started geotagging them so I could both return to the site and remember where it was!  This image is from somewhere on the North shore of Oahu.  As I recall there'd been a rainstorm that morning, and the waters were turbulent and muddy.  The flower [...]
Continue Reading
(C) Depositphotos / @ efks

Business stakeholders need the full story

There’s a lot of talk about aligning security programs and business or functional goals, but in practice, that’s much easier “powerpointed” than done.  Business consequences of security decisions, and security consequences of business decisions in the broader context are all too often missed or ignored, sometimes even deliberately.   As Obi-Wan said to Luke, “What I […]

Continue Reading
2017-11 Estes Park-379

Friday Photo: Elk in Estes

Elk are everywhere around Estes Park, Colorado.  It's one of our favorite quick get aways, especially off season.  We were just leaving town headed home, and this herd was across the road.  Bad lighting, traffic noise, but a great shot (and right now I'd love to jump in that snow).
Continue Reading
© Depositphotos /  Johan Swanepoel

A CISO, an AI, and a bot walk into a bar….

Over the past few weeks, I’ve been facilitating sessions at Evanta CISO events. If you’re not aware, these are discussions for CISO’s by CISO’s, held around the country and well worth the time. The topic for my sessions was AI & orchestration in cybersecurity, with more than 60 CISOs participating in five cities. While each […]

Continue Reading
(C) Depositphotos / belchonock

Securing your Dessert

(C) Depositphotos / belchonock I have a joy/frustration relationship with Apple.  Their products are amazing and have changed my life, and at the same time some of their design decisions and choices are user hostile (dongles).  Their software usually just works, but when it doesn’t, well, you get Siri. On one point though, their heart [...]
Continue Reading