CIS Controls Implementation Guide The CIS Controls Implementation Guide was recently released by the Center for Internet Security (CIS), the home of CIS Controls directly mapped to their CIS Controls. It is focused on actionable steps that can be taken right now to assess and improve cyber security posture and preparedness, particularly in small and medium-sized […]
Blog
What is the State of Your Union?
Regularly the President of the United States delivers the State of the Union address. This practice “fulfills rules in Article II, Section 3 of the U.S. Constitution, requiring the President to periodically give Congress information on the “state of the union” and recommend any measures that he believes are necessary and expedient.”. What if you […]
Look in the Rear View Mirror
Look in the Rear View Mirror How often do you look in the rear view mirror? With two new drivers in my home, I am training them to occasionally look in their car’s rearview mirror as an effective way to increase their situational awareness when driving. What if this principle were applied to hardware and […]
What Can You Learn On Your Own?
I recently posted the below on the SANS Internet Storm Center. We are all privileged to work in the field of information security. We also carry the responsibility to keep current in our chosen profession. Regularly I hear from fellow colleagues who want to learn something, but do not have a training budget, feel powerless and sometimes give up. I would like to share several […]
KNOW before NO
KNOW before NO A good friend told me an engaged information security professional leads with the KNOW instead of the NO. This comment struck me and has resonated well for the last several years. It has encouraged me to better understand the desires of the business areas in an attempt to avoid the perception of […]
Distraction as a Service
I recently posted the below on the SANS Internet Storm Center. Have you noticed that some security projects never seem to get finished? Despite the best of intentions, often times they linger, sometimes for years. I believe that distractions play a role in security projects being delayed and ultimately never being completed. If not monitored closely, nothing will […]